Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8d877912-4215-4b48-b81d-327e79f32bfa.roa
File:                     8d877912-4215-4b48-b81d-327e79f32bfa.roa (raw, json)
Hash identifier:          OxhfmePoywwGQmA2T09F+jwxeoG9roCINHVlGttN/Cw=
Subject key identifier:   D7:2D:9E:5C:23:81:A1:E0:3D:DA:A0:FA:ED:96:5B:A4:A2:37:03:1D
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7797BA544A415A4AF5C6964F7C163E51C6DF99D6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8d877912-4215-4b48-b81d-327e79f32bfa.roa
Signing time:             Fri 27 Jan 2023 00:00:00 +0000
ROA not before:           Fri 27 Jan 2023 00:00:00 +0000
ROA not after:            Mon 30 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:97:ba:54:4a:41:5a:4a:f5:c6:96:4f:7c:16:3e:51:c6:df:99:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 27 00:00:00 2023 GMT
            Not After : Jan 30 23:59:59 2023 GMT
        Subject: serialNumber=9643902520304678c8e61d0b1b43f1803f1594494a20a5d5c935cf44b98853fe, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:e7:01:8c:21:cb:4e:83:bc:42:a6:ef:55:d1:
                    40:dc:da:bc:b7:9f:05:f6:83:8d:97:d2:34:be:9b:
                    fc:3c:6c:37:5f:c0:45:f2:58:3c:00:78:ae:fd:26:
                    75:7e:40:87:3f:79:91:10:c8:bf:a0:af:00:67:21:
                    27:7e:8c:be:5a:72:1d:02:55:ce:c8:ea:a7:fb:ce:
                    b8:a3:eb:a2:a7:72:4e:5d:7f:52:39:7f:3d:40:21:
                    75:d2:c8:9f:9a:75:f2:8d:ad:fe:c9:3c:17:13:eb:
                    55:a7:38:72:71:79:a6:9a:f6:d0:ea:1b:0a:e0:e9:
                    b3:7c:a0:dc:62:52:dd:a0:f1:57:6c:bc:4d:cf:58:
                    1d:37:5e:28:c9:53:1a:6e:6a:2a:b1:94:52:ba:b3:
                    cf:0c:72:e8:56:fc:dd:1d:47:b4:12:da:59:57:a7:
                    5c:f2:f1:e5:4c:86:b5:2b:13:0b:6d:87:e2:31:61:
                    97:09:bb:29:60:2a:24:53:ac:f2:d1:ed:70:d7:4f:
                    8a:e7:a2:7d:08:33:06:78:60:3f:12:7a:38:85:85:
                    d4:35:c6:50:64:28:35:b4:55:d7:8a:c2:bc:cc:c1:
                    47:1d:4d:e8:d1:29:a4:f7:aa:65:56:26:af:1d:13:
                    66:04:b6:ae:51:24:81:24:09:e7:c8:66:cd:64:4e:
                    7a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:2D:9E:5C:23:81:A1:E0:3D:DA:A0:FA:ED:96:5B:A4:A2:37:03:1D
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8d877912-4215-4b48-b81d-327e79f32bfa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:f3:c4:2b:0c:a6:9f:f9:9e:f6:c7:f2:e6:1a:dd:36:44:13:
         13:e2:fe:f8:e0:94:27:68:ef:17:bf:9b:25:60:e3:52:68:28:
         eb:2f:44:d3:9c:d9:1d:db:70:32:af:c9:a9:a1:ad:2f:bf:32:
         0e:bc:22:e3:e4:24:7f:76:54:79:7d:1a:98:ff:9b:1d:21:0f:
         04:3e:74:b3:d7:62:8b:29:74:1d:95:76:97:cb:21:7d:e6:bd:
         bd:c1:fe:2f:25:ad:64:f3:29:9b:61:be:cf:8e:51:91:82:bc:
         6f:67:3b:70:2d:58:95:12:36:41:42:a1:53:2b:d3:05:27:a7:
         36:02:b5:49:25:b0:e8:60:16:85:29:c6:15:10:32:e4:f4:62:
         68:c2:c8:64:3e:33:86:df:28:31:75:bb:dc:70:aa:5b:c7:fc:
         fb:4e:5e:56:19:e3:6f:15:10:9b:73:6b:8f:63:b6:da:76:d4:
         0f:87:18:1e:84:72:fb:81:e6:67:de:de:23:af:06:00:be:0a:
         fc:3b:2a:7b:59:57:e3:56:fd:f0:fc:7c:13:21:53:0d:f8:ee:
         45:c1:b8:f4:9d:d7:c2:c0:69:b3:e6:05:c2:0a:f1:c5:35:01:
         d4:fa:de:ff:ab:c1:57:27:1b:02:b2:c8:eb:f8:9f:17:87:47:
         ca:1a:84:66
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUd5e6VEpBWkr1xpZPfBY+UcbfmdYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTI3MDAwMDAwWhcNMjMwMTMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTY0MzkwMjUyMDMwNDY3OGM4ZTYxZDBiMWI0M2YxODAz
ZjE1OTQ0OTRhMjBhNWQ1YzkzNWNmNDRiOTg4NTNmZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIfnAYwhy06DvEKm71XRQNzavLefBfaDjZfSNL6b/DxsN1/ARfJY
PAB4rv0mdX5Ahz95kRDIv6CvAGchJ36MvlpyHQJVzsjqp/vOuKProqdyTl1/Ujl/
PUAhddLIn5p18o2t/sk8FxPrVac4cnF5ppr20OobCuDps3yg3GJS3aDxV2y8Tc9Y
HTdeKMlTGm5qKrGUUrqzzwxy6Fb83R1HtBLaWVenXPLx5UyGtSsTC22H4jFhlwm7
KWAqJFOs8tHtcNdPiueifQgzBnhgPxJ6OIWF1DXGUGQoNbRV14rCvMzBRx1N6NEp
pPeqZVYmrx0TZgS2rlEkgSQJ58hmzWROehsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTXLZ5cI4Gh4D3aoPrtllukojcDHTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGQ4Nzc5MTItNDIxNS00YjQ4LWI4MWQtMzI3ZTc5ZjMyYmZhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAHzxCsMpp/5nvbH
8uYa3TZEExPi/vjglCdo7xe/myVg41JoKOsvRNOc2R3bcDKvyamhrS+/Mg68IuPk
JH92VHl9Gpj/mx0hDwQ+dLPXYospdB2VdpfLIX3mvb3B/i8lrWTzKZthvs+OUZGC
vG9nO3AtWJUSNkFCoVMr0wUnpzYCtUklsOhgFoUpxhUQMuT0YmjCyGQ+M4bfKDF1
u9xwqlvH/PtOXlYZ428VEJtza49jttp21A+HGB6EcvuB5mfe3iOvBgC+Cvw7KntZ
V+NW/fD8fBMhUw347kXBuPSd18LAabPmBcIK8cU1AdT63v+rwVcnGwKyyOv4nxeH
R8oahGY=
-----END CERTIFICATE-----