Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8de52634-2511-4fd2-85a2-e670913e6aee.roa
File:                     8de52634-2511-4fd2-85a2-e670913e6aee.roa (raw, json)
Hash identifier:          aa/k0u38y7NH2G53WnGOAr07rBm7Q2B86xTOMYIg5K0=
Subject key identifier:   44:2D:B6:89:48:CC:6E:5A:79:E0:3E:46:8C:7A:E6:77:E1:52:16:00
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       020BE9F262791B4677D03AAA1546D066F5639C5B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8de52634-2511-4fd2-85a2-e670913e6aee.roa
Signing time:             Tue 28 Mar 2023 00:00:00 +0000
ROA not before:           Tue 28 Mar 2023 00:00:00 +0000
ROA not after:            Fri 31 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:0b:e9:f2:62:79:1b:46:77:d0:3a:aa:15:46:d0:66:f5:63:9c:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 28 00:00:00 2023 GMT
            Not After : Mar 31 23:59:59 2023 GMT
        Subject: serialNumber=aeb099d17ab9cad70b03b249a359be31b80e93de46d842fec8ca25f82b466c83, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:9a:77:c9:93:13:89:fd:76:83:c6:18:2d:c0:
                    3e:02:6a:c6:3b:8e:9f:2e:4e:95:75:28:1b:a2:09:
                    7b:ec:2d:71:c7:77:9e:40:d1:58:63:72:3a:e7:6b:
                    0a:75:d3:26:68:17:18:39:bd:46:fe:13:2e:c8:7b:
                    4a:f8:5e:d3:27:fc:0b:d8:fb:b7:8e:8d:e9:c7:1d:
                    48:36:f0:33:83:f9:f8:14:81:c6:d0:4c:a9:54:46:
                    aa:c3:cd:db:b7:8b:62:c0:5a:55:51:1a:c2:ae:22:
                    c7:4b:0d:ec:d4:38:6a:71:03:d1:d6:a9:e3:29:37:
                    57:ce:d8:59:53:d9:58:d7:d8:60:20:4f:be:da:1e:
                    be:1e:f0:1b:d7:2f:33:01:86:eb:15:75:42:b0:09:
                    c9:99:a7:77:68:9c:ac:b2:e3:f2:e3:5e:fe:41:d5:
                    d6:cf:d3:be:77:98:24:80:3e:7d:b4:18:8d:18:91:
                    98:e8:f8:c7:51:d1:d7:cb:74:cb:8e:3b:a8:a7:56:
                    ea:44:19:34:55:06:c4:63:59:cb:11:e2:cc:00:ae:
                    91:c4:f7:4b:9d:4a:1e:bd:4c:36:e2:e7:42:00:ca:
                    10:35:74:a2:dc:b1:dd:41:4e:46:15:f8:79:36:f7:
                    e7:29:56:70:ed:f9:49:c5:7b:37:e3:04:18:86:d6:
                    07:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:2D:B6:89:48:CC:6E:5A:79:E0:3E:46:8C:7A:E6:77:E1:52:16:00
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8de52634-2511-4fd2-85a2-e670913e6aee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:eb:da:27:fb:25:f3:03:61:fb:f5:6c:35:15:6d:4d:27:16:
         13:d7:2f:ed:30:24:58:8b:15:a4:17:ad:49:f1:44:f8:a2:88:
         c1:9d:24:6a:7a:dd:03:8c:35:ba:55:2b:29:d8:68:00:e8:4f:
         ec:7e:9e:74:bc:8b:b5:c6:02:8e:4c:66:de:cb:a5:6c:12:a7:
         50:75:66:05:82:c4:2b:2c:6e:52:43:db:d9:e8:c5:e6:89:bd:
         a1:d2:1e:e1:ed:46:3b:1a:d6:f2:19:92:fc:b9:ad:82:c0:e3:
         cf:82:09:3a:f0:fe:45:5b:1f:24:4e:d0:23:a1:95:e9:f5:80:
         43:42:eb:8e:b0:a3:cb:8d:69:90:81:98:95:ca:26:5d:41:41:
         ae:1d:bf:51:f5:ae:26:99:ad:ae:52:b1:48:d9:fb:ea:32:fd:
         91:2e:70:b4:f0:be:aa:38:d3:25:7f:ba:3b:5e:86:8b:db:87:
         a7:5b:c8:64:fe:d1:39:3c:4a:c7:45:95:d8:f8:a6:db:e3:5d:
         a4:e5:a1:75:eb:36:52:0f:3e:5c:53:d7:0d:4b:1a:fe:77:6e:
         d4:f5:c4:78:fa:6c:a0:b2:63:6b:14:82:94:01:80:a4:39:24:
         16:f1:a3:df:40:ad:c4:1c:f4:a0:d9:2e:2b:69:b0:36:6b:2f:
         c2:79:61:ee
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAgvp8mJ5G0Z30DqqFUbQZvVjnFswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI4MDAwMDAwWhcNMjMwMzMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWViMDk5ZDE3YWI5Y2FkNzBiMDNiMjQ5YTM1OWJlMzFi
ODBlOTNkZTQ2ZDg0MmZlYzhjYTI1ZjgyYjQ2NmM4MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANGad8mTE4n9doPGGC3APgJqxjuOny5OlXUoG6IJe+wtccd3nkDR
WGNyOudrCnXTJmgXGDm9Rv4TLsh7Svhe0yf8C9j7t46N6ccdSDbwM4P5+BSBxtBM
qVRGqsPN27eLYsBaVVEawq4ix0sN7NQ4anED0dap4yk3V87YWVPZWNfYYCBPvtoe
vh7wG9cvMwGG6xV1QrAJyZmnd2icrLLj8uNe/kHV1s/TvneYJIA+fbQYjRiRmOj4
x1HR18t0y447qKdW6kQZNFUGxGNZyxHizACukcT3S51KHr1MNuLnQgDKEDV0otyx
3UFORhX4eTb35ylWcO35ScV7N+MEGIbWB2ECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRELbaJSMxuWnngPkaMeuZ34VIWADAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGRlNTI2MzQtMjUxMS00ZmQyLTg1YTItZTY3MDkxM2U2YWVlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFTr2if7JfMDYfv1
bDUVbU0nFhPXL+0wJFiLFaQXrUnxRPiiiMGdJGp63QOMNbpVKynYaADoT+x+nnS8
i7XGAo5MZt7LpWwSp1B1ZgWCxCssblJD29noxeaJvaHSHuHtRjsa1vIZkvy5rYLA
48+CCTrw/kVbHyRO0COhlen1gENC646wo8uNaZCBmJXKJl1BQa4dv1H1riaZra5S
sUjZ++oy/ZEucLTwvqo40yV/ujtehovbh6dbyGT+0Tk8SsdFldj4ptvjXaTloXXr
NlIPPlxT1w1LGv53btT1xHj6bKCyY2sUgpQBgKQ5JBbxo99ArcQc9KDZLitpsDZr
L8J5Ye4=
-----END CERTIFICATE-----