Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e1b2950-be7e-4f9e-a958-4f4754f58039.roa
File:                     8e1b2950-be7e-4f9e-a958-4f4754f58039.roa (raw, json)
Hash identifier:          2p5IDnOmbNcv7pwSvCVeKwcExYsl/hf0ebKUBgxAVqc=
Subject key identifier:   74:15:4F:95:11:9E:0D:8B:73:12:44:67:8B:76:B7:0C:EF:DB:0F:D4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       065A7485D87653C1FEBC05C26C85F31036F319AF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e1b2950-be7e-4f9e-a958-4f4754f58039.roa
Signing time:             Sun 16 Apr 2023 00:00:00 +0000
ROA not before:           Sun 16 Apr 2023 00:00:00 +0000
ROA not after:            Wed 19 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:5a:74:85:d8:76:53:c1:fe:bc:05:c2:6c:85:f3:10:36:f3:19:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 16 00:00:00 2023 GMT
            Not After : Apr 19 23:59:59 2023 GMT
        Subject: serialNumber=aa9968535dfa5b9854da2b3b162e30d177437aa7fbbf4ac6091037b9b880c05d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:17:de:dc:85:73:70:41:8a:75:b4:e6:6e:ef:
                    92:53:bb:98:7a:7e:46:3d:94:7b:43:43:c8:10:8b:
                    58:32:3f:8b:64:58:28:6c:60:8c:ce:54:eb:0d:53:
                    c6:44:25:ff:63:44:9e:19:22:de:f6:5b:f4:14:9d:
                    5e:b6:3f:97:78:e9:86:ed:2d:72:10:8b:de:15:f3:
                    5d:78:51:ac:23:6c:11:b3:a2:9f:e8:a9:c5:2e:fe:
                    88:87:1b:3f:a7:ae:dc:e3:66:39:46:d5:8b:01:80:
                    7e:9a:b4:7b:da:d4:2d:0f:26:f0:a6:33:61:c9:1f:
                    92:e3:eb:74:f7:94:9d:c7:27:14:b0:2b:aa:66:95:
                    d7:cd:41:82:8c:6f:b5:0d:56:0b:66:97:71:e5:5c:
                    ca:1e:4f:e3:da:9b:55:b3:b7:b5:57:17:b7:f0:69:
                    03:15:64:02:07:7b:59:8f:52:7c:77:cf:d3:0e:ff:
                    e8:50:78:d6:28:50:80:c3:92:46:5a:79:ae:54:58:
                    f1:22:63:0d:98:60:2f:9a:08:c8:d8:4b:ed:9e:1a:
                    c6:99:e0:17:41:79:3b:37:3c:f6:d8:07:c8:41:b8:
                    46:ac:c1:41:0f:ae:bb:6f:80:c1:4c:8e:6e:3c:f8:
                    c5:75:c5:05:d0:3b:6e:14:ad:95:e8:f8:2e:aa:e6:
                    3e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:15:4F:95:11:9E:0D:8B:73:12:44:67:8B:76:B7:0C:EF:DB:0F:D4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e1b2950-be7e-4f9e-a958-4f4754f58039.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:30:90:60:9a:e3:e5:74:51:7f:2c:2c:1c:3b:fd:3b:eb:c2:
         53:c6:b5:62:2e:ac:ea:c3:d9:0c:63:27:99:83:d8:12:d2:3a:
         fe:62:10:62:33:8d:25:ca:48:92:df:c0:f2:42:54:4f:6a:c4:
         15:8d:53:d4:e3:12:e2:43:be:93:46:27:5a:c0:05:fb:8b:3e:
         49:a5:64:d1:af:f6:5a:bf:e8:8f:46:0d:56:3e:51:19:ad:ab:
         8c:3b:48:d7:9e:cc:b5:c2:cf:fe:6a:49:a2:11:61:6c:53:2a:
         9b:56:7e:23:fd:a2:8f:a6:c3:47:70:96:d9:f6:2d:41:bb:91:
         a2:db:ae:44:41:7e:b3:ec:17:ed:3e:18:4a:39:84:c8:2a:a3:
         b7:53:6a:93:77:9d:f5:02:ca:00:ab:b0:19:ce:a0:02:bf:a8:
         b4:5f:10:e1:9b:c2:0d:31:01:39:1c:8e:3f:d6:dc:94:db:d5:
         93:65:4c:45:10:99:06:0c:68:d9:db:a7:18:6b:48:3a:0f:20:
         c4:65:56:8f:a6:e3:0f:0b:fb:00:24:49:8c:12:13:3e:95:6e:
         62:5c:6a:9f:e6:93:6d:ce:89:b0:fa:34:68:91:dd:bd:8e:92:
         67:01:af:6b:c8:a5:54:b9:f2:af:40:70:32:fc:d7:d3:28:d8:
         d9:ef:ac:9b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBlp0hdh2U8H+vAXCbIXzEDbzGa8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE2MDAwMDAwWhcNMjMwNDE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWE5OTY4NTM1ZGZhNWI5ODU0ZGEyYjNiMTYyZTMwZDE3
NzQzN2FhN2ZiYmY0YWM2MDkxMDM3YjliODgwYzA1ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMoX3tyFc3BBinW05m7vklO7mHp+Rj2Ue0NDyBCLWDI/i2RYKGxg
jM5U6w1TxkQl/2NEnhki3vZb9BSdXrY/l3jphu0tchCL3hXzXXhRrCNsEbOin+ip
xS7+iIcbP6eu3ONmOUbViwGAfpq0e9rULQ8m8KYzYckfkuPrdPeUnccnFLArqmaV
181BgoxvtQ1WC2aXceVcyh5P49qbVbO3tVcXt/BpAxVkAgd7WY9SfHfP0w7/6FB4
1ihQgMOSRlp5rlRY8SJjDZhgL5oIyNhL7Z4axpngF0F5Ozc89tgHyEG4RqzBQQ+u
u2+AwUyObjz4xXXFBdA7bhStlej4LqrmPpcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR0FU+VEZ4Ni3MSRGeLdrcM79sP1DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGUxYjI5NTAtYmU3ZS00ZjllLWE5NTgtNGY0NzU0ZjU4MDM5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHkwkGCa4+V0UX8s
LBw7/TvrwlPGtWIurOrD2QxjJ5mD2BLSOv5iEGIzjSXKSJLfwPJCVE9qxBWNU9Tj
EuJDvpNGJ1rABfuLPkmlZNGv9lq/6I9GDVY+URmtq4w7SNeezLXCz/5qSaIRYWxT
KptWfiP9oo+mw0dwltn2LUG7kaLbrkRBfrPsF+0+GEo5hMgqo7dTapN3nfUCygCr
sBnOoAK/qLRfEOGbwg0xATkcjj/W3JTb1ZNlTEUQmQYMaNnbpxhrSDoPIMRlVo+m
4w8L+wAkSYwSEz6VbmJcap/mk23OibD6NGiR3b2OkmcBr2vIpVS58q9AcDL819Mo
2NnvrJs=
-----END CERTIFICATE-----