Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e99543c-441a-4423-aca9-79f31422548c.roa
File:                     8e99543c-441a-4423-aca9-79f31422548c.roa (raw, json)
Hash identifier:          qodSAQhlGp07BZhdCvYmSbljG/v2/PeEM6oKnFrBWg4=
Subject key identifier:   C9:74:54:E1:5F:B9:6C:84:D9:5E:E5:65:92:74:EA:ED:F7:BC:10:0C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       29818566B6B2F43DAD946390733C75C8F6DD6F4C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e99543c-441a-4423-aca9-79f31422548c.roa
Signing time:             Thu 23 Mar 2023 00:00:00 +0000
ROA not before:           Thu 23 Mar 2023 00:00:00 +0000
ROA not after:            Sun 26 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:81:85:66:b6:b2:f4:3d:ad:94:63:90:73:3c:75:c8:f6:dd:6f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 23 00:00:00 2023 GMT
            Not After : Mar 26 23:59:59 2023 GMT
        Subject: serialNumber=92327707bf1a3a4d42d24dd1c7acd7bc8caa4a635262219d595f2258ebaa67aa, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:32:1a:41:3f:26:66:33:6a:66:89:7a:f5:5e:
                    4f:ab:15:30:b9:8d:e1:62:d5:7e:18:12:d6:06:c6:
                    70:2f:f6:ea:93:1d:14:b8:ff:fa:7a:87:f9:a1:d8:
                    8b:23:cf:1f:c9:1a:b4:61:85:eb:b1:66:85:e6:f5:
                    08:a5:34:12:5d:dd:4a:1d:fb:4c:16:58:71:1a:6b:
                    ef:f1:c2:da:48:b6:fd:1b:85:fb:08:e5:9c:7a:a4:
                    d8:1c:cd:2d:c8:51:d2:49:33:84:84:3f:0c:88:08:
                    a9:1d:8b:63:fe:2d:58:04:60:49:c7:18:70:24:65:
                    06:76:f8:3a:23:89:87:d3:9e:54:de:ac:f0:df:9c:
                    ef:cd:67:35:1d:6d:bc:1e:26:df:fe:61:91:4d:c6:
                    ff:06:91:d7:c2:f1:09:13:cd:f5:28:b2:ed:83:14:
                    33:f4:1f:9f:eb:b6:ff:cf:37:13:3c:fe:61:29:71:
                    e5:6d:81:00:20:ff:3c:27:5b:64:41:ee:42:97:c4:
                    14:ca:98:e9:f2:20:98:b9:07:46:db:36:99:bf:a8:
                    0c:ff:79:cd:9b:e6:74:82:d0:08:3d:92:a9:58:97:
                    10:db:76:63:3d:3f:da:bb:d8:63:2e:b3:27:39:2a:
                    3f:82:d9:45:2b:c2:51:22:a9:5f:ed:08:c0:99:8f:
                    28:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:74:54:E1:5F:B9:6C:84:D9:5E:E5:65:92:74:EA:ED:F7:BC:10:0C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e99543c-441a-4423-aca9-79f31422548c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:98:49:57:fe:b2:24:cd:0a:8c:13:27:51:b6:06:62:04:06:
         82:9a:0b:df:a4:71:48:61:23:d8:82:4f:8f:41:69:e6:12:5b:
         c9:a8:de:36:b1:5a:e0:fd:08:c6:c5:2a:3e:64:5d:19:c3:66:
         d2:b0:59:9b:cf:e2:72:68:6d:5e:01:0b:5c:55:36:49:01:8c:
         6a:07:c3:22:49:30:25:35:d6:58:e4:d8:0a:ec:31:fd:4a:8c:
         f4:c7:d9:b8:60:03:60:67:56:82:b2:03:ab:6e:59:c3:c6:86:
         0a:f7:0f:a0:e6:cd:ad:3f:e7:7b:48:d1:b6:b3:0c:51:20:d5:
         0d:85:7e:0a:fa:70:f3:26:75:22:8d:73:cd:88:fc:87:0a:a7:
         76:49:9f:96:b2:d2:08:9d:83:47:56:c8:82:24:b6:7c:22:20:
         45:f2:7e:a7:a3:da:7e:00:aa:1e:a5:f7:94:fb:4c:cd:7d:8a:
         a3:66:07:46:6e:11:26:e5:d1:e8:2a:0a:e1:4c:07:aa:6f:26:
         cf:85:ee:73:8d:1b:36:29:0f:33:38:ce:a9:8c:f1:c5:17:1c:
         76:75:7f:69:b6:c6:36:64:ca:a7:93:b9:c7:af:01:36:88:b5:
         b4:04:2b:0a:a3:9e:10:62:a3:8a:7f:00:4f:92:c0:f4:4b:07:
         50:d4:3c:82
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKYGFZray9D2tlGOQczx1yPbdb0wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIzMDAwMDAwWhcNMjMwMzI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTIzMjc3MDdiZjFhM2E0ZDQyZDI0ZGQxYzdhY2Q3YmM4
Y2FhNGE2MzUyNjIyMTlkNTk1ZjIyNThlYmFhNjdhYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK8yGkE/JmYzamaJevVeT6sVMLmN4WLVfhgS1gbGcC/26pMdFLj/
+nqH+aHYiyPPH8katGGF67Fmheb1CKU0El3dSh37TBZYcRpr7/HC2ki2/RuF+wjl
nHqk2BzNLchR0kkzhIQ/DIgIqR2LY/4tWARgSccYcCRlBnb4OiOJh9OeVN6s8N+c
781nNR1tvB4m3/5hkU3G/waR18LxCRPN9Siy7YMUM/Qfn+u2/883Ezz+YSlx5W2B
ACD/PCdbZEHuQpfEFMqY6fIgmLkHRts2mb+oDP95zZvmdILQCD2SqViXENt2Yz0/
2rvYYy6zJzkqP4LZRSvCUSKpX+0IwJmPKKUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTJdFThX7lshNle5WWSdOrt97wQDDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGU5OTU0M2MtNDQxYS00NDIzLWFjYTktNzlmMzE0MjI1NDhjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADKYSVf+siTNCowT
J1G2BmIEBoKaC9+kcUhhI9iCT49BaeYSW8mo3jaxWuD9CMbFKj5kXRnDZtKwWZvP
4nJobV4BC1xVNkkBjGoHwyJJMCU11ljk2ArsMf1KjPTH2bhgA2BnVoKyA6tuWcPG
hgr3D6Dmza0/53tI0bazDFEg1Q2Ffgr6cPMmdSKNc82I/IcKp3ZJn5ay0gidg0dW
yIIktnwiIEXyfqej2n4Aqh6l95T7TM19iqNmB0ZuESbl0egqCuFMB6pvJs+F7nON
GzYpDzM4zqmM8cUXHHZ1f2m2xjZkyqeTucevATaItbQEKwqjnhBio4p/AE+SwPRL
B1DUPII=
-----END CERTIFICATE-----