Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8fd42f68-09a6-489c-8f30-297646761b6c.roa
File:                     8fd42f68-09a6-489c-8f30-297646761b6c.roa (raw, json)
Hash identifier:          ZARTdnvGe9RppCok77zZ8n/lA632DcIe+RMtb3zFJsk=
Subject key identifier:   D4:B0:57:34:84:52:06:07:15:FC:B4:E1:2B:C1:0B:88:0B:D2:03:26
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       51B3506A734A7A66109B251E72659DCAB8F17A77
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8fd42f68-09a6-489c-8f30-297646761b6c.roa
Signing time:             Sat 15 Apr 2023 00:00:00 +0000
ROA not before:           Sat 15 Apr 2023 00:00:00 +0000
ROA not after:            Tue 18 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:b3:50:6a:73:4a:7a:66:10:9b:25:1e:72:65:9d:ca:b8:f1:7a:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 15 00:00:00 2023 GMT
            Not After : Apr 18 23:59:59 2023 GMT
        Subject: serialNumber=7a9eabba260d433489eb1a0e7980ce85079cb6c5aacf57f3dab19c30fca724e9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c7:fc:6b:50:31:1c:17:df:6b:fa:35:50:26:
                    f0:5a:ef:2e:cf:f5:cb:9c:b5:37:0f:2a:7f:ef:59:
                    d9:ec:9d:94:4e:be:e7:b4:9e:94:64:0e:03:28:3f:
                    2d:de:b2:64:85:3c:8c:22:3b:07:ce:fb:1d:ef:87:
                    f8:ed:98:e5:1e:fb:bd:48:aa:b3:35:07:a1:ac:e7:
                    6c:1e:4a:da:1d:31:ac:0c:31:39:f7:5a:3b:6a:a4:
                    0e:9a:55:37:95:20:40:06:93:a6:34:36:d3:55:b0:
                    44:a0:fa:0c:24:c1:f2:7d:77:17:66:d7:ce:cf:e2:
                    9b:9d:3b:a3:f5:26:e9:42:f6:4e:d2:a1:dd:75:c9:
                    78:70:a0:ba:54:ee:e0:64:5a:46:ee:7f:8e:00:9f:
                    d4:1c:32:91:59:31:26:25:af:6c:1a:9f:1b:5e:12:
                    5d:b8:cd:39:09:79:3f:e7:d5:8d:19:38:54:49:58:
                    93:b8:47:a1:bb:1e:2c:b7:b1:33:5b:7a:67:6c:d8:
                    fe:ea:7c:e9:c0:1d:5a:37:fb:42:4d:ed:80:78:95:
                    dd:c8:d3:6d:2a:23:2b:10:38:04:6d:cd:82:69:a1:
                    8a:8c:41:6f:ca:9f:79:2f:46:25:ff:35:48:a3:7f:
                    5a:ab:3a:88:79:f0:ef:7a:e1:4f:a2:53:cb:49:15:
                    53:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B0:57:34:84:52:06:07:15:FC:B4:E1:2B:C1:0B:88:0B:D2:03:26
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8fd42f68-09a6-489c-8f30-297646761b6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:6d:0e:82:f5:0f:f8:3b:2a:e2:37:7d:30:b1:99:33:b3:c5:
         71:23:53:15:41:4d:e7:a5:db:1e:1e:14:f5:32:91:80:a5:e7:
         2c:fb:fe:9d:31:09:03:47:c5:be:d1:fa:0a:dd:02:86:65:83:
         3e:d7:07:96:c9:29:02:cf:6b:e8:5c:c4:8c:2d:10:0d:bb:d3:
         2b:3e:d6:92:2c:a9:d9:42:8e:13:60:33:f8:16:ef:90:94:f4:
         d4:e0:a5:32:e9:b0:f4:f1:f0:8a:b2:e0:78:44:3c:fb:0a:e2:
         eb:7c:ff:03:8e:0b:0a:d7:bd:12:03:8c:bb:c7:9d:79:6e:e0:
         31:34:ee:18:b3:3c:c4:bd:0c:45:ff:b0:3b:e3:1c:06:eb:62:
         38:2c:29:c1:7f:df:92:1d:77:54:d1:c8:2f:c2:c7:3c:b9:45:
         51:fb:ab:a5:56:27:30:dc:8e:4e:80:1c:fa:33:7f:29:23:e4:
         a7:ff:6c:1f:d8:2f:11:d8:7c:ae:1b:37:b2:8c:0f:7f:f0:14:
         26:e4:be:c7:ad:5f:58:62:28:56:78:d2:bd:95:ab:27:52:77:
         6e:ef:1a:d7:95:41:ef:16:54:37:93:3a:37:e4:e1:71:37:c5:
         19:c2:25:76:db:40:b3:33:7d:31:0f:56:f3:4c:d6:a5:b0:65:
         e5:19:35:1f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUbNQanNKemYQmyUecmWdyrjxencwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE1MDAwMDAwWhcNMjMwNDE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAN2E5ZWFiYmEyNjBkNDMzNDg5ZWIxYTBlNzk4MGNlODUw
NzljYjZjNWFhY2Y1N2YzZGFiMTljMzBmY2E3MjRlOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMLH/GtQMRwX32v6NVAm8FrvLs/1y5y1Nw8qf+9Z2eydlE6+57Se
lGQOAyg/Ld6yZIU8jCI7B877He+H+O2Y5R77vUiqszUHoaznbB5K2h0xrAwxOfda
O2qkDppVN5UgQAaTpjQ201WwRKD6DCTB8n13F2bXzs/im507o/Um6UL2TtKh3XXJ
eHCgulTu4GRaRu5/jgCf1BwykVkxJiWvbBqfG14SXbjNOQl5P+fVjRk4VElYk7hH
obseLLexM1t6Z2zY/up86cAdWjf7Qk3tgHiV3cjTbSojKxA4BG3NgmmhioxBb8qf
eS9GJf81SKN/Wqs6iHnw73rhT6JTy0kVU5MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTUsFc0hFIGBxX8tOErwQuIC9IDJjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGZkNDJmNjgtMDlhNi00ODljLThmMzAtMjk3NjQ2NzYxYjZjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ5tDoL1D/g7KuI3
fTCxmTOzxXEjUxVBTeel2x4eFPUykYCl5yz7/p0xCQNHxb7R+grdAoZlgz7XB5bJ
KQLPa+hcxIwtEA270ys+1pIsqdlCjhNgM/gW75CU9NTgpTLpsPTx8Iqy4HhEPPsK
4ut8/wOOCwrXvRIDjLvHnXlu4DE07hizPMS9DEX/sDvjHAbrYjgsKcF/35Idd1TR
yC/Cxzy5RVH7q6VWJzDcjk6AHPozfykj5Kf/bB/YLxHYfK4bN7KMD3/wFCbkvset
X1hiKFZ40r2VqydSd27vGteVQe8WVDeTOjfk4XE3xRnCJXbbQLMzfTEPVvNM1qWw
ZeUZNR8=
-----END CERTIFICATE-----