Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/907ec784-9e11-4f41-9908-052ff99a1c97.roa
File:                     907ec784-9e11-4f41-9908-052ff99a1c97.roa (raw, json)
Hash identifier:          BT3UDhTIRHJmWig9SxGQKj23EL5IElescK4Wd1XvHqo=
Subject key identifier:   A8:CC:25:65:D7:56:10:B0:EF:7C:10:C5:B5:57:9B:E3:86:46:CC:59
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       46D7B0AF5A47D8D74F517813341C906023076A63
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/907ec784-9e11-4f41-9908-052ff99a1c97.roa
Signing time:             Fri 24 Mar 2023 00:00:00 +0000
ROA not before:           Fri 24 Mar 2023 00:00:00 +0000
ROA not after:            Mon 27 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:d7:b0:af:5a:47:d8:d7:4f:51:78:13:34:1c:90:60:23:07:6a:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 24 00:00:00 2023 GMT
            Not After : Mar 27 23:59:59 2023 GMT
        Subject: serialNumber=b576ba8f6ed36c3e34a9b7e216399a5f6b32daf6bf35fd9f6dae55a908bcd4e3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6d:43:f7:01:59:74:54:42:1b:e9:2b:b8:e2:
                    63:55:a5:53:a5:2c:a6:82:70:7e:70:e3:90:4a:30:
                    a2:d9:8e:be:0f:1d:95:66:84:d1:ab:92:5b:77:44:
                    9b:78:a9:37:2c:75:be:43:e6:3a:20:8c:d7:8d:42:
                    30:e5:a1:f1:f6:5a:4c:bd:12:61:93:ba:72:36:30:
                    26:e1:c8:55:4f:5c:02:19:6b:4b:38:ce:06:ed:a5:
                    86:5b:6a:09:55:2e:ed:b4:a0:02:de:43:af:f3:3c:
                    10:3e:53:77:71:3a:79:58:25:74:eb:d7:30:df:c6:
                    e8:9d:ff:14:0f:2d:85:f9:55:48:b5:be:16:55:c6:
                    33:f2:46:35:76:47:a7:c1:06:9e:06:eb:07:84:e8:
                    b8:4e:d9:ff:cf:11:cb:10:c1:e7:a5:63:ae:c6:b1:
                    8b:e3:7a:6d:af:03:53:b0:4b:f7:29:3e:88:49:04:
                    8b:54:69:e9:25:9f:1c:e2:08:af:0d:2c:fc:1b:14:
                    48:d0:00:56:8d:5d:70:d9:cb:ae:a0:eb:04:40:43:
                    3c:7f:27:5a:c5:80:98:77:0f:07:dc:d5:d7:d0:98:
                    93:06:ab:9d:7c:dc:f1:5c:0b:37:3f:1d:f0:21:de:
                    d7:09:ea:d9:67:3c:f9:9e:9b:6b:32:b9:6f:2e:8b:
                    7c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:CC:25:65:D7:56:10:B0:EF:7C:10:C5:B5:57:9B:E3:86:46:CC:59
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/907ec784-9e11-4f41-9908-052ff99a1c97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:c3:ec:4a:6c:67:4b:3c:12:f7:be:a1:b7:0f:17:87:f3:e2:
         8e:33:c9:97:59:89:18:8e:91:50:c1:b8:54:a0:f1:bb:39:ac:
         e0:1a:15:70:b5:bf:61:ee:8e:67:b4:8c:d7:c6:f2:59:86:db:
         f7:0a:e0:93:01:68:fd:78:f1:92:59:1c:d0:4e:c7:9c:f2:fc:
         29:53:27:0c:3d:e8:3b:e1:54:cf:f1:e3:4e:e9:04:a3:e9:c6:
         e7:ba:33:2c:4f:42:6f:45:bf:6e:6a:e1:3e:a8:f6:5e:45:9a:
         0b:d8:90:e7:56:fb:08:63:59:44:22:4f:a4:55:c7:e0:55:97:
         2d:05:08:72:ee:f0:6f:9e:fc:99:de:ea:a7:78:8e:ff:19:1d:
         ce:2c:87:f5:08:d3:51:d2:6e:23:47:6d:41:45:53:68:e0:3c:
         2b:dd:23:c8:8c:ab:09:5f:9f:9e:50:8e:88:89:13:7a:6a:a3:
         bf:1e:0b:00:a2:a8:b7:55:5f:e2:af:35:92:da:b4:ae:d4:78:
         b2:49:01:e7:cf:d2:1a:1a:30:34:70:08:45:1a:b3:d0:2a:68:
         23:49:c0:57:3a:63:2d:84:33:e5:60:fe:65:bb:c6:6a:00:63:
         d4:13:84:4e:28:44:20:5f:c2:55:ba:05:93:67:ac:b9:82:c7:
         30:97:2d:ef
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURtewr1pH2NdPUXgTNByQYCMHamMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI0MDAwMDAwWhcNMjMwMzI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjU3NmJhOGY2ZWQzNmMzZTM0YTliN2UyMTYzOTlhNWY2
YjMyZGFmNmJmMzVmZDlmNmRhZTU1YTkwOGJjZDRlMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMBtQ/cBWXRUQhvpK7jiY1WlU6UspoJwfnDjkEowotmOvg8dlWaE
0auSW3dEm3ipNyx1vkPmOiCM141CMOWh8fZaTL0SYZO6cjYwJuHIVU9cAhlrSzjO
Bu2lhltqCVUu7bSgAt5Dr/M8ED5Td3E6eVgldOvXMN/G6J3/FA8thflVSLW+FlXG
M/JGNXZHp8EGngbrB4TouE7Z/88RyxDB56Vjrsaxi+N6ba8DU7BL9yk+iEkEi1Rp
6SWfHOIIrw0s/BsUSNAAVo1dcNnLrqDrBEBDPH8nWsWAmHcPB9zV19CYkwarnXzc
8VwLNz8d8CHe1wnq2Wc8+Z6bazK5by6LfJECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSozCVl11YQsO98EMW1V5vjhkbMWTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTA3ZWM3ODQtOWUxMS00ZjQxLTk5MDgtMDUyZmY5OWExYzk3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI7D7EpsZ0s8Eve+
obcPF4fz4o4zyZdZiRiOkVDBuFSg8bs5rOAaFXC1v2Hujme0jNfG8lmG2/cK4JMB
aP148ZJZHNBOx5zy/ClTJww96DvhVM/x407pBKPpxue6MyxPQm9Fv25q4T6o9l5F
mgvYkOdW+whjWUQiT6RVx+BVly0FCHLu8G+e/Jne6qd4jv8ZHc4sh/UI01HSbiNH
bUFFU2jgPCvdI8iMqwlfn55QjoiJE3pqo78eCwCiqLdVX+KvNZLatK7UeLJJAefP
0hoaMDRwCEUas9AqaCNJwFc6Yy2EM+Vg/mW7xmoAY9QThE4oRCBfwlW6BZNnrLmC
xzCXLe8=
-----END CERTIFICATE-----