Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/90f563e2-0393-4401-852e-0fae57cae119.roa
File:                     90f563e2-0393-4401-852e-0fae57cae119.roa (raw, json)
Hash identifier:          N4NGeorqkqoKCoYKjLnyOIinHb09KRcUYf3tP4TjPGs=
Subject key identifier:   C4:CB:DB:76:24:00:A1:4E:4F:97:A0:E3:59:05:C0:C6:50:DE:28:09
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6DA2651D251129A43D1343EBDD17C589407C257A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/90f563e2-0393-4401-852e-0fae57cae119.roa
Signing time:             Mon 10 Apr 2023 00:00:00 +0000
ROA not before:           Mon 10 Apr 2023 00:00:00 +0000
ROA not after:            Thu 13 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:a2:65:1d:25:11:29:a4:3d:13:43:eb:dd:17:c5:89:40:7c:25:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 10 00:00:00 2023 GMT
            Not After : Apr 13 23:59:59 2023 GMT
        Subject: serialNumber=d8016b6ec27bed31c9b67cf4f7a8405f9e82a0b81b005320f90d2b0f302b4a0b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6e:8d:94:04:19:ea:2e:bb:f7:cb:8b:80:b2:
                    2a:6a:62:42:73:04:7b:52:f1:94:f1:34:1b:59:fc:
                    cc:03:8b:d4:70:56:70:1e:b3:d9:d0:7a:24:14:02:
                    09:6c:2b:5f:29:09:f5:8e:bc:88:c5:bb:d8:f8:0e:
                    b2:3d:d0:30:cf:04:0f:70:14:12:43:60:7f:84:0e:
                    c8:3a:b2:76:6f:cf:92:a2:17:40:ee:5d:1e:07:80:
                    47:b1:84:ab:4a:2a:3e:2e:60:dd:10:99:5c:ab:f2:
                    9e:aa:a6:95:28:e1:94:45:f4:89:10:69:40:ac:37:
                    38:55:02:91:d6:75:fc:35:c2:eb:1b:f2:55:3b:b2:
                    b3:48:22:a4:10:d2:9a:90:6e:dd:e4:d4:d5:c3:62:
                    c7:70:a4:e3:36:3a:47:47:fe:75:fe:db:de:6a:95:
                    79:86:a2:b5:fa:cc:77:53:2b:2c:68:01:e1:ef:65:
                    9b:05:fb:5e:4c:10:9d:61:6c:64:89:ae:0c:79:cf:
                    b1:f4:4a:95:9a:c7:7c:34:2c:ab:c4:08:99:48:1b:
                    d8:50:5e:b0:ce:c3:c3:55:1e:c2:7c:12:83:5f:7a:
                    83:e7:f0:16:94:9a:99:86:3b:08:f4:f1:b5:2b:8f:
                    91:2f:c1:be:31:0b:5e:dd:a6:ef:4d:51:70:79:2b:
                    ff:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:CB:DB:76:24:00:A1:4E:4F:97:A0:E3:59:05:C0:C6:50:DE:28:09
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/90f563e2-0393-4401-852e-0fae57cae119.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:b8:be:a8:21:49:47:52:e4:ef:d2:00:b4:f3:a5:42:41:b7:
         d2:9b:56:ff:46:3b:c7:42:d9:23:82:7f:8b:2d:51:0e:5a:6c:
         bd:f5:fb:0a:5a:3f:87:98:e5:1d:e9:c1:7f:f2:b9:fb:66:85:
         8e:c0:29:36:a8:0b:0b:b7:c4:e6:65:bb:3d:7a:5c:e2:d6:e0:
         49:e6:75:09:4a:98:4a:2e:1b:51:71:23:15:f7:11:c6:48:7d:
         37:1f:c2:ca:2c:50:b5:1e:f2:3d:e7:09:92:b1:b0:14:4b:c9:
         37:1b:ef:eb:9c:f5:34:98:74:35:16:84:cc:e0:47:a4:79:0f:
         e7:3c:d6:49:91:2c:45:de:05:9a:a0:cc:06:f8:e3:35:5a:df:
         f1:0b:7c:67:ed:a1:ee:67:55:77:a3:2f:9c:0c:66:f5:07:82:
         1d:e2:4c:97:74:87:a1:9b:ea:86:50:09:2e:f0:c3:1a:2d:f3:
         bc:0a:77:15:0c:55:90:22:84:d1:c4:10:d3:4d:22:79:8b:be:
         c2:0a:df:cc:89:b1:55:18:ef:31:c8:f7:cb:65:28:55:76:8d:
         0d:c1:8b:e0:d6:e3:fd:7c:14:59:ce:27:d9:00:a3:83:a6:26:
         c2:5d:e1:a7:71:7f:01:20:7f:f0:41:dd:2f:96:5a:2a:73:05:
         22:53:8a:a7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbaJlHSURKaQ9E0Pr3RfFiUB8JXowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEwMDAwMDAwWhcNMjMwNDEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDgwMTZiNmVjMjdiZWQzMWM5YjY3Y2Y0ZjdhODQwNWY5
ZTgyYTBiODFiMDA1MzIwZjkwZDJiMGYzMDJiNGEwYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMVujZQEGeouu/fLi4CyKmpiQnMEe1LxlPE0G1n8zAOL1HBWcB6z
2dB6JBQCCWwrXykJ9Y68iMW72PgOsj3QMM8ED3AUEkNgf4QOyDqydm/PkqIXQO5d
HgeAR7GEq0oqPi5g3RCZXKvynqqmlSjhlEX0iRBpQKw3OFUCkdZ1/DXC6xvyVTuy
s0gipBDSmpBu3eTU1cNix3Ck4zY6R0f+df7b3mqVeYaitfrMd1MrLGgB4e9lmwX7
XkwQnWFsZImuDHnPsfRKlZrHfDQsq8QImUgb2FBesM7Dw1UewnwSg196g+fwFpSa
mYY7CPTxtSuPkS/BvjELXt2m701RcHkr//cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTEy9t2JAChTk+XoONZBcDGUN4oCTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTBmNTYzZTItMDM5My00NDAxLTg1MmUtMGZhZTU3Y2FlMTE5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABm4vqghSUdS5O/S
ALTzpUJBt9KbVv9GO8dC2SOCf4stUQ5abL31+wpaP4eY5R3pwX/yuftmhY7AKTao
Cwu3xOZluz16XOLW4EnmdQlKmEouG1FxIxX3EcZIfTcfwsosULUe8j3nCZKxsBRL
yTcb7+uc9TSYdDUWhMzgR6R5D+c81kmRLEXeBZqgzAb44zVa3/ELfGftoe5nVXej
L5wMZvUHgh3iTJd0h6Gb6oZQCS7wwxot87wKdxUMVZAihNHEENNNInmLvsIK38yJ
sVUY7zHI98tlKFV2jQ3Bi+DW4/18FFnOJ9kAo4OmJsJd4adxfwEgf/BB3S+WWipz
BSJTiqc=
-----END CERTIFICATE-----