Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/91496021-809c-474d-8b7e-b6cc57370f72.roa
File:                     91496021-809c-474d-8b7e-b6cc57370f72.roa (raw, json)
Hash identifier:          fbN3pLP5l60fvqbuofpM93RDvEIsEhcgJlCQHxIAMLQ=
Subject key identifier:   68:03:B9:BB:B2:DF:25:A7:A9:84:26:6C:E3:91:D8:1A:37:8F:CC:97
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4ADB8B05402AC1A57763DD342019938299CCB393
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/91496021-809c-474d-8b7e-b6cc57370f72.roa
Signing time:             Sat 11 Mar 2023 00:00:00 +0000
ROA not before:           Sat 11 Mar 2023 00:00:00 +0000
ROA not after:            Tue 14 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:db:8b:05:40:2a:c1:a5:77:63:dd:34:20:19:93:82:99:cc:b3:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 11 00:00:00 2023 GMT
            Not After : Mar 14 23:59:59 2023 GMT
        Subject: serialNumber=801eb2208315f7b293f1e23ab743a806ab2a59691f7ee40cecc530b495a31fe8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:41:4b:e9:fa:d0:ee:4f:dd:55:86:51:61:a9:
                    5b:31:54:86:48:23:45:a2:67:1f:0e:e5:c7:04:0c:
                    68:cc:ac:63:71:33:a0:36:86:99:8f:b8:bb:a8:23:
                    e3:73:d7:60:b3:f2:7b:ba:c1:99:20:bd:ab:3b:12:
                    28:8f:0f:d4:26:25:f1:93:de:c9:ec:0d:0e:e8:04:
                    14:f1:df:18:11:0c:49:be:5f:82:12:74:51:5a:fb:
                    84:68:6e:d7:56:a3:13:a2:54:aa:de:e1:00:59:d3:
                    21:44:dc:74:9a:36:8c:55:fe:60:d9:94:07:e1:bd:
                    aa:f3:ba:54:f0:be:fb:2c:64:2a:d4:4f:59:97:67:
                    a2:d6:b0:f8:ee:8e:56:55:68:01:5d:e1:0f:fd:61:
                    c9:77:2d:87:c1:a1:00:8c:c1:aa:c0:ae:9c:ce:43:
                    82:6c:34:87:e6:a3:15:04:8c:c4:3e:b9:7a:2e:52:
                    a2:53:d6:ce:7f:4a:0f:ba:10:81:d3:ed:94:4d:c8:
                    1e:23:b7:a7:a3:b6:e9:44:e6:2f:94:75:bf:0b:be:
                    1b:f4:50:08:dc:af:9a:c2:03:5f:30:71:c5:fc:ea:
                    d2:97:0e:00:64:33:77:d6:82:7b:8a:0f:f0:ad:90:
                    2b:e3:23:c5:dd:e8:01:cc:0c:06:2d:7e:83:22:76:
                    8b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:03:B9:BB:B2:DF:25:A7:A9:84:26:6C:E3:91:D8:1A:37:8F:CC:97
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/91496021-809c-474d-8b7e-b6cc57370f72.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:a9:68:ac:41:f0:ce:cb:45:79:e3:56:d4:45:e6:07:36:7a:
         63:f3:af:4e:94:52:9d:04:ab:18:4d:fe:39:66:a3:0c:69:90:
         f6:04:ff:d0:bd:73:44:48:dd:2b:f3:46:bf:26:25:81:d3:96:
         57:31:23:b9:67:a1:78:16:73:fb:75:54:e5:06:17:82:8b:ac:
         5d:42:ab:44:e7:cc:68:10:b1:91:35:b6:f4:f9:f3:ba:ce:40:
         0b:83:78:bc:86:d0:7d:6a:68:f5:4b:ca:5e:55:a8:a5:14:f1:
         05:be:cf:ce:7e:08:36:a7:2d:6e:7e:0e:00:1a:06:20:45:64:
         b7:4e:fd:b2:e5:3c:fb:fe:ce:1d:16:57:7a:f6:32:56:f4:b0:
         be:f1:45:6a:c9:17:ad:a0:94:61:c7:74:f8:b1:19:85:2e:4a:
         ad:f5:bb:a8:16:d3:78:55:2c:cb:eb:76:5e:86:e8:8d:8b:ac:
         39:44:67:87:f8:f1:96:42:88:4c:b7:b0:e6:9c:18:61:1a:40:
         85:51:82:ab:ad:60:6c:f6:09:0f:32:ee:0b:cd:b6:24:e4:db:
         3f:df:f5:e8:7e:eb:ea:d6:ac:4e:b0:4e:6d:c4:e1:97:47:11:
         94:30:f2:38:e0:59:38:9b:76:e7:30:d9:de:94:fc:08:27:ac:
         8d:4f:01:d6
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUStuLBUAqwaV3Y900IBmTgpnMs5MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzExMDAwMDAwWhcNMjMwMzE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODAxZWIyMjA4MzE1ZjdiMjkzZjFlMjNhYjc0M2E4MDZh
YjJhNTk2OTFmN2VlNDBjZWNjNTMwYjQ5NWEzMWZlODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMhBS+n60O5P3VWGUWGpWzFUhkgjRaJnHw7lxwQMaMysY3EzoDaG
mY+4u6gj43PXYLPye7rBmSC9qzsSKI8P1CYl8ZPeyewNDugEFPHfGBEMSb5fghJ0
UVr7hGhu11ajE6JUqt7hAFnTIUTcdJo2jFX+YNmUB+G9qvO6VPC++yxkKtRPWZdn
otaw+O6OVlVoAV3hD/1hyXcth8GhAIzBqsCunM5Dgmw0h+ajFQSMxD65ei5SolPW
zn9KD7oQgdPtlE3IHiO3p6O26UTmL5R1vwu+G/RQCNyvmsIDXzBxxfzq0pcOAGQz
d9aCe4oP8K2QK+Mjxd3oAcwMBi1+gyJ2i1cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRoA7m7st8lp6mEJmzjkdgaN4/MlzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTE0OTYwMjEtODA5Yy00NzRkLThiN2UtYjZjYzU3MzcwZjcyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGCpaKxB8M7LRXnj
VtRF5gc2emPzr06UUp0EqxhN/jlmowxpkPYE/9C9c0RI3SvzRr8mJYHTllcxI7ln
oXgWc/t1VOUGF4KLrF1Cq0TnzGgQsZE1tvT587rOQAuDeLyG0H1qaPVLyl5VqKUU
8QW+z85+CDanLW5+DgAaBiBFZLdO/bLlPPv+zh0WV3r2Mlb0sL7xRWrJF62glGHH
dPixGYUuSq31u6gW03hVLMvrdl6G6I2LrDlEZ4f48ZZCiEy3sOacGGEaQIVRgqut
YGz2CQ8y7gvNtiTk2z/f9eh+6+rWrE6wTm3E4ZdHEZQw8jjgWTibducw2d6U/Agn
rI1PAdY=
-----END CERTIFICATE-----