Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/91cdabea-54dc-4bd9-9359-1ea6292d8950.roa
File:                     91cdabea-54dc-4bd9-9359-1ea6292d8950.roa (raw, json)
Hash identifier:          uHuinKxqEhM6lecxG7ZrdA5wM70lvJtM+mbfxq7tPzY=
Subject key identifier:   A7:A8:43:1A:29:9D:02:95:3A:89:54:B1:21:F1:01:5B:AB:40:0D:86
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       063105AB6DEA8967921EB23CA3C661616747B2D3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/91cdabea-54dc-4bd9-9359-1ea6292d8950.roa
Signing time:             Sat 21 Jan 2023 00:00:00 +0000
ROA not before:           Sat 21 Jan 2023 00:00:00 +0000
ROA not after:            Tue 24 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:31:05:ab:6d:ea:89:67:92:1e:b2:3c:a3:c6:61:61:67:47:b2:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 21 00:00:00 2023 GMT
            Not After : Jan 24 23:59:59 2023 GMT
        Subject: serialNumber=0356bf677b17f418cdb300809f6f7c04bdb73b519ee30546413aba6b5b542a63, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:83:12:b1:84:18:0d:2f:c3:6f:0a:12:96:0c:
                    3a:40:79:1a:d9:48:b2:15:de:64:28:37:db:72:58:
                    79:c2:7d:61:a7:03:ba:30:60:36:db:e9:71:f0:05:
                    00:c4:3b:23:cb:cc:12:73:cd:1a:5b:b3:a4:c2:aa:
                    f7:77:96:2c:c1:12:5f:5a:5d:40:f4:af:15:c8:8a:
                    26:8b:41:03:4d:08:78:4e:ae:39:ce:b7:b5:a5:28:
                    ca:04:a5:0a:1d:1c:ec:f8:0d:b4:b6:db:aa:91:84:
                    96:7d:39:c4:e9:d0:6c:66:4f:d3:e7:38:e2:75:d9:
                    52:82:bf:15:97:fd:70:9d:1c:60:17:ea:26:a4:6a:
                    fa:39:dc:e6:53:86:d4:01:1c:1a:59:cb:90:b6:b7:
                    4c:88:19:6a:ad:0b:fd:bf:94:da:f0:af:78:08:96:
                    67:ac:f6:bd:ac:31:e3:69:0b:e7:18:a0:cf:bb:58:
                    43:1f:cf:e7:76:8f:da:ef:cc:a9:25:c5:42:9a:6a:
                    2c:b0:cf:e5:c8:e0:47:e0:c7:a7:a7:0d:81:64:0d:
                    ce:3f:ba:c2:e0:3e:10:c6:99:ed:96:2b:76:02:16:
                    1a:a4:0a:10:48:65:7e:3c:31:0f:d0:4f:f6:07:00:
                    13:e4:6c:82:05:44:35:8e:9a:e8:31:a8:73:2a:de:
                    b7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:A8:43:1A:29:9D:02:95:3A:89:54:B1:21:F1:01:5B:AB:40:0D:86
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/91cdabea-54dc-4bd9-9359-1ea6292d8950.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:fe:e8:0c:b1:ec:63:e6:b8:2c:3d:cd:02:6c:21:0a:a8:1f:
         bb:5e:8b:b5:61:33:39:0b:91:89:60:27:b5:ff:4c:a4:60:d5:
         1c:26:06:62:7f:76:82:7f:a3:1d:29:b5:e9:f9:01:43:f8:77:
         0a:5b:df:da:a1:2a:c8:05:71:c6:e5:bf:05:60:d4:b9:35:0e:
         0d:f4:5f:dd:2c:c4:fe:31:05:c4:30:02:2a:97:fb:88:8d:f1:
         9e:07:45:dd:07:9d:21:2f:cb:db:38:62:e0:9c:dc:d6:39:a6:
         be:8f:37:fa:d0:8d:76:5d:52:34:58:15:b9:e6:91:18:58:cf:
         a4:e9:da:1c:ab:db:0b:0a:b2:ba:43:c1:c3:4a:f5:66:f8:9b:
         44:d0:f2:f1:da:8e:47:9b:c6:95:a4:b1:a1:97:24:7f:be:4b:
         a3:ed:2b:cb:03:69:19:ba:49:08:a1:6f:f0:0f:3b:dd:e6:84:
         bd:a0:31:f7:f4:f5:16:b0:32:ff:8b:05:06:07:33:32:e5:e2:
         df:ef:5e:82:50:80:9f:cd:40:2b:03:37:f7:9f:ea:53:09:4e:
         26:ae:d8:49:f8:60:7e:9f:88:e0:7f:58:5c:5f:ee:21:b2:1d:
         66:81:44:ba:e3:a6:a2:4d:d6:48:6b:b1:83:de:73:3a:8f:55:
         1e:58:85:c0
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBjEFq23qiWeSHrI8o8ZhYWdHstMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTIxMDAwMDAwWhcNMjMwMTI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDM1NmJmNjc3YjE3ZjQxOGNkYjMwMDgwOWY2ZjdjMDRi
ZGI3M2I1MTllZTMwNTQ2NDEzYWJhNmI1YjU0MmE2MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOqDErGEGA0vw28KEpYMOkB5GtlIshXeZCg323JYecJ9YacDujBg
NtvpcfAFAMQ7I8vMEnPNGluzpMKq93eWLMESX1pdQPSvFciKJotBA00IeE6uOc63
taUoygSlCh0c7PgNtLbbqpGEln05xOnQbGZP0+c44nXZUoK/FZf9cJ0cYBfqJqRq
+jnc5lOG1AEcGlnLkLa3TIgZaq0L/b+U2vCveAiWZ6z2vawx42kL5xigz7tYQx/P
53aP2u/MqSXFQppqLLDP5cjgR+DHp6cNgWQNzj+6wuA+EMaZ7ZYrdgIWGqQKEEhl
fjwxD9BP9gcAE+RsggVENY6a6DGocyretysCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSnqEMaKZ0ClTqJVLEh8QFbq0ANhjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTFjZGFiZWEtNTRkYy00YmQ5LTkzNTktMWVhNjI5MmQ4OTUwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALX+6Ayx7GPmuCw9
zQJsIQqoH7tei7VhMzkLkYlgJ7X/TKRg1RwmBmJ/doJ/ox0pten5AUP4dwpb39qh
KsgFccblvwVg1Lk1Dg30X90sxP4xBcQwAiqX+4iN8Z4HRd0HnSEvy9s4YuCc3NY5
pr6PN/rQjXZdUjRYFbnmkRhYz6Tp2hyr2wsKsrpDwcNK9Wb4m0TQ8vHajkebxpWk
saGXJH++S6PtK8sDaRm6SQihb/APO93mhL2gMff09RawMv+LBQYHMzLl4t/vXoJQ
gJ/NQCsDN/ef6lMJTiau2En4YH6fiOB/WFxf7iGyHWaBRLrjpqJN1khrsYPeczqP
VR5YhcA=
-----END CERTIFICATE-----