Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/94bdd644-c8da-492d-afeb-eab003bf732c.roa
File:                     94bdd644-c8da-492d-afeb-eab003bf732c.roa (raw, json)
Hash identifier:          DI9VRSMPnQVnLQrCozLC8XR56r/Z/P24j1zDojEWFYc=
Subject key identifier:   5C:25:D0:32:00:0D:E5:BA:84:C5:7F:A8:12:BF:76:F7:2E:94:2D:95
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       26F62D118CF20020284D8D3849B2714F467122A8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/94bdd644-c8da-492d-afeb-eab003bf732c.roa
Signing time:             Sat 18 Feb 2023 00:00:00 +0000
ROA not before:           Sat 18 Feb 2023 00:00:00 +0000
ROA not after:            Tue 21 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:f6:2d:11:8c:f2:00:20:28:4d:8d:38:49:b2:71:4f:46:71:22:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 18 00:00:00 2023 GMT
            Not After : Feb 21 23:59:59 2023 GMT
        Subject: serialNumber=87a3d0896492b5e6b5d72d3351f2c82ec8719cf20ccb5d29351ca092c9f212e4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b6:78:dc:70:61:71:cb:c3:23:c3:bb:64:d3:
                    7b:c2:0b:a0:aa:6a:48:12:5e:74:f4:21:f4:ba:5d:
                    5b:1b:e1:ba:92:b9:61:bf:86:f7:08:12:6f:86:7f:
                    f2:36:8c:3f:d5:e7:d6:dc:9a:82:91:3e:45:ca:c8:
                    0d:78:2d:13:ff:51:56:e3:26:58:2c:3a:3d:29:6c:
                    ec:48:a3:8e:58:7c:e1:42:c9:80:56:69:4f:c5:d6:
                    6c:e2:f6:64:a7:4b:1c:e0:3e:ac:0a:f4:98:24:de:
                    e4:c0:bb:c1:c6:cb:01:0b:f0:f6:c3:49:a4:65:9e:
                    89:6e:74:c8:d5:79:28:b9:dc:4a:09:fa:c5:b6:e4:
                    7d:2d:8e:a7:5b:4b:35:a5:da:dd:88:f3:f0:a6:4f:
                    fd:0e:77:35:2b:fa:02:14:69:4e:4b:72:c2:8f:90:
                    ea:0f:e5:e3:ec:c6:70:7d:a8:40:72:70:ab:2c:4b:
                    3b:ea:c2:f2:72:98:ee:39:58:6c:ff:b8:bc:ae:2f:
                    29:ca:48:68:1f:ed:1c:6a:80:58:a9:90:f6:f2:cb:
                    ae:7b:c3:ff:c6:33:39:e6:8e:34:2c:8e:e9:1f:2e:
                    e8:0f:06:7b:ee:5d:07:06:0c:22:04:89:ae:d0:60:
                    6f:d3:82:5e:9c:b3:24:2c:c6:37:7a:ae:56:ab:58:
                    af:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:25:D0:32:00:0D:E5:BA:84:C5:7F:A8:12:BF:76:F7:2E:94:2D:95
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/94bdd644-c8da-492d-afeb-eab003bf732c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:2a:89:6b:e3:67:bd:ca:15:57:8c:78:b3:25:0b:1d:46:a9:
         69:94:cf:d3:cb:56:31:26:89:f2:74:cd:7a:fd:39:d9:0e:9d:
         70:3e:05:88:fa:45:f0:93:ee:4f:96:b3:cb:18:aa:f1:be:07:
         84:03:4a:8d:18:1a:0c:0d:90:01:cf:79:60:aa:01:63:cc:5f:
         82:cf:3f:ec:4d:12:5b:cd:b0:3a:88:04:a5:17:a5:7a:2f:5a:
         6f:8d:75:3e:25:84:f8:e5:ab:22:3f:f7:1c:dc:86:49:a8:16:
         ab:9a:0f:1c:d8:be:06:a3:1e:13:90:85:61:5a:bd:21:4b:39:
         2a:64:8f:c4:34:d8:5f:eb:3a:aa:a8:f2:49:0d:05:e3:56:c8:
         fc:7f:b2:c9:cf:db:8a:dd:6f:16:47:ee:a5:85:2e:83:1e:e3:
         da:60:20:01:82:55:6d:8a:74:be:2a:e6:91:3d:a8:76:86:ae:
         8d:e5:c9:97:81:52:76:e2:f8:43:63:e4:15:d5:f3:92:98:44:
         f6:fd:8c:af:dd:20:e5:18:c7:c7:2e:28:f1:03:5e:bf:1a:dd:
         a4:49:b9:81:a8:4c:db:cc:01:a7:14:f1:33:9d:25:bb:51:4b:
         fa:1f:fc:a0:01:50:b4:81:82:3c:5b:32:0d:ab:3e:20:39:63:
         7b:af:45:2b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJvYtEYzyACAoTY04SbJxT0ZxIqgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE4MDAwMDAwWhcNMjMwMjIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAODdhM2QwODk2NDkyYjVlNmI1ZDcyZDMzNTFmMmM4MmVj
ODcxOWNmMjBjY2I1ZDI5MzUxY2EwOTJjOWYyMTJlNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALS2eNxwYXHLwyPDu2TTe8ILoKpqSBJedPQh9LpdWxvhupK5Yb+G
9wgSb4Z/8jaMP9Xn1tyagpE+RcrIDXgtE/9RVuMmWCw6PSls7Eijjlh84ULJgFZp
T8XWbOL2ZKdLHOA+rAr0mCTe5MC7wcbLAQvw9sNJpGWeiW50yNV5KLncSgn6xbbk
fS2Op1tLNaXa3Yjz8KZP/Q53NSv6AhRpTktywo+Q6g/l4+zGcH2oQHJwqyxLO+rC
8nKY7jlYbP+4vK4vKcpIaB/tHGqAWKmQ9vLLrnvD/8YzOeaONCyO6R8u6A8Ge+5d
BwYMIgSJrtBgb9OCXpyzJCzGN3quVqtYr/kCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRcJdAyAA3luoTFf6gSv3b3LpQtlTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTRiZGQ2NDQtYzhkYS00OTJkLWFmZWItZWFiMDAzYmY3MzJjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC0qiWvjZ73KFVeM
eLMlCx1GqWmUz9PLVjEmifJ0zXr9OdkOnXA+BYj6RfCT7k+Ws8sYqvG+B4QDSo0Y
GgwNkAHPeWCqAWPMX4LPP+xNElvNsDqIBKUXpXovWm+NdT4lhPjlqyI/9xzchkmo
FquaDxzYvgajHhOQhWFavSFLOSpkj8Q02F/rOqqo8kkNBeNWyPx/ssnP24rdbxZH
7qWFLoMe49pgIAGCVW2KdL4q5pE9qHaGro3lyZeBUnbi+ENj5BXV85KYRPb9jK/d
IOUYx8cuKPEDXr8a3aRJuYGoTNvMAacU8TOdJbtRS/of/KABULSBgjxbMg2rPiA5
Y3uvRSs=
-----END CERTIFICATE-----