Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/967f0d93-2499-4862-82eb-3e65004a660a.roa
File:                     967f0d93-2499-4862-82eb-3e65004a660a.roa (raw, json)
Hash identifier:          osLG5yCdPgg79KnXJ6IfnqghgiaRhGroxP7kz5vEUEk=
Subject key identifier:   37:09:4C:09:2E:F5:43:4E:0B:D2:D6:A5:74:0C:CA:CA:8B:BE:99:34
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4B06B9439CE3322CC6A4BFB02E37DB170D911BC2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/967f0d93-2499-4862-82eb-3e65004a660a.roa
Signing time:             Thu 23 Feb 2023 00:00:00 +0000
ROA not before:           Thu 23 Feb 2023 00:00:00 +0000
ROA not after:            Sun 26 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:06:b9:43:9c:e3:32:2c:c6:a4:bf:b0:2e:37:db:17:0d:91:1b:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 23 00:00:00 2023 GMT
            Not After : Feb 26 23:59:59 2023 GMT
        Subject: serialNumber=773d316d1bec0ba8e3321ea5f9bae1083e241c67249d5dab9432c83c7600c3c8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b7:f6:8b:47:79:9f:3a:b4:bc:9b:46:e1:74:
                    69:18:de:fb:9f:4b:5f:5a:09:35:78:0b:87:e5:86:
                    cc:03:02:5e:9a:b1:31:e2:a3:c8:ea:05:37:8e:76:
                    f2:a5:50:92:8b:cf:55:db:41:d0:53:03:b5:36:ac:
                    21:06:b0:c6:59:60:68:1e:2f:0c:a3:a3:a0:ad:69:
                    fa:3d:15:ce:36:96:7e:b9:17:1c:69:11:25:ce:9b:
                    75:af:62:80:33:8e:d9:cf:d3:d3:fa:a1:5c:36:36:
                    2e:46:b9:d0:0b:0f:4c:3d:70:71:ed:0e:78:a9:72:
                    eb:9d:82:10:30:e7:29:9b:e1:26:bb:0c:88:41:08:
                    9f:db:37:04:c8:91:36:88:21:56:34:7c:4f:da:41:
                    ed:ca:e5:ed:96:a9:32:09:2b:e4:3f:89:dc:d3:86:
                    61:c0:60:b6:b4:d9:8d:97:fb:8d:69:b9:90:6c:35:
                    44:7f:59:f9:5d:48:ad:56:27:c0:e6:ac:df:51:7f:
                    79:69:33:b9:c4:6a:31:b9:c7:18:60:3d:d8:81:df:
                    1e:da:9e:f0:8f:5f:5c:f1:7b:71:be:d2:3d:9d:48:
                    49:67:e8:ae:27:36:cf:ff:e3:63:f5:83:23:f1:1c:
                    93:df:ea:ca:76:2d:b2:06:22:93:73:28:6c:88:f4:
                    e6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:09:4C:09:2E:F5:43:4E:0B:D2:D6:A5:74:0C:CA:CA:8B:BE:99:34
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/967f0d93-2499-4862-82eb-3e65004a660a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:ed:48:bd:0d:fa:37:58:9b:4c:5a:ff:72:43:34:f5:5c:8c:
         fe:52:05:d2:61:58:ea:df:ac:07:be:ac:bb:b3:0a:a1:fb:a7:
         12:49:86:61:2a:f6:51:3a:cc:3d:51:1f:aa:2f:8e:3b:ce:fd:
         89:b7:13:9f:8b:01:bd:df:3a:8e:d3:50:5e:cb:0b:0e:67:03:
         11:ad:23:9f:bb:4f:20:12:9b:6e:cc:a9:1b:56:6a:c5:73:e8:
         a8:0c:3c:01:16:41:0d:ce:e6:7b:f9:21:42:75:dc:d6:31:81:
         51:5c:b0:5c:98:eb:c4:1b:78:e2:bd:90:15:81:c8:c4:70:fe:
         5e:78:e5:ff:72:fe:13:d5:81:ec:78:f3:2f:ea:b4:c3:a2:b1:
         7d:dc:8b:b9:0d:df:ae:ce:97:b2:0e:7f:9d:73:db:c8:57:9c:
         36:9f:a7:ff:dd:f6:d2:02:4a:c3:c8:fa:fc:e2:ea:9d:e3:e0:
         71:0a:95:ba:72:64:ea:1b:8f:30:a1:a0:ef:b2:25:93:1e:f5:
         93:80:a5:aa:73:22:ac:ec:9e:aa:48:8b:73:fe:20:3a:31:59:
         c3:cc:48:a7:53:a4:16:6f:ba:1b:66:8b:7e:2d:7a:af:2e:ca:
         0d:e5:8b:62:a2:6d:fc:d9:da:27:b1:d5:de:81:60:a7:93:57:
         90:29:5e:55
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUSwa5Q5zjMizGpL+wLjfbFw2RG8IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIzMDAwMDAwWhcNMjMwMjI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzczZDMxNmQxYmVjMGJhOGUzMzIxZWE1ZjliYWUxMDgz
ZTI0MWM2NzI0OWQ1ZGFiOTQzMmM4M2M3NjAwYzNjODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMC39otHeZ86tLybRuF0aRje+59LX1oJNXgLh+WGzAMCXpqxMeKj
yOoFN4528qVQkovPVdtB0FMDtTasIQawxllgaB4vDKOjoK1p+j0VzjaWfrkXHGkR
Jc6bda9igDOO2c/T0/qhXDY2Lka50AsPTD1wce0OeKly652CEDDnKZvhJrsMiEEI
n9s3BMiRNoghVjR8T9pB7crl7ZapMgkr5D+J3NOGYcBgtrTZjZf7jWm5kGw1RH9Z
+V1IrVYnwOas31F/eWkzucRqMbnHGGA92IHfHtqe8I9fXPF7cb7SPZ1ISWforic2
z//jY/WDI/Eck9/qynYtsgYik3MobIj05rUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ3CUwJLvVDTgvS1qV0DMrKi76ZNDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTY3ZjBkOTMtMjQ5OS00ODYyLTgyZWItM2U2NTAwNGE2NjBhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF3tSL0N+jdYm0xa
/3JDNPVcjP5SBdJhWOrfrAe+rLuzCqH7pxJJhmEq9lE6zD1RH6ovjjvO/Ym3E5+L
Ab3fOo7TUF7LCw5nAxGtI5+7TyASm27MqRtWasVz6KgMPAEWQQ3O5nv5IUJ13NYx
gVFcsFyY68QbeOK9kBWByMRw/l545f9y/hPVgex48y/qtMOisX3ci7kN367Ol7IO
f51z28hXnDafp//d9tICSsPI+vzi6p3j4HEKlbpyZOobjzChoO+yJZMe9ZOApapz
IqzsnqpIi3P+IDoxWcPMSKdTpBZvuhtmi34teq8uyg3li2KibfzZ2iex1d6BYKeT
V5ApXlU=
-----END CERTIFICATE-----