Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/96b20eee-f0da-4c99-80b6-34d7b26a7139.roa
File:                     96b20eee-f0da-4c99-80b6-34d7b26a7139.roa (raw, json)
Hash identifier:          SrWs3HC8wPm2CCB8NKciQAiWD4lANJs1+/BLujsw8YA=
Subject key identifier:   F0:1B:24:B7:31:87:0D:2B:33:4C:8B:E1:06:89:79:CD:68:E1:62:39
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       480F970BD67660026F7C1DC7D17652410D037122
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/96b20eee-f0da-4c99-80b6-34d7b26a7139.roa
Signing time:             Wed 26 Apr 2023 00:00:00 +0000
ROA not before:           Wed 26 Apr 2023 00:00:00 +0000
ROA not after:            Sat 29 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:0f:97:0b:d6:76:60:02:6f:7c:1d:c7:d1:76:52:41:0d:03:71:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 26 00:00:00 2023 GMT
            Not After : Apr 29 23:59:59 2023 GMT
        Subject: serialNumber=c5b0db4a36f00c7650ded9d38bd0959ad2f24c21c108bee51cf8f28ccef29d82, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b9:db:7f:e3:07:8e:fa:c2:5d:aa:ac:ed:7e:
                    de:cf:13:64:2c:9a:3c:2a:e1:0e:3a:58:d7:47:f0:
                    2e:0b:5f:c0:7d:f1:f0:fa:85:37:8f:aa:da:d9:14:
                    b1:35:9d:53:98:a2:76:41:51:2f:a9:bb:f2:0d:fb:
                    ee:6f:a2:ba:9d:25:5b:91:35:35:e9:13:57:b1:4f:
                    21:5c:95:ff:09:55:fc:39:1e:39:3f:03:fe:d3:8b:
                    8f:d7:14:9c:e8:fb:4c:b7:84:e9:b0:3e:99:c1:0c:
                    0d:b5:03:e8:b5:95:72:b7:26:80:65:36:8b:29:4e:
                    24:ad:80:86:12:d8:2c:18:6b:67:b1:2b:1c:f8:ff:
                    b6:39:95:7b:8c:da:8e:62:51:be:6c:09:6d:bf:50:
                    8d:b2:fc:65:4a:78:b2:37:a0:e3:00:1a:97:06:9e:
                    1a:f7:2a:e4:2a:b5:3f:1c:c5:25:a0:c1:79:97:dd:
                    18:8b:82:f4:e2:8b:13:85:c7:c2:c9:1c:55:e9:a1:
                    f4:70:81:d1:25:87:56:b5:67:35:75:78:cb:90:b6:
                    58:a1:35:97:ec:4f:cf:9f:af:b3:6f:6d:ad:ad:22:
                    72:51:c8:cd:67:7b:79:83:24:9f:70:c3:6a:8b:62:
                    bf:6b:21:02:52:c7:e5:81:6e:93:68:6d:7e:a9:47:
                    bd:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:1B:24:B7:31:87:0D:2B:33:4C:8B:E1:06:89:79:CD:68:E1:62:39
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/96b20eee-f0da-4c99-80b6-34d7b26a7139.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:22:25:bb:11:fe:34:79:0a:77:a5:3f:97:54:64:54:18:dc:
         6a:35:1f:49:05:86:e4:e0:80:02:5e:70:ab:82:9a:94:24:f6:
         c2:ae:dd:38:1e:68:7f:81:30:0e:8b:83:a8:e8:05:b8:33:34:
         bb:9f:6a:de:d0:02:4b:7a:ab:d8:9d:40:85:32:82:7a:64:e4:
         58:79:86:97:15:c3:5c:27:82:96:95:20:db:44:6e:ea:48:2e:
         ea:29:c7:1c:a2:ee:78:7d:d0:1d:87:43:a2:a0:fc:03:45:93:
         06:33:15:4e:78:1c:99:b8:53:c5:85:2b:f7:f4:d7:b7:7e:52:
         08:50:1b:3d:f4:fc:1c:d1:fb:3a:9b:7d:97:c7:1e:8c:24:e9:
         3d:65:78:73:67:50:e1:16:b1:19:bd:12:55:7b:60:23:8c:61:
         30:2d:a8:ae:d8:5d:70:23:db:fd:46:da:ff:4a:8e:05:e9:52:
         71:f2:5d:5f:81:28:aa:72:a9:7d:71:d6:bc:e5:31:e9:a1:7c:
         cb:05:00:13:c3:a5:24:94:54:8e:e9:69:86:f1:cb:5b:d2:dc:
         3b:d9:d0:8a:69:a9:5c:8a:87:65:63:e5:b4:50:1b:9e:86:62:
         33:28:75:99:15:af:fb:ec:7e:65:01:ea:be:d0:6f:c2:2b:28:
         0c:86:ed:f1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUSA+XC9Z2YAJvfB3H0XZSQQ0DcSIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI2MDAwMDAwWhcNMjMwNDI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzViMGRiNGEzNmYwMGM3NjUwZGVkOWQzOGJkMDk1OWFk
MmYyNGMyMWMxMDhiZWU1MWNmOGYyOGNjZWYyOWQ4MjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMW523/jB476wl2qrO1+3s8TZCyaPCrhDjpY10fwLgtfwH3x8PqF
N4+q2tkUsTWdU5iidkFRL6m78g377m+iup0lW5E1NekTV7FPIVyV/wlV/DkeOT8D
/tOLj9cUnOj7TLeE6bA+mcEMDbUD6LWVcrcmgGU2iylOJK2AhhLYLBhrZ7ErHPj/
tjmVe4zajmJRvmwJbb9QjbL8ZUp4sjeg4wAalwaeGvcq5Cq1PxzFJaDBeZfdGIuC
9OKLE4XHwskcVemh9HCB0SWHVrVnNXV4y5C2WKE1l+xPz5+vs29tra0iclHIzWd7
eYMkn3DDaotiv2shAlLH5YFuk2htfqlHvVECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTwGyS3MYcNKzNMi+EGiXnNaOFiOTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTZiMjBlZWUtZjBkYS00Yzk5LTgwYjYtMzRkN2IyNmE3MTM5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEgiJbsR/jR5Cnel
P5dUZFQY3Go1H0kFhuTggAJecKuCmpQk9sKu3TgeaH+BMA6Lg6joBbgzNLufat7Q
Akt6q9idQIUygnpk5Fh5hpcVw1wngpaVINtEbupILuopxxyi7nh90B2HQ6Kg/ANF
kwYzFU54HJm4U8WFK/f017d+UghQGz30/BzR+zqbfZfHHowk6T1leHNnUOEWsRm9
ElV7YCOMYTAtqK7YXXAj2/1G2v9KjgXpUnHyXV+BKKpyqX1x1rzlMemhfMsFABPD
pSSUVI7paYbxy1vS3DvZ0IppqVyKh2Vj5bRQG56GYjModZkVr/vsfmUB6r7Qb8Ir
KAyG7fE=
-----END CERTIFICATE-----