Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9db633d3-4261-4585-994e-251babb61ba8.roa
File:                     9db633d3-4261-4585-994e-251babb61ba8.roa (raw, json)
Hash identifier:          H09PlUVQM4GvlN09FEsDUa8a1ZJOGvH3OQdGCO4czwY=
Subject key identifier:   18:D5:A1:AB:B0:4C:D0:58:6B:9C:4A:E5:D9:9B:73:B7:96:83:55:B6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       221BC2B6AF12F86113C9C20CC593859419DDCF86
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9db633d3-4261-4585-994e-251babb61ba8.roa
Signing time:             Sun 23 Apr 2023 00:00:00 +0000
ROA not before:           Sun 23 Apr 2023 00:00:00 +0000
ROA not after:            Wed 26 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:1b:c2:b6:af:12:f8:61:13:c9:c2:0c:c5:93:85:94:19:dd:cf:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 23 00:00:00 2023 GMT
            Not After : Apr 26 23:59:59 2023 GMT
        Subject: serialNumber=4866de3751625b716a05752d32c2a9e10f7eb777bb0787c8c9649b3a04a7f878, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5d:f9:26:9e:40:3f:e4:c4:ba:fd:a2:53:dd:
                    ce:34:23:98:05:cb:60:ee:50:09:64:74:b5:6c:01:
                    84:9b:42:24:f1:25:82:4f:76:8d:7d:c5:d8:6f:f0:
                    21:93:22:ff:3b:bc:ae:73:99:ee:7c:3c:e2:70:6d:
                    f4:97:54:4e:06:4e:08:eb:4e:46:f3:38:93:0f:de:
                    2a:1f:87:b2:e6:6f:51:2d:ae:7c:84:0c:32:e4:9e:
                    b5:90:8d:31:cd:9b:c9:7d:cd:c5:b0:eb:28:b4:6c:
                    f7:cc:b9:cd:dc:74:3e:11:4d:e8:0d:d8:d1:44:be:
                    5f:22:09:53:98:c4:4d:4e:78:89:6d:9b:d9:3b:b0:
                    09:ad:24:7e:6b:22:34:75:4a:ca:01:d4:29:03:7c:
                    bd:e0:d0:3c:da:6a:85:be:77:3b:d3:42:27:88:09:
                    8e:6e:5e:30:e0:13:1f:c0:f8:47:0a:9e:ab:78:6c:
                    2b:29:e6:a5:ac:c2:7b:40:83:fd:2a:03:4b:b5:60:
                    6a:b7:7e:fe:e5:70:70:20:76:40:30:c1:2c:1a:73:
                    7e:16:e9:92:c4:34:bf:4c:68:b0:10:6d:ba:2e:ad:
                    78:eb:cc:df:c9:1e:cd:8b:ae:7e:bb:70:8c:d0:dd:
                    fd:b6:2d:81:64:a2:e6:78:3d:49:22:dd:14:34:46:
                    78:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D5:A1:AB:B0:4C:D0:58:6B:9C:4A:E5:D9:9B:73:B7:96:83:55:B6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9db633d3-4261-4585-994e-251babb61ba8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:18:e7:67:35:01:57:4d:20:0c:bb:2c:1e:29:aa:bf:b0:f3:
         f3:f2:fc:6b:f2:bb:93:a7:64:67:84:c7:ec:2b:bc:2c:f4:a0:
         72:87:41:f4:83:99:ee:df:87:2c:4f:06:46:92:f7:0e:fd:63:
         ee:6f:6d:86:4f:fb:b3:14:9b:01:4b:aa:ec:ae:44:ca:33:2c:
         d7:70:3b:54:e4:e7:8b:53:ef:c6:a8:eb:fc:cb:28:98:eb:c1:
         e2:35:f5:6e:2a:62:b7:f4:67:01:2c:15:bf:db:ff:de:47:fd:
         36:7e:d3:be:0a:41:0b:01:72:b8:bf:28:bb:27:25:b8:c3:9b:
         a1:54:9a:ce:76:e7:5f:45:65:a6:55:d7:7d:51:bc:99:a4:29:
         79:0e:31:14:f9:a0:97:7f:81:84:6c:5a:d0:42:c9:2b:57:77:
         4d:b6:b5:2b:e1:65:43:18:dc:2c:bb:a7:59:95:b2:f1:45:d5:
         50:ed:f9:ea:83:5b:00:3d:eb:19:d4:c7:93:5c:9b:60:bf:2f:
         f0:70:47:d1:8f:37:17:f0:5e:eb:dd:73:ea:35:34:fe:5e:f6:
         d0:f2:0d:e5:6f:12:b9:b9:b4:f0:1d:82:17:1c:2e:52:3e:de:
         8a:12:81:f9:39:bf:0e:43:53:64:07:2b:99:21:fc:5b:ec:2e:
         f3:d4:c4:40
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIhvCtq8S+GETycIMxZOFlBndz4YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIzMDAwMDAwWhcNMjMwNDI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDg2NmRlMzc1MTYyNWI3MTZhMDU3NTJkMzJjMmE5ZTEw
ZjdlYjc3N2JiMDc4N2M4Yzk2NDliM2EwNGE3Zjg3ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKNd+SaeQD/kxLr9olPdzjQjmAXLYO5QCWR0tWwBhJtCJPElgk92
jX3F2G/wIZMi/zu8rnOZ7nw84nBt9JdUTgZOCOtORvM4kw/eKh+HsuZvUS2ufIQM
MuSetZCNMc2byX3NxbDrKLRs98y5zdx0PhFN6A3Y0US+XyIJU5jETU54iW2b2Tuw
Ca0kfmsiNHVKygHUKQN8veDQPNpqhb53O9NCJ4gJjm5eMOATH8D4Rwqeq3hsKynm
pazCe0CD/SoDS7Vgard+/uVwcCB2QDDBLBpzfhbpksQ0v0xosBBtui6teOvM38ke
zYuufrtwjNDd/bYtgWSi5ng9SSLdFDRGeDUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQY1aGrsEzQWGucSuXZm3O3loNVtjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOWRiNjMzZDMtNDI2MS00NTg1LTk5NGUtMjUxYmFiYjYxYmE4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAMY52c1AVdNIAy7
LB4pqr+w8/Py/Gvyu5OnZGeEx+wrvCz0oHKHQfSDme7fhyxPBkaS9w79Y+5vbYZP
+7MUmwFLquyuRMozLNdwO1Tk54tT78ao6/zLKJjrweI19W4qYrf0ZwEsFb/b/95H
/TZ+074KQQsBcri/KLsnJbjDm6FUms52519FZaZV131RvJmkKXkOMRT5oJd/gYRs
WtBCyStXd022tSvhZUMY3Cy7p1mVsvFF1VDt+eqDWwA96xnUx5Ncm2C/L/BwR9GP
NxfwXuvdc+o1NP5e9tDyDeVvErm5tPAdghccLlI+3ooSgfk5vw5DU2QHK5kh/Fvs
LvPUxEA=
-----END CERTIFICATE-----