Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a158ed02-6c13-4e02-a553-d6be85b37908.roa
File:                     a158ed02-6c13-4e02-a553-d6be85b37908.roa (raw, json)
Hash identifier:          K4kvBN6s2EEaF0LZYhoo+fDnhRc+qSlPBCflELCbjTc=
Subject key identifier:   01:82:33:6E:00:17:EF:F7:08:7E:54:EB:76:84:B3:31:A8:97:F2:5A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7678326A612ABFEB1DCD3CDCA1DFD42800A626DE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a158ed02-6c13-4e02-a553-d6be85b37908.roa
Signing time:             Tue 07 Mar 2023 00:00:00 +0000
ROA not before:           Tue 07 Mar 2023 00:00:00 +0000
ROA not after:            Fri 10 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:78:32:6a:61:2a:bf:eb:1d:cd:3c:dc:a1:df:d4:28:00:a6:26:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  7 00:00:00 2023 GMT
            Not After : Mar 10 23:59:59 2023 GMT
        Subject: serialNumber=8ed0e0dcd8668f31daa8f9100b7a53a70b68b53a342fad19a48d63022753b822, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:67:c0:59:cf:29:bd:b0:f9:3b:e8:84:66:1f:
                    62:e2:71:dc:d0:c6:a8:42:84:d8:5d:a9:f4:f3:70:
                    74:8e:02:42:0b:f4:79:6d:a6:23:19:f0:c1:60:41:
                    6c:71:33:fc:60:8e:c8:f5:dd:2b:56:63:64:64:4b:
                    a3:23:6f:0d:ba:62:f7:34:15:ad:fe:af:7b:8c:e3:
                    e1:8a:17:9c:e8:61:f7:f1:a0:07:5d:28:63:38:02:
                    c3:5a:c9:da:69:34:15:00:03:49:d2:dc:29:eb:9e:
                    8f:b5:38:27:da:c4:d1:69:36:c2:5a:70:ae:ce:94:
                    4f:46:83:53:01:40:52:6a:2e:b8:b1:cc:e9:81:7b:
                    0a:57:ef:7f:5f:44:0f:d1:0f:47:cc:80:e9:35:6a:
                    ee:ac:23:db:9f:b1:e6:81:a7:b8:92:82:20:e3:5a:
                    74:c4:ba:26:d3:e8:31:e1:f8:00:45:d2:8a:c4:2b:
                    87:eb:07:56:15:54:06:0a:84:62:64:38:ba:50:21:
                    de:f0:e6:72:30:7e:20:a0:f4:57:2f:f8:c4:c5:db:
                    41:80:4d:5a:da:56:4c:97:b3:97:81:64:4d:81:a8:
                    a9:a2:19:b0:cb:72:87:7b:92:75:74:42:6d:06:f1:
                    8d:c1:d4:28:05:d7:ce:41:87:23:45:a0:36:96:8f:
                    3e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:82:33:6E:00:17:EF:F7:08:7E:54:EB:76:84:B3:31:A8:97:F2:5A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a158ed02-6c13-4e02-a553-d6be85b37908.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:71:d2:10:2e:11:48:1b:d7:28:b2:1f:9e:26:14:f3:30:ce:
         8d:f4:4b:09:87:ae:e9:d0:f7:9a:fe:16:b7:77:38:0c:46:19:
         0b:cd:93:63:44:f7:e7:5e:59:99:b0:c0:0f:2e:68:72:be:39:
         14:76:cd:5a:51:16:61:cd:c8:97:ad:2f:85:fe:63:38:9c:f0:
         7f:f1:ea:5f:44:29:13:af:0e:62:c9:2c:a4:b5:d2:5e:ff:21:
         14:61:c9:5b:83:9b:f1:3e:c0:86:1f:a2:2d:29:3c:0a:c9:ac:
         7e:85:1b:1f:9b:1a:4f:79:a9:f6:14:a8:09:7e:23:20:b3:92:
         24:eb:bb:10:5f:eb:02:b0:4c:f5:53:09:98:93:64:db:ee:ac:
         94:ba:f7:82:40:c6:40:06:81:1d:3b:c1:d8:a7:39:07:8f:2e:
         b7:17:c3:65:76:40:ac:1e:15:9a:be:c8:ed:43:9b:ed:ca:e9:
         e4:89:91:b9:17:bb:21:8c:3f:8b:7b:59:d7:fe:b7:6c:ec:37:
         4b:b1:27:18:05:11:8b:b7:5e:93:9f:78:94:a1:4d:05:ae:ab:
         cd:46:ef:22:63:c8:56:a9:90:b1:6d:8f:86:7e:b2:48:4c:7f:
         f8:37:8b:cb:3b:dd:a0:a8:1d:1e:74:c2:85:c2:7c:64:00:de:
         44:a3:5b:11
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdngyamEqv+sdzTzcod/UKACmJt4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA3MDAwMDAwWhcNMjMwMzEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOGVkMGUwZGNkODY2OGYzMWRhYThmOTEwMGI3YTUzYTcw
YjY4YjUzYTM0MmZhZDE5YTQ4ZDYzMDIyNzUzYjgyMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKVnwFnPKb2w+TvohGYfYuJx3NDGqEKE2F2p9PNwdI4CQgv0eW2m
IxnwwWBBbHEz/GCOyPXdK1ZjZGRLoyNvDbpi9zQVrf6ve4zj4YoXnOhh9/GgB10o
YzgCw1rJ2mk0FQADSdLcKeuej7U4J9rE0Wk2wlpwrs6UT0aDUwFAUmouuLHM6YF7
Clfvf19ED9EPR8yA6TVq7qwj25+x5oGnuJKCIONadMS6JtPoMeH4AEXSisQrh+sH
VhVUBgqEYmQ4ulAh3vDmcjB+IKD0Vy/4xMXbQYBNWtpWTJezl4FkTYGoqaIZsMty
h3uSdXRCbQbxjcHUKAXXzkGHI0WgNpaPPnECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQBgjNuABfv9wh+VOt2hLMxqJfyWjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTE1OGVkMDItNmMxMy00ZTAyLWE1NTMtZDZiZTg1YjM3OTA4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIJx0hAuEUgb1yiy
H54mFPMwzo30SwmHrunQ95r+Frd3OAxGGQvNk2NE9+deWZmwwA8uaHK+ORR2zVpR
FmHNyJetL4X+Yzic8H/x6l9EKROvDmLJLKS10l7/IRRhyVuDm/E+wIYfoi0pPArJ
rH6FGx+bGk95qfYUqAl+IyCzkiTruxBf6wKwTPVTCZiTZNvurJS694JAxkAGgR07
wdinOQePLrcXw2V2QKweFZq+yO1Dm+3K6eSJkbkXuyGMP4t7Wdf+t2zsN0uxJxgF
EYu3XpOfeJShTQWuq81G7yJjyFapkLFtj4Z+skhMf/g3i8s73aCoHR50woXCfGQA
3kSjWxE=
-----END CERTIFICATE-----