Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a5804b51-7536-4769-94ee-00604a193956.roa
File:                     a5804b51-7536-4769-94ee-00604a193956.roa (raw, json)
Hash identifier:          FFJ5wCFC/Xd+eTgkSHWhj37BGtePrvIrnKK8lkMheiQ=
Subject key identifier:   46:A9:63:74:87:96:EB:52:AE:C7:66:ED:33:FF:71:91:42:9A:25:C5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7F0499DA4B4BB44ED590476EEB5F9BFEECBAF5C3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a5804b51-7536-4769-94ee-00604a193956.roa
Signing time:             Tue 18 Apr 2023 00:00:00 +0000
ROA not before:           Tue 18 Apr 2023 00:00:00 +0000
ROA not after:            Fri 21 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:04:99:da:4b:4b:b4:4e:d5:90:47:6e:eb:5f:9b:fe:ec:ba:f5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 18 00:00:00 2023 GMT
            Not After : Apr 21 23:59:59 2023 GMT
        Subject: serialNumber=a53c12846ee7b7bc88755ed8c4c0f7818a481835ca2e2e2fb20f16f53f027fa9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e1:ad:7b:ac:13:c2:7c:a6:0a:45:c1:4f:b3:
                    41:59:51:f3:13:c8:31:78:06:26:e0:8c:3b:77:ab:
                    b2:f4:76:10:5c:2f:a9:fa:2b:d8:0b:0b:77:66:67:
                    c9:f8:cc:e6:6e:e5:4a:6d:2a:1f:f1:f8:a4:46:e9:
                    d9:ac:f8:01:9c:da:27:29:46:2b:05:60:fc:99:d4:
                    65:74:43:c2:d4:cc:ae:bf:5f:bb:65:04:10:3c:8a:
                    52:98:49:fa:ad:47:8f:92:78:7e:bb:c0:21:dd:a5:
                    11:cd:23:95:58:1e:c6:f8:3f:12:b6:1b:ee:8c:55:
                    d5:9c:0f:41:c1:3d:ea:47:1c:d4:6d:68:48:be:12:
                    de:e8:86:5c:28:d4:f7:21:4f:90:6f:c0:94:f8:e7:
                    a3:44:30:2c:ef:5c:eb:f6:66:41:f6:2c:a2:b2:d9:
                    0a:fe:c8:d3:d8:3d:ab:65:9b:27:45:d0:57:ab:98:
                    a0:6b:b8:20:05:cb:42:99:e6:84:0c:29:9d:56:b4:
                    67:2c:ad:49:4e:51:38:46:20:8e:ab:89:03:20:44:
                    78:ec:d2:ee:44:57:37:d2:33:00:10:3b:b3:72:8d:
                    b6:1d:d2:90:51:87:4f:97:11:74:ac:8d:cc:b3:42:
                    0e:25:fd:57:b3:93:77:57:c8:b9:d8:07:d7:5f:ae:
                    76:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A9:63:74:87:96:EB:52:AE:C7:66:ED:33:FF:71:91:42:9A:25:C5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a5804b51-7536-4769-94ee-00604a193956.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:ad:47:61:54:24:53:63:1d:0c:81:f5:73:1f:13:d3:7a:26:
         29:3e:34:4c:b7:ac:a8:79:60:34:98:86:a3:a4:e0:c1:83:45:
         e2:e1:e5:e7:f8:65:6a:1f:7f:5b:67:6e:e4:c7:a2:f5:06:9a:
         db:7c:ea:ee:f2:46:d8:7c:b8:8b:40:8f:0c:8f:7e:b1:44:f6:
         92:ab:dc:83:70:13:ff:5d:62:1a:af:b2:c0:4c:83:c9:a7:78:
         66:62:17:ac:35:64:1b:60:71:66:ca:37:59:24:b6:97:a3:1f:
         6e:cb:66:3d:36:19:1b:05:1d:8d:6d:de:8f:f5:d9:39:ec:2c:
         e7:f7:58:9e:0c:f0:c6:1c:50:b3:08:2c:89:c9:28:b4:de:98:
         ad:ad:d9:4c:8a:1e:13:30:90:b8:40:e3:99:14:54:23:b9:86:
         01:e5:ac:c6:6d:4d:52:4c:66:18:f6:bb:7f:62:a5:a5:bf:dc:
         e5:1c:5e:33:5d:45:2d:d6:34:71:4b:01:4e:8e:a5:7c:42:66:
         0b:2d:01:c4:02:7a:13:cb:c9:f8:7b:5e:53:19:63:43:a3:ca:
         76:60:de:00:d3:38:fa:a5:74:fb:0a:05:d8:04:f0:99:f6:66:
         25:20:2b:a9:0f:99:ad:cc:90:79:0b:54:b1:29:74:9e:08:d1:
         8e:c1:20:21
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfwSZ2ktLtE7VkEdu61+b/uy69cMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE4MDAwMDAwWhcNMjMwNDIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTUzYzEyODQ2ZWU3YjdiYzg4NzU1ZWQ4YzRjMGY3ODE4
YTQ4MTgzNWNhMmUyZTJmYjIwZjE2ZjUzZjAyN2ZhOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJPhrXusE8J8pgpFwU+zQVlR8xPIMXgGJuCMO3ersvR2EFwvqfor
2AsLd2ZnyfjM5m7lSm0qH/H4pEbp2az4AZzaJylGKwVg/JnUZXRDwtTMrr9fu2UE
EDyKUphJ+q1Hj5J4frvAId2lEc0jlVgexvg/ErYb7oxV1ZwPQcE96kcc1G1oSL4S
3uiGXCjU9yFPkG/AlPjno0QwLO9c6/ZmQfYsorLZCv7I09g9q2WbJ0XQV6uYoGu4
IAXLQpnmhAwpnVa0ZyytSU5ROEYgjquJAyBEeOzS7kRXN9IzABA7s3KNth3SkFGH
T5cRdKyNzLNCDiX9V7OTd1fIudgH11+udqECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRGqWN0h5brUq7HZu0z/3GRQpolxTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTU4MDRiNTEtNzUzNi00NzY5LTk0ZWUtMDA2MDRhMTkzOTU2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIOtR2FUJFNjHQyB
9XMfE9N6Jik+NEy3rKh5YDSYhqOk4MGDReLh5ef4ZWoff1tnbuTHovUGmtt86u7y
Rth8uItAjwyPfrFE9pKr3INwE/9dYhqvssBMg8mneGZiF6w1ZBtgcWbKN1kktpej
H27LZj02GRsFHY1t3o/12TnsLOf3WJ4M8MYcULMILInJKLTemK2t2UyKHhMwkLhA
45kUVCO5hgHlrMZtTVJMZhj2u39ipaW/3OUcXjNdRS3WNHFLAU6OpXxCZgstAcQC
ehPLyfh7XlMZY0OjynZg3gDTOPqldPsKBdgE8Jn2ZiUgK6kPma3MkHkLVLEpdJ4I
0Y7BICE=
-----END CERTIFICATE-----