Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a9810d5b-595c-48c2-8095-faf77b309763.roa
File:                     a9810d5b-595c-48c2-8095-faf77b309763.roa (raw, json)
Hash identifier:          9eAhR93WGO39t9D41cDiis05tPxQXunFCDSESQ7LTxU=
Subject key identifier:   B1:3E:B3:E3:28:35:73:E7:E0:BE:47:2D:11:4E:66:17:F5:EC:09:92
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4BAC48EC6B224C4A35DB920A4DEA06F07D8F8811
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a9810d5b-595c-48c2-8095-faf77b309763.roa
Signing time:             Thu 20 Apr 2023 00:00:00 +0000
ROA not before:           Thu 20 Apr 2023 00:00:00 +0000
ROA not after:            Sun 23 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:ac:48:ec:6b:22:4c:4a:35:db:92:0a:4d:ea:06:f0:7d:8f:88:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 20 00:00:00 2023 GMT
            Not After : Apr 23 23:59:59 2023 GMT
        Subject: serialNumber=faaf291258e1e088e768ab675343801ea376607b6b7411bcfcf839b6848f5735, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:94:24:27:06:4b:2a:24:2d:a3:94:81:17:9b:
                    42:d3:87:32:38:71:8e:5e:90:10:b9:e8:0d:37:ef:
                    4e:b5:80:e1:69:19:19:c4:96:11:16:20:7a:dd:a3:
                    89:83:a7:36:c6:3b:56:ad:fa:3b:01:bd:8b:de:3b:
                    6c:b9:5b:a7:88:15:78:1f:17:e0:de:7e:5b:23:8b:
                    4a:06:bc:67:99:01:a2:80:5b:a3:fd:a1:cd:cc:35:
                    67:13:d1:db:7f:ff:43:ce:2f:ee:13:2b:d7:5e:ba:
                    92:6e:74:54:40:13:74:6b:e6:13:c7:2c:e5:78:c3:
                    c3:3b:13:40:21:08:64:58:5d:12:6a:42:38:f4:6a:
                    89:6d:4c:33:20:98:f5:a2:0e:1e:4d:56:70:f5:e0:
                    09:15:85:80:79:d7:54:52:8d:27:93:28:c4:06:dd:
                    62:74:b6:48:de:b9:cd:8e:97:1e:55:99:37:bd:8b:
                    f9:df:7f:9b:8f:0e:a7:35:06:be:55:57:c2:d1:af:
                    ec:8e:1c:f1:d8:3d:e0:f1:0a:70:37:70:0d:62:34:
                    94:8f:9c:08:48:dc:46:2d:dd:01:61:6f:b1:cd:32:
                    ea:a9:a0:67:fb:87:c5:69:b6:5e:c1:13:1f:7e:bb:
                    79:62:07:46:05:e5:30:5e:29:12:6b:6e:58:5d:59:
                    09:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:3E:B3:E3:28:35:73:E7:E0:BE:47:2D:11:4E:66:17:F5:EC:09:92
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a9810d5b-595c-48c2-8095-faf77b309763.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:73:bc:05:1e:ed:71:0b:50:7a:d2:4f:6f:3f:91:1b:5a:ec:
         9f:7a:5d:9c:90:ff:fd:b4:09:8f:d0:d4:11:c8:fd:9a:13:68:
         ca:27:68:f5:a3:c5:07:6a:21:bd:c7:31:46:37:53:07:5a:c3:
         9d:13:e7:a6:ac:9d:40:71:cc:8c:65:fc:c0:d0:a4:93:bc:71:
         21:50:f4:62:28:47:05:e6:20:aa:6a:6d:21:d1:7e:41:5f:c7:
         1c:fd:fd:01:79:fb:52:de:dc:71:9d:33:4c:77:8a:fb:86:f3:
         f8:26:55:4a:04:e5:40:23:45:22:40:94:c7:fe:5f:0b:69:8b:
         d4:b6:e3:55:d6:d9:4b:5f:01:38:2f:2a:4b:8c:bd:cf:5b:70:
         ec:56:f0:86:c9:43:8b:7c:a1:d5:97:16:15:ba:1b:87:9f:0a:
         14:ef:d3:13:e3:86:9e:e8:75:25:8e:32:6e:3b:b6:8a:d6:7f:
         6f:8f:cc:e6:20:d5:c9:ce:e6:32:aa:50:b9:4a:2b:db:62:6b:
         e9:69:26:44:05:52:33:b8:fa:de:a2:be:e9:94:8e:e5:27:16:
         0b:b1:5b:4d:f6:44:58:58:2a:bb:10:7a:c4:0e:3a:27:b4:79:
         c9:54:b8:76:33:5d:83:9b:9e:b1:72:9a:d2:dd:c1:e0:75:eb:
         22:01:bd:d4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUS6xI7GsiTEo125IKTeoG8H2PiBEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIwMDAwMDAwWhcNMjMwNDIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmFhZjI5MTI1OGUxZTA4OGU3NjhhYjY3NTM0MzgwMWVh
Mzc2NjA3YjZiNzQxMWJjZmNmODM5YjY4NDhmNTczNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL+UJCcGSyokLaOUgRebQtOHMjhxjl6QELnoDTfvTrWA4WkZGcSW
ERYget2jiYOnNsY7Vq36OwG9i947bLlbp4gVeB8X4N5+WyOLSga8Z5kBooBbo/2h
zcw1ZxPR23//Q84v7hMr1166km50VEATdGvmE8cs5XjDwzsTQCEIZFhdEmpCOPRq
iW1MMyCY9aIOHk1WcPXgCRWFgHnXVFKNJ5MoxAbdYnS2SN65zY6XHlWZN72L+d9/
m48OpzUGvlVXwtGv7I4c8dg94PEKcDdwDWI0lI+cCEjcRi3dAWFvsc0y6qmgZ/uH
xWm2XsETH367eWIHRgXlMF4pEmtuWF1ZCesCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSxPrPjKDVz5+C+Ry0RTmYX9ewJkjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTk4MTBkNWItNTk1Yy00OGMyLTgwOTUtZmFmNzdiMzA5NzYzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGxzvAUe7XELUHrS
T28/kRta7J96XZyQ//20CY/Q1BHI/ZoTaMonaPWjxQdqIb3HMUY3Uwdaw50T56as
nUBxzIxl/MDQpJO8cSFQ9GIoRwXmIKpqbSHRfkFfxxz9/QF5+1Le3HGdM0x3ivuG
8/gmVUoE5UAjRSJAlMf+Xwtpi9S241XW2UtfATgvKkuMvc9bcOxW8IbJQ4t8odWX
FhW6G4efChTv0xPjhp7odSWOMm47torWf2+PzOYg1cnO5jKqULlKK9tia+lpJkQF
UjO4+t6ivumUjuUnFguxW032RFhYKrsQesQOOie0eclUuHYzXYObnrFymtLdweB1
6yIBvdQ=
-----END CERTIFICATE-----