Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ab091b90-c98d-499f-8695-bfd01811c0be.roa
File:                     ab091b90-c98d-499f-8695-bfd01811c0be.roa (raw, json)
Hash identifier:          wExuGMWkaVuh0r93Nt5n5XCiIiAUcLHy7W0gzOdbgP8=
Subject key identifier:   1C:D4:7B:D1:CB:40:D7:81:10:85:60:82:00:76:F7:E4:4C:F1:43:4D
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       26AE09B0A8010E1F5E52D657B49FE9A38E968B8C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ab091b90-c98d-499f-8695-bfd01811c0be.roa
Signing time:             Sun 26 Mar 2023 00:00:00 +0000
ROA not before:           Sun 26 Mar 2023 00:00:00 +0000
ROA not after:            Wed 29 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:ae:09:b0:a8:01:0e:1f:5e:52:d6:57:b4:9f:e9:a3:8e:96:8b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 26 00:00:00 2023 GMT
            Not After : Mar 29 23:59:59 2023 GMT
        Subject: serialNumber=3bc1d1f3d80776be7ce52bb5a1859974521ecd6a412e3e1d857e213c9c661866, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bd:d9:3d:00:0a:80:90:fc:88:6d:21:a9:28:
                    8a:c2:a8:34:53:5a:de:a2:9b:dc:da:0f:94:44:0a:
                    0d:9d:bc:a6:58:9d:11:68:46:74:37:93:5b:88:30:
                    45:f4:f3:86:10:98:5d:d1:0c:2e:e2:c9:93:43:b3:
                    a2:8d:88:58:f2:bd:3e:91:29:ef:90:b4:69:80:3b:
                    fd:06:d7:f4:ca:a3:cc:9d:fb:a7:59:c6:e0:96:9c:
                    0e:49:cb:b9:15:c5:a8:16:f5:71:12:8a:31:c3:86:
                    37:7e:f1:99:8b:14:0a:7d:bf:18:af:19:60:80:72:
                    4c:4a:aa:8f:44:2d:c6:a0:d5:55:da:05:c2:14:9e:
                    1c:aa:f4:56:3c:91:51:84:ef:20:c7:fa:a9:85:57:
                    2c:a7:4d:23:53:a4:e8:7d:10:bb:34:45:a8:b1:0b:
                    60:5f:1a:9a:61:af:6c:6d:6d:19:45:b1:9f:d2:78:
                    64:ac:23:46:de:31:e5:a0:07:50:98:ae:1a:92:69:
                    c9:9a:94:c2:12:9d:a3:1e:91:b7:d7:ad:9a:c0:05:
                    f9:0b:5e:d6:2f:e2:79:f2:6d:b5:ca:6e:56:ec:1c:
                    13:9c:c3:5a:55:37:22:e1:e9:f6:5b:17:7d:3b:5c:
                    a4:06:97:48:5d:51:54:50:05:30:d4:7a:cf:8c:4e:
                    33:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:D4:7B:D1:CB:40:D7:81:10:85:60:82:00:76:F7:E4:4C:F1:43:4D
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ab091b90-c98d-499f-8695-bfd01811c0be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:49:91:2c:b7:3f:7c:19:9e:00:10:aa:be:12:11:62:f5:72:
         64:72:c2:e7:5c:c9:5d:54:6d:35:5b:81:0c:c1:40:51:c9:50:
         ee:5f:ff:fa:88:9c:20:f9:ed:1f:72:3e:fd:e3:c2:3e:1d:f9:
         0f:15:7d:76:56:5d:4f:2a:5c:a6:e6:30:c5:09:e9:05:06:56:
         52:2e:d9:16:92:e5:39:0a:88:ed:52:09:93:72:7a:ce:93:0b:
         29:c2:c8:e3:de:33:9f:45:44:73:82:c8:72:09:f6:fc:06:fc:
         f4:ee:74:f1:69:a5:72:ed:16:53:7a:3d:76:cf:8d:b2:0e:12:
         e2:24:36:dd:04:73:6f:7f:92:63:c5:2c:90:89:b7:30:4e:e8:
         a0:5a:83:f7:f8:20:dc:cb:c3:74:17:95:60:52:91:7f:48:b9:
         a6:bf:17:f7:07:3b:55:41:a9:96:54:7c:4d:7c:6b:8b:6f:ec:
         bd:c6:39:c8:32:7f:29:3c:e5:72:ed:c1:0d:d1:ad:4a:1e:81:
         c9:46:73:d0:63:6a:d1:5b:4d:f5:f1:3f:7e:fd:bb:8a:0e:9d:
         70:61:1b:c4:56:ad:03:d5:56:ff:a9:5b:33:fe:08:e1:40:58:
         cd:db:4a:37:9b:a0:57:8e:ef:e2:07:3d:59:16:70:0a:43:b4:
         20:33:00:fe
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJq4JsKgBDh9eUtZXtJ/po46Wi4wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI2MDAwMDAwWhcNMjMwMzI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2JjMWQxZjNkODA3NzZiZTdjZTUyYmI1YTE4NTk5NzQ1
MjFlY2Q2YTQxMmUzZTFkODU3ZTIxM2M5YzY2MTg2NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALK92T0ACoCQ/IhtIakoisKoNFNa3qKb3NoPlEQKDZ28plidEWhG
dDeTW4gwRfTzhhCYXdEMLuLJk0Ozoo2IWPK9PpEp75C0aYA7/QbX9MqjzJ37p1nG
4JacDknLuRXFqBb1cRKKMcOGN37xmYsUCn2/GK8ZYIByTEqqj0QtxqDVVdoFwhSe
HKr0VjyRUYTvIMf6qYVXLKdNI1Ok6H0QuzRFqLELYF8ammGvbG1tGUWxn9J4ZKwj
Rt4x5aAHUJiuGpJpyZqUwhKdox6Rt9etmsAF+Qte1i/iefJttcpuVuwcE5zDWlU3
IuHp9lsXfTtcpAaXSF1RVFAFMNR6z4xOMwUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQc1HvRy0DXgRCFYIIAdvfkTPFDTTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWIwOTFiOTAtYzk4ZC00OTlmLTg2OTUtYmZkMDE4MTFjMGJlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAENJkSy3P3wZngAQ
qr4SEWL1cmRywudcyV1UbTVbgQzBQFHJUO5f//qInCD57R9yPv3jwj4d+Q8VfXZW
XU8qXKbmMMUJ6QUGVlIu2RaS5TkKiO1SCZNyes6TCynCyOPeM59FRHOCyHIJ9vwG
/PTudPFppXLtFlN6PXbPjbIOEuIkNt0Ec29/kmPFLJCJtzBO6KBag/f4INzLw3QX
lWBSkX9Iuaa/F/cHO1VBqZZUfE18a4tv7L3GOcgyfyk85XLtwQ3RrUoegclGc9Bj
atFbTfXxP379u4oOnXBhG8RWrQPVVv+pWzP+COFAWM3bSjeboFeO7+IHPVkWcApD
tCAzAP4=
-----END CERTIFICATE-----