Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b095576e-2c40-4e97-8616-f1ec8318c071.roa
File:                     b095576e-2c40-4e97-8616-f1ec8318c071.roa (raw, json)
Hash identifier:          E0jEekndgmDUs46c1THXKrm+lmjlAzY5Fq2oBGTYS44=
Subject key identifier:   16:97:D4:66:33:B2:3B:8E:15:8F:46:04:62:B2:37:CC:10:9F:37:18
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5E7CB56D1E14C7B6F832F1912DB9535764104C88
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b095576e-2c40-4e97-8616-f1ec8318c071.roa
Signing time:             Thu 23 Feb 2023 00:00:00 +0000
ROA not before:           Thu 23 Feb 2023 00:00:00 +0000
ROA not after:            Sun 26 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:7c:b5:6d:1e:14:c7:b6:f8:32:f1:91:2d:b9:53:57:64:10:4c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 23 00:00:00 2023 GMT
            Not After : Feb 26 23:59:59 2023 GMT
        Subject: serialNumber=b2b3700fc480ba2e214d3b68358c52b1188a775840c34f546496c2211da23a00, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3c:e7:07:88:78:5d:40:35:b5:85:bf:b0:30:
                    56:c6:f3:a2:ca:0e:b4:91:e1:98:81:1f:16:24:78:
                    eb:24:1f:81:53:0e:45:87:e4:3e:75:52:7a:9e:1e:
                    20:f9:8e:71:f3:5e:4f:72:9a:87:2d:39:3f:ec:37:
                    d2:84:a6:9e:83:a7:1e:72:5c:9e:ea:16:de:08:94:
                    9b:d3:d5:e7:09:47:43:19:81:f6:8c:dd:97:10:ff:
                    3f:50:1e:3a:9d:34:90:6b:4c:4f:98:76:9d:41:5a:
                    a1:0d:53:71:06:28:53:63:cc:38:2e:a5:01:8d:3a:
                    b8:9b:92:b9:de:a9:50:8b:fc:42:f9:3a:12:30:32:
                    aa:3f:5b:51:c6:34:e4:f4:68:d0:cd:58:32:e3:9d:
                    72:94:9c:84:6d:04:2f:fa:2d:52:b5:7e:5a:55:cc:
                    7d:24:15:4e:bb:ea:e8:93:2d:2b:9a:26:f9:72:fd:
                    37:97:f4:6c:5b:59:c7:b5:0d:a3:b8:09:c3:6f:ee:
                    06:91:05:fa:fb:14:bb:d8:ab:07:c3:63:9d:59:3c:
                    e1:a9:4c:fc:e6:74:f1:c7:96:d5:b2:ac:cf:be:34:
                    e1:b1:3c:08:06:a5:d5:30:c9:20:f0:1b:44:c4:ba:
                    84:6a:01:68:d3:b5:f6:ba:69:2c:ca:f1:c1:c6:e0:
                    8b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:97:D4:66:33:B2:3B:8E:15:8F:46:04:62:B2:37:CC:10:9F:37:18
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b095576e-2c40-4e97-8616-f1ec8318c071.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:06:43:e9:25:af:c0:16:00:07:ed:ec:84:84:dd:02:8e:d0:
         95:2c:c0:fa:86:68:35:84:b0:9e:26:6f:c3:02:56:bd:85:11:
         2a:31:99:f0:1a:69:07:80:e9:12:7e:6b:f5:2f:4b:67:9e:57:
         e3:e4:c4:49:84:95:b3:c0:da:93:e3:54:a6:63:17:a9:67:38:
         d9:fb:a0:b2:17:a6:ab:5d:3b:d5:37:ee:ca:e3:37:19:2e:ee:
         62:24:80:9c:69:d3:03:f6:1b:3d:29:8b:38:96:a4:8d:15:6a:
         62:14:3c:d7:de:6a:77:7f:58:d0:59:13:ca:84:67:a8:14:3b:
         84:81:c2:68:0a:f9:09:47:5e:51:1d:4a:a0:06:b9:45:ed:39:
         a3:8c:6b:cb:cd:c0:df:43:13:9d:99:9b:03:12:14:e4:f7:bf:
         56:da:f7:7a:17:3d:23:a9:fd:b2:68:25:72:58:94:bc:f7:be:
         e1:5f:45:11:bc:40:60:73:f1:9b:c0:b1:c7:95:d4:de:cc:a5:
         b5:e1:d6:62:d4:cf:a5:ca:ee:72:d7:ab:b9:cf:d7:50:56:07:
         77:85:15:ce:94:90:2b:a1:e4:77:44:b8:1e:7a:68:71:f0:34:
         0c:03:9d:fd:b6:a9:d7:57:ac:02:18:a4:01:66:38:b4:2c:eb:
         ba:a3:b7:cc
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUXny1bR4Ux7b4MvGRLblTV2QQTIgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIzMDAwMDAwWhcNMjMwMjI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjJiMzcwMGZjNDgwYmEyZTIxNGQzYjY4MzU4YzUyYjEx
ODhhNzc1ODQwYzM0ZjU0NjQ5NmMyMjExZGEyM2EwMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK485weIeF1ANbWFv7AwVsbzosoOtJHhmIEfFiR46yQfgVMORYfk
PnVSep4eIPmOcfNeT3Kahy05P+w30oSmnoOnHnJcnuoW3giUm9PV5wlHQxmB9ozd
lxD/P1AeOp00kGtMT5h2nUFaoQ1TcQYoU2PMOC6lAY06uJuSud6pUIv8Qvk6EjAy
qj9bUcY05PRo0M1YMuOdcpSchG0EL/otUrV+WlXMfSQVTrvq6JMtK5om+XL9N5f0
bFtZx7UNo7gJw2/uBpEF+vsUu9irB8NjnVk84alM/OZ08ceW1bKsz7404bE8CAal
1TDJIPAbRMS6hGoBaNO19rppLMrxwcbgixMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQWl9RmM7I7jhWPRgRisjfMEJ83GDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjA5NTU3NmUtMmM0MC00ZTk3LTg2MTYtZjFlYzgzMThjMDcxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFcGQ+klr8AWAAft
7ISE3QKO0JUswPqGaDWEsJ4mb8MCVr2FESoxmfAaaQeA6RJ+a/UvS2eeV+PkxEmE
lbPA2pPjVKZjF6lnONn7oLIXpqtdO9U37srjNxku7mIkgJxp0wP2Gz0piziWpI0V
amIUPNfeand/WNBZE8qEZ6gUO4SBwmgK+QlHXlEdSqAGuUXtOaOMa8vNwN9DE52Z
mwMSFOT3v1ba93oXPSOp/bJoJXJYlLz3vuFfRRG8QGBz8ZvAsceV1N7MpbXh1mLU
z6XK7nLXq7nP11BWB3eFFc6UkCuh5HdEuB56aHHwNAwDnf22qddXrAIYpAFmOLQs
67qjt8w=
-----END CERTIFICATE-----