Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b1cb42b0-5289-41cc-bcd6-7fee20477931.roa
File:                     b1cb42b0-5289-41cc-bcd6-7fee20477931.roa (raw, json)
Hash identifier:          shkIpqpBmY299lWd9P8HSumG+cqChSCosiArpYqrSvE=
Subject key identifier:   2C:B9:43:EB:D2:E2:56:76:6F:B3:86:C6:6B:CF:90:21:FE:CB:C8:DB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1A0A566B39E4051F2D1E462561B34DE7ED85187D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b1cb42b0-5289-41cc-bcd6-7fee20477931.roa
Signing time:             Tue 27 Dec 2022 00:00:00 +0000
ROA not before:           Tue 27 Dec 2022 00:00:00 +0000
ROA not after:            Fri 30 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:0a:56:6b:39:e4:05:1f:2d:1e:46:25:61:b3:4d:e7:ed:85:18:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 27 00:00:00 2022 GMT
            Not After : Dec 30 23:59:59 2022 GMT
        Subject: serialNumber=73c7b326fe8c14188cc69c029c0391068ea110adf3d3cf99a06d9c162a13bd90, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9c:be:36:4f:f1:9c:53:53:e8:19:d0:62:47:
                    e1:91:85:2a:3f:92:fc:04:63:32:8b:04:86:3b:76:
                    3b:76:b8:e8:ed:6d:8c:ed:1a:cc:fb:11:4b:0d:56:
                    f9:56:89:36:9b:3f:cf:1d:55:e5:35:0d:0f:e1:41:
                    e4:15:bd:a0:80:c3:5b:12:92:66:cc:36:b1:29:8e:
                    9d:9d:d5:7e:d5:07:7f:f7:90:db:e6:95:a6:19:aa:
                    2f:2c:3d:d1:90:9c:b5:8e:c6:c8:53:cc:87:4a:48:
                    ac:a0:6b:ab:46:2d:c4:3d:d0:7c:78:2e:84:61:66:
                    55:55:9f:f9:97:2a:57:1f:fd:94:56:99:02:d8:40:
                    14:06:02:96:88:7f:13:dd:1d:5a:32:ec:9f:ee:dc:
                    d5:ba:a0:e2:6e:72:37:88:28:bd:de:52:0e:12:4e:
                    d6:06:dd:64:85:74:2d:9c:17:9c:25:46:0d:e6:a8:
                    fb:fa:33:66:b3:fb:cc:54:bd:f2:12:d0:0a:eb:77:
                    4e:48:4b:46:66:8a:f3:06:55:c6:c6:99:da:5b:12:
                    b1:de:1c:d2:3e:da:98:b6:eb:8d:ad:b0:c0:86:06:
                    a8:b1:10:47:db:5f:cc:a1:05:34:76:99:6d:a0:3d:
                    28:b2:24:b8:9a:73:1d:0c:6b:bc:95:c2:3e:63:41:
                    5c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:B9:43:EB:D2:E2:56:76:6F:B3:86:C6:6B:CF:90:21:FE:CB:C8:DB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b1cb42b0-5289-41cc-bcd6-7fee20477931.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:a5:48:58:f3:f2:3c:c4:0e:7b:1c:b0:53:59:6b:0b:79:e9:
         f0:73:d9:ba:26:da:d8:f0:4e:98:5c:93:8b:a4:8f:bb:fc:7d:
         b2:2c:31:40:06:81:f0:0e:83:d8:7c:de:7b:59:a7:a4:5b:67:
         2d:f7:64:c6:a5:4b:85:2b:e4:39:e6:5f:b8:17:81:c5:67:88:
         cf:03:f7:7c:b1:4f:e3:0f:7b:17:9e:de:2c:93:a3:9f:52:94:
         e7:d9:88:1c:3f:0e:23:53:e8:8c:30:64:24:0e:33:66:1e:fa:
         27:29:74:d1:1e:fd:3e:37:ff:75:00:7a:35:0b:d4:c3:c6:c0:
         0a:1e:ae:af:c4:38:00:e7:b3:e9:65:ed:04:43:14:c8:8d:d5:
         70:9a:16:32:e2:9d:a4:44:38:88:7b:b5:72:c0:db:be:16:2a:
         b4:cf:8e:33:f7:4a:e2:0e:f3:bd:5b:38:a8:17:ce:34:a8:c6:
         f8:7a:0d:6f:6e:63:8d:5b:33:44:f8:93:12:bf:29:5d:8e:14:
         71:c9:02:d6:85:f5:be:c3:88:dd:05:31:00:56:26:55:62:49:
         69:ec:84:c3:24:28:67:4e:c8:cf:e7:41:ed:1f:a1:23:31:8d:
         48:2e:7d:42:6d:f2:f5:b5:54:1a:f6:24:47:e8:8a:43:cd:57:
         6f:68:1e:25
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGgpWaznkBR8tHkYlYbNN5+2FGH0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI3MDAwMDAwWhcNMjIxMjMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzNjN2IzMjZmZThjMTQxODhjYzY5YzAyOWMwMzkxMDY4
ZWExMTBhZGYzZDNjZjk5YTA2ZDljMTYyYTEzYmQ5MDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMScvjZP8ZxTU+gZ0GJH4ZGFKj+S/ARjMosEhjt2O3a46O1tjO0a
zPsRSw1W+VaJNps/zx1V5TUND+FB5BW9oIDDWxKSZsw2sSmOnZ3VftUHf/eQ2+aV
phmqLyw90ZCctY7GyFPMh0pIrKBrq0YtxD3QfHguhGFmVVWf+ZcqVx/9lFaZAthA
FAYCloh/E90dWjLsn+7c1bqg4m5yN4govd5SDhJO1gbdZIV0LZwXnCVGDeao+/oz
ZrP7zFS98hLQCut3TkhLRmaK8wZVxsaZ2lsSsd4c0j7amLbrja2wwIYGqLEQR9tf
zKEFNHaZbaA9KLIkuJpzHQxrvJXCPmNBXC8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQsuUPr0uJWdm+zhsZrz5Ah/svI2zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjFjYjQyYjAtNTI4OS00MWNjLWJjZDYtN2ZlZTIwNDc3OTMxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAE+lSFjz8jzEDnsc
sFNZawt56fBz2bom2tjwTphck4ukj7v8fbIsMUAGgfAOg9h83ntZp6RbZy33ZMal
S4Ur5DnmX7gXgcVniM8D93yxT+MPexee3iyTo59SlOfZiBw/DiNT6IwwZCQOM2Ye
+icpdNEe/T43/3UAejUL1MPGwAoerq/EOADns+ll7QRDFMiN1XCaFjLinaREOIh7
tXLA274WKrTPjjP3SuIO871bOKgXzjSoxvh6DW9uY41bM0T4kxK/KV2OFHHJAtaF
9b7DiN0FMQBWJlViSWnshMMkKGdOyM/nQe0foSMxjUgufUJt8vW1VBr2JEfoikPN
V29oHiU=
-----END CERTIFICATE-----