Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b1f687c1-50a1-4689-8f76-289e9d769df0.roa
File:                     b1f687c1-50a1-4689-8f76-289e9d769df0.roa (raw, json)
Hash identifier:          h7Vhar73G2fCAnuyuC5yUJvTSVAh9laeh4g6z6mZPic=
Subject key identifier:   81:AC:52:31:EE:D3:24:22:61:35:EF:B4:87:2D:63:68:47:A7:CF:F0
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       084D4A6580AB7AE5266197BF95067ED84B515014
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b1f687c1-50a1-4689-8f76-289e9d769df0.roa
Signing time:             Wed 14 Dec 2022 00:00:00 +0000
ROA not before:           Wed 14 Dec 2022 00:00:00 +0000
ROA not after:            Sat 17 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:4d:4a:65:80:ab:7a:e5:26:61:97:bf:95:06:7e:d8:4b:51:50:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 14 00:00:00 2022 GMT
            Not After : Dec 17 23:59:59 2022 GMT
        Subject: serialNumber=4c23d5afc92f5ce66a5baca83f58686da37299846675232ccf6ec6a1e96a72e1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9a:85:ab:56:0a:8a:a1:1a:52:8f:c0:65:63:
                    b1:ac:e3:bc:da:28:c9:c3:89:28:0d:02:80:28:33:
                    f0:62:e9:e0:93:93:d1:a8:e2:c7:22:03:88:f5:2c:
                    13:08:47:1f:08:36:e9:61:3a:e0:15:bc:84:6b:0b:
                    58:4b:21:d1:0f:36:54:32:e7:8e:e4:81:73:2c:93:
                    5e:fd:f6:69:59:6b:36:45:4c:b0:47:fc:85:ef:91:
                    32:5d:d0:c5:36:20:c9:f7:28:9f:ba:be:84:62:61:
                    1d:9a:a6:38:eb:62:98:7d:53:48:9f:73:a2:1b:c3:
                    02:35:0b:4c:45:ce:88:99:6d:19:1f:5f:39:8a:47:
                    87:97:61:0c:55:01:cc:49:9e:ae:69:c8:4a:60:f0:
                    36:12:ec:2e:52:50:ef:bd:f0:59:37:2e:3d:78:fc:
                    8e:51:26:09:7c:08:a7:ce:8d:9d:82:67:04:15:8a:
                    60:08:e3:f2:2e:35:65:77:56:55:5a:d1:8c:5c:50:
                    08:f4:27:8d:cd:b0:ae:7b:1d:0f:49:4a:7f:a6:67:
                    21:91:93:73:52:e5:2f:3b:3b:17:27:33:1c:7d:4b:
                    59:e0:81:c2:c4:e9:8d:3a:b7:d4:65:f2:c8:11:7b:
                    fc:eb:c1:ad:ab:13:2b:0d:78:bd:a9:d7:32:57:67:
                    66:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:AC:52:31:EE:D3:24:22:61:35:EF:B4:87:2D:63:68:47:A7:CF:F0
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b1f687c1-50a1-4689-8f76-289e9d769df0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:66:72:91:22:88:6d:ed:79:5e:13:2c:20:33:5f:3a:6e:7d:
         34:ac:ef:8a:58:fc:02:b1:b7:6d:d1:fc:20:b1:32:fa:01:3b:
         fc:6c:b4:79:a0:c9:dd:53:4a:6c:60:4a:2a:23:99:28:1c:78:
         32:3b:4f:db:68:58:34:12:98:8b:17:0d:e0:a5:26:22:33:66:
         4c:50:be:86:14:0e:9f:80:31:e6:fa:74:f6:90:40:dd:6c:37:
         4b:a3:d2:f3:20:f7:03:33:07:10:c2:71:22:4d:79:f2:09:27:
         e6:f4:65:96:51:41:5d:5c:8e:88:c1:92:cd:a8:7d:b6:92:4c:
         e4:10:ac:f6:43:cc:69:f6:19:99:d0:d6:ca:1b:65:28:ef:87:
         5a:e2:c7:64:00:69:d7:3d:b1:ee:20:9f:af:c1:6d:07:75:d3:
         22:88:8e:a1:9b:2d:69:e6:30:1f:f1:9a:8b:08:ee:9c:fe:eb:
         dd:fd:58:1f:76:ec:0a:5c:96:92:9c:3a:01:96:6f:6f:fa:46:
         98:61:dc:c4:87:7b:6d:7d:9f:20:65:59:18:0c:cd:6f:a8:f2:
         f4:af:bf:35:94:57:db:7a:ca:68:04:de:e0:d6:fd:18:3f:d9:
         b6:1f:97:e9:08:60:50:16:88:63:7a:52:3e:ac:e0:f0:ad:27:
         c7:ca:81:a9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCE1KZYCreuUmYZe/lQZ+2EtRUBQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE0MDAwMDAwWhcNMjIxMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANGMyM2Q1YWZjOTJmNWNlNjZhNWJhY2E4M2Y1ODY4NmRh
MzcyOTk4NDY2NzUyMzJjY2Y2ZWM2YTFlOTZhNzJlMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL6ahatWCoqhGlKPwGVjsazjvNooycOJKA0CgCgz8GLp4JOT0aji
xyIDiPUsEwhHHwg26WE64BW8hGsLWEsh0Q82VDLnjuSBcyyTXv32aVlrNkVMsEf8
he+RMl3QxTYgyfcon7q+hGJhHZqmOOtimH1TSJ9zohvDAjULTEXOiJltGR9fOYpH
h5dhDFUBzEmermnISmDwNhLsLlJQ773wWTcuPXj8jlEmCXwIp86NnYJnBBWKYAjj
8i41ZXdWVVrRjFxQCPQnjc2wrnsdD0lKf6ZnIZGTc1LlLzs7FyczHH1LWeCBwsTp
jTq31GXyyBF7/OvBrasTKw14vanXMldnZnUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSBrFIx7tMkImE177SHLWNoR6fP8DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjFmNjg3YzEtNTBhMS00Njg5LThmNzYtMjg5ZTlkNzY5ZGYwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALxmcpEiiG3teV4T
LCAzXzpufTSs74pY/AKxt23R/CCxMvoBO/xstHmgyd1TSmxgSiojmSgceDI7T9to
WDQSmIsXDeClJiIzZkxQvoYUDp+AMeb6dPaQQN1sN0uj0vMg9wMzBxDCcSJNefIJ
J+b0ZZZRQV1cjojBks2ofbaSTOQQrPZDzGn2GZnQ1sobZSjvh1rix2QAadc9se4g
n6/BbQd10yKIjqGbLWnmMB/xmosI7pz+6939WB927ApclpKcOgGWb2/6Rphh3MSH
e219nyBlWRgMzW+o8vSvvzWUV9t6ymgE3uDW/Rg/2bYfl+kIYFAWiGN6Uj6s4PCt
J8fKgak=
-----END CERTIFICATE-----