Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b34a5e70-87cf-4265-9507-3a72bf8601df.roa
File:                     b34a5e70-87cf-4265-9507-3a72bf8601df.roa (raw, json)
Hash identifier:          8wtUGyOqvseqHdU/V9lduCViQPQ3e/EyuGcbBdqSzpw=
Subject key identifier:   57:74:14:FE:6C:32:7D:0B:CD:8E:E8:E3:07:AA:A8:AC:D3:98:D7:B5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       61D0E5C2AC9696EA4A3C8EA247FDD9232F7816B5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b34a5e70-87cf-4265-9507-3a72bf8601df.roa
Signing time:             Fri 17 Feb 2023 00:00:00 +0000
ROA not before:           Fri 17 Feb 2023 00:00:00 +0000
ROA not after:            Mon 20 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:d0:e5:c2:ac:96:96:ea:4a:3c:8e:a2:47:fd:d9:23:2f:78:16:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 17 00:00:00 2023 GMT
            Not After : Feb 20 23:59:59 2023 GMT
        Subject: serialNumber=dd9335cd2ec714fa39e9bede2881afb84aeb5bfed444eeded980d780f3368ae3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8e:25:57:6a:18:e9:b4:64:1c:d2:51:1f:7a:
                    17:62:5f:97:62:1b:2b:f3:a5:78:c5:e4:d2:67:7c:
                    e0:71:cb:05:70:13:c3:49:89:d5:0e:bf:27:9d:71:
                    85:b9:49:e5:dd:d5:ef:f4:d9:30:d6:6a:c4:9e:50:
                    7d:75:08:10:8e:da:73:f1:10:6e:3d:2f:37:9a:e0:
                    5b:49:e6:81:6f:4d:33:57:6a:66:07:52:d5:50:a0:
                    9d:70:5a:fe:e2:a2:1a:11:f8:60:56:2c:15:7e:e9:
                    1d:1f:7c:2a:f8:71:33:c5:46:c6:47:e1:54:e4:f1:
                    cf:d9:a3:b4:49:99:be:e7:46:b7:61:6f:22:83:23:
                    4f:f4:09:71:b0:b2:23:ef:80:51:71:43:8b:ca:46:
                    67:34:2a:fa:c4:ef:11:c8:a1:c9:9f:cc:9f:b4:64:
                    72:5c:13:43:e4:7c:9e:eb:f0:ae:b6:34:23:ae:ae:
                    d7:30:2d:07:2c:7a:80:4f:85:41:cf:34:6b:2f:73:
                    27:92:98:f6:44:4a:2b:1f:b4:ab:9e:86:02:21:b6:
                    c4:ce:46:b5:47:dd:83:23:e4:86:6a:b1:39:56:46:
                    ad:0c:15:b4:81:92:86:82:e2:63:77:ad:b2:1f:85:
                    2e:e0:77:f0:a8:a9:d3:e8:aa:d0:29:fb:10:ea:a9:
                    ef:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:74:14:FE:6C:32:7D:0B:CD:8E:E8:E3:07:AA:A8:AC:D3:98:D7:B5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b34a5e70-87cf-4265-9507-3a72bf8601df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:ae:d1:7f:75:87:ce:50:d6:74:fc:c2:6b:18:bf:d4:84:cc:
         5f:35:aa:4c:9b:5f:6e:2f:7b:fd:34:62:a1:3d:14:d6:f6:d0:
         c8:b6:72:8b:c8:00:cb:3a:48:0d:20:5e:8b:49:c2:a4:e3:a9:
         69:37:bb:39:7e:c4:85:47:35:29:b9:c9:0a:76:99:12:12:6a:
         bf:0a:e1:6d:69:47:0d:51:28:f8:ec:c4:88:41:6a:00:bb:a1:
         0f:68:d9:86:d4:fc:3a:63:90:12:ba:fe:41:39:8e:21:b7:bb:
         fe:2c:02:09:0c:04:b1:78:7f:69:b8:fe:4d:fd:cd:dc:55:ac:
         4c:e0:58:a5:8f:61:19:31:30:74:bf:c9:6d:6d:22:ba:c4:0f:
         a5:45:eb:b2:f9:f1:0f:7a:e0:a3:cb:75:94:41:a2:a8:20:5c:
         cd:00:c8:30:5a:e4:1e:2b:77:e0:b5:d2:eb:cb:bc:be:08:4e:
         ef:a0:01:ab:3b:9a:51:b9:10:48:72:8d:9b:a1:01:33:b6:58:
         72:49:06:fd:5a:6d:1f:07:2a:97:1d:b8:b9:e1:60:74:24:26:
         46:9c:26:26:2c:16:7a:ce:97:6f:37:09:b3:8d:9b:bf:c6:b3:
         64:5f:b3:87:5b:c4:2f:d3:b8:45:f5:b9:f8:da:b8:f5:ad:b2:
         a5:8d:6a:cb
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYdDlwqyWlupKPI6iR/3ZIy94FrUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE3MDAwMDAwWhcNMjMwMjIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGQ5MzM1Y2QyZWM3MTRmYTM5ZTliZWRlMjg4MWFmYjg0
YWViNWJmZWQ0NDRlZWRlZDk4MGQ3ODBmMzM2OGFlMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ+OJVdqGOm0ZBzSUR96F2Jfl2IbK/OleMXk0md84HHLBXATw0mJ
1Q6/J51xhblJ5d3V7/TZMNZqxJ5QfXUIEI7ac/EQbj0vN5rgW0nmgW9NM1dqZgdS
1VCgnXBa/uKiGhH4YFYsFX7pHR98KvhxM8VGxkfhVOTxz9mjtEmZvudGt2FvIoMj
T/QJcbCyI++AUXFDi8pGZzQq+sTvEcihyZ/Mn7RkclwTQ+R8nuvwrrY0I66u1zAt
Byx6gE+FQc80ay9zJ5KY9kRKKx+0q56GAiG2xM5GtUfdgyPkhmqxOVZGrQwVtIGS
hoLiY3etsh+FLuB38Kip0+iq0Cn7EOqp7+UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRXdBT+bDJ9C82O6OMHqqis05jXtTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjM0YTVlNzAtODdjZi00MjY1LTk1MDctM2E3MmJmODYwMWRmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMuu0X91h85Q1nT8
wmsYv9SEzF81qkybX24ve/00YqE9FNb20Mi2covIAMs6SA0gXotJwqTjqWk3uzl+
xIVHNSm5yQp2mRISar8K4W1pRw1RKPjsxIhBagC7oQ9o2YbU/DpjkBK6/kE5jiG3
u/4sAgkMBLF4f2m4/k39zdxVrEzgWKWPYRkxMHS/yW1tIrrED6VF67L58Q964KPL
dZRBoqggXM0AyDBa5B4rd+C10uvLvL4ITu+gAas7mlG5EEhyjZuhATO2WHJJBv1a
bR8HKpcduLnhYHQkJkacJiYsFnrOl283CbONm7/Gs2Rfs4dbxC/TuEX1ufjauPWt
sqWNass=
-----END CERTIFICATE-----