Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b3a18719-e929-4128-866f-32e7229e17f4.roa
File:                     b3a18719-e929-4128-866f-32e7229e17f4.roa (raw, json)
Hash identifier:          frzR9tY0SVINh6oXkLR+tDTcaornuPgVbVTNsRZdNOs=
Subject key identifier:   1E:41:18:41:3D:2C:3B:49:B9:72:10:62:ED:D0:44:1C:18:F9:3F:F2
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       770DE072ADCF2FE75BD335C3063320183960F6DA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b3a18719-e929-4128-866f-32e7229e17f4.roa
Signing time:             Mon 03 Apr 2023 00:00:00 +0000
ROA not before:           Mon 03 Apr 2023 00:00:00 +0000
ROA not after:            Thu 06 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:0d:e0:72:ad:cf:2f:e7:5b:d3:35:c3:06:33:20:18:39:60:f6:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  3 00:00:00 2023 GMT
            Not After : Apr  6 23:59:59 2023 GMT
        Subject: serialNumber=7e249b4d62630e7da3583650daf9196d610fb5e5d302d14e91f867dfc2e188a1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1d:4f:c3:c3:c2:07:3a:9e:68:a0:da:2f:f3:
                    04:ae:5f:99:02:f0:99:d5:f1:6c:6a:62:d0:64:5c:
                    75:d7:b7:21:cc:df:80:5b:f0:73:af:a7:20:33:aa:
                    56:40:b0:b2:02:60:43:53:be:35:d5:e5:10:a4:f2:
                    a9:fd:af:d9:8a:ff:55:ae:fa:c2:23:82:d3:6c:22:
                    79:2e:ce:84:52:a0:b1:d7:d1:10:88:16:9f:3c:b9:
                    64:7a:65:b0:52:6c:87:96:2a:02:5b:67:76:6c:bc:
                    c6:1d:8b:cc:56:20:5b:8e:b5:a1:81:11:a5:cd:8b:
                    70:7a:d4:24:fa:6e:37:2a:0e:56:95:d7:c6:cf:19:
                    ca:e7:f4:3a:0d:1c:94:8b:76:fd:52:9d:a4:5f:5b:
                    ea:1f:4f:38:bb:b1:93:84:3d:72:14:72:76:87:c3:
                    3b:44:55:c0:52:a8:bb:40:f9:a8:f0:b5:9e:40:96:
                    93:61:04:ad:09:a6:4d:50:bf:df:16:62:13:0f:25:
                    11:45:09:d2:ad:d0:a0:d5:0e:6f:88:47:23:a5:08:
                    35:66:9e:ad:37:82:37:34:be:69:e0:c4:12:a7:b4:
                    4f:8c:a3:55:55:a3:b7:2e:70:50:b8:5e:25:b1:41:
                    06:88:dd:4d:23:7d:fa:cd:8a:90:fa:bd:69:89:1c:
                    30:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:41:18:41:3D:2C:3B:49:B9:72:10:62:ED:D0:44:1C:18:F9:3F:F2
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b3a18719-e929-4128-866f-32e7229e17f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:5e:ff:6c:05:89:a0:63:03:42:d1:c9:c1:ed:ab:68:a6:7c:
         a0:18:e0:93:6a:39:3c:66:99:41:a8:b9:f4:48:86:cc:57:73:
         4e:8e:14:65:ce:c6:10:c6:b5:11:b9:08:86:a4:7d:1d:60:ce:
         be:ee:75:ad:38:ab:4b:5d:99:b9:11:a7:b8:f6:c8:d5:9c:ab:
         95:7d:36:e7:1e:83:64:5c:f1:7c:8a:71:c0:ac:9e:ad:7a:7a:
         ec:19:65:86:41:d3:af:02:cf:f7:eb:c4:27:6c:01:c0:56:59:
         53:0e:68:e9:80:da:2d:67:50:db:09:bf:6c:5c:3f:28:34:42:
         d2:7e:98:39:1a:2d:e3:78:ed:90:29:91:36:32:0c:3d:bc:12:
         02:ec:20:15:0c:2b:2f:fc:e0:d7:96:12:16:8d:02:89:ad:93:
         c6:cd:de:54:fc:ed:77:ce:ee:fe:c4:23:1a:9d:cc:18:24:3e:
         77:b8:df:9c:c5:16:1d:a8:e8:68:6d:dd:fd:f3:25:23:7b:6a:
         88:09:a0:66:0d:75:f5:3c:3a:f5:b4:a2:e7:f7:fe:f3:2d:89:
         eb:8a:0e:bb:f6:76:02:13:54:ff:70:b6:7a:94:4b:84:f2:b6:
         d6:ef:92:f2:df:70:ec:b7:1e:9b:ce:9a:1b:58:1d:4d:65:79:
         75:6f:77:94
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdw3gcq3PL+db0zXDBjMgGDlg9towDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDAzMDAwMDAwWhcNMjMwNDA2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAN2UyNDliNGQ2MjYzMGU3ZGEzNTgzNjUwZGFmOTE5NmQ2
MTBmYjVlNWQzMDJkMTRlOTFmODY3ZGZjMmUxODhhMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALkdT8PDwgc6nmig2i/zBK5fmQLwmdXxbGpi0GRcdde3IczfgFvw
c6+nIDOqVkCwsgJgQ1O+NdXlEKTyqf2v2Yr/Va76wiOC02wieS7OhFKgsdfREIgW
nzy5ZHplsFJsh5YqAltndmy8xh2LzFYgW461oYERpc2LcHrUJPpuNyoOVpXXxs8Z
yuf0Og0clIt2/VKdpF9b6h9POLuxk4Q9chRydofDO0RVwFKou0D5qPC1nkCWk2EE
rQmmTVC/3xZiEw8lEUUJ0q3QoNUOb4hHI6UINWaerTeCNzS+aeDEEqe0T4yjVVWj
ty5wULheJbFBBojdTSN9+s2KkPq9aYkcME8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQeQRhBPSw7SblyEGLt0EQcGPk/8jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjNhMTg3MTktZTkyOS00MTI4LTg2NmYtMzJlNzIyOWUxN2Y0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEle/2wFiaBjA0LR
ycHtq2imfKAY4JNqOTxmmUGoufRIhsxXc06OFGXOxhDGtRG5CIakfR1gzr7uda04
q0tdmbkRp7j2yNWcq5V9Nuceg2Rc8XyKccCsnq16euwZZYZB068Cz/frxCdsAcBW
WVMOaOmA2i1nUNsJv2xcPyg0QtJ+mDkaLeN47ZApkTYyDD28EgLsIBUMKy/84NeW
EhaNAomtk8bN3lT87XfO7v7EIxqdzBgkPne435zFFh2o6Ght3f3zJSN7aogJoGYN
dfU8OvW0ouf3/vMtieuKDrv2dgITVP9wtnqUS4TyttbvkvLfcOy3HpvOmhtYHU1l
eXVvd5Q=
-----END CERTIFICATE-----