Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b55103b4-2563-459d-a425-167e11e47448.roa
File:                     b55103b4-2563-459d-a425-167e11e47448.roa (raw, json)
Hash identifier:          FOpuike8DucBjS4kvSRY7SPw7EPVaxcCPPDFCEBCms0=
Subject key identifier:   27:F6:F8:84:C2:33:30:1A:3B:86:AF:B6:89:E7:6E:BA:8A:36:11:37
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       20623D15A39FAD455F55FC794F6D5B1647D934A6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b55103b4-2563-459d-a425-167e11e47448.roa
Signing time:             Wed 25 Jan 2023 00:00:00 +0000
ROA not before:           Wed 25 Jan 2023 00:00:00 +0000
ROA not after:            Sat 28 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:62:3d:15:a3:9f:ad:45:5f:55:fc:79:4f:6d:5b:16:47:d9:34:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 25 00:00:00 2023 GMT
            Not After : Jan 28 23:59:59 2023 GMT
        Subject: serialNumber=be05688747434616b33711472f2b916a055928eab0d8407de4123513fad68788, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ed:db:69:08:ad:91:f1:a4:ca:37:54:9b:f9:
                    7a:7f:58:6b:1f:da:eb:9e:57:c2:7e:80:dc:ea:f9:
                    02:2e:83:1a:b6:be:5b:9c:93:83:37:d1:9c:96:ab:
                    3c:c0:23:76:ca:a4:2e:1d:1c:9d:81:4a:60:d6:0d:
                    70:af:b7:f4:a6:22:8e:a7:c6:5f:9a:a8:db:a8:b6:
                    87:f0:a9:f8:f0:bd:fa:ad:06:1d:b0:36:7b:d0:2f:
                    f1:22:38:e1:96:6b:06:66:5d:c3:79:7e:8f:9b:db:
                    33:98:7e:79:5a:bc:f3:05:2f:12:df:d7:9d:b9:59:
                    a3:f7:2c:65:37:00:03:57:f8:2a:c7:04:4a:74:e4:
                    78:03:6f:ad:53:0b:68:b3:b5:2c:48:da:67:b7:20:
                    da:d2:1f:f3:31:e2:c8:52:2e:2c:5c:6c:55:02:32:
                    6b:cd:0e:32:da:e6:a3:47:29:9a:7a:f1:97:2d:a1:
                    79:89:76:f3:3d:89:d0:a7:55:ac:c8:46:cb:b2:b1:
                    e7:83:44:f2:e8:3b:a6:c2:11:bd:c9:e2:21:08:aa:
                    23:35:8f:73:36:94:dc:30:de:a8:2c:3f:e5:76:a2:
                    46:8e:ae:68:c7:0f:ea:22:15:74:9f:55:c4:f6:f6:
                    e6:df:11:27:13:b2:10:63:f8:06:c4:43:41:22:27:
                    1c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:F6:F8:84:C2:33:30:1A:3B:86:AF:B6:89:E7:6E:BA:8A:36:11:37
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b55103b4-2563-459d-a425-167e11e47448.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:5b:41:6a:59:18:a4:55:e5:b4:4c:18:45:94:f7:ef:ee:b5:
         b0:bc:27:a8:71:64:05:3b:8c:71:10:e1:34:ea:8c:f5:80:6c:
         a0:7e:c5:14:e7:25:11:a4:b7:a2:46:1b:51:40:ae:03:f8:9a:
         85:20:8b:ab:b3:2c:5f:a3:da:ec:8d:b1:69:9c:39:82:62:5c:
         93:6e:f8:fe:c8:51:d8:30:ab:f2:0d:97:f7:80:6e:88:8b:67:
         a1:b4:d4:8b:3e:fe:05:23:0c:44:21:82:27:8a:f8:a9:40:1b:
         ce:77:b5:61:6d:d9:6d:51:ef:18:98:14:dc:2a:a7:87:fd:ce:
         a8:38:52:da:f2:46:58:47:12:b9:78:05:44:d5:b2:3b:66:0d:
         1d:c1:c4:22:21:f2:af:f7:1d:6b:70:08:89:02:a8:e4:8a:ce:
         74:6a:05:bf:b6:62:43:08:4b:33:59:6c:4b:d1:1a:51:34:b0:
         7b:17:fc:45:62:7b:55:c3:f2:46:55:9e:e6:61:b7:28:36:b4:
         3d:c7:46:f2:c6:b2:1c:69:a0:cd:79:ee:5a:bc:2a:2f:58:81:
         b1:07:a4:8d:1c:dd:f8:71:d6:e7:38:9e:bb:80:86:d1:46:c8:
         6f:1a:7c:c6:2a:d8:70:70:a9:42:b0:7d:a9:04:7e:a8:35:8b:
         8c:39:b7:3b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIGI9FaOfrUVfVfx5T21bFkfZNKYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTI1MDAwMDAwWhcNMjMwMTI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmUwNTY4ODc0NzQzNDYxNmIzMzcxMTQ3MmYyYjkxNmEw
NTU5MjhlYWIwZDg0MDdkZTQxMjM1MTNmYWQ2ODc4ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALnt22kIrZHxpMo3VJv5en9Yax/a655Xwn6A3Or5Ai6DGra+W5yT
gzfRnJarPMAjdsqkLh0cnYFKYNYNcK+39KYijqfGX5qo26i2h/Cp+PC9+q0GHbA2
e9Av8SI44ZZrBmZdw3l+j5vbM5h+eVq88wUvEt/XnblZo/csZTcAA1f4KscESnTk
eANvrVMLaLO1LEjaZ7cg2tIf8zHiyFIuLFxsVQIya80OMtrmo0cpmnrxly2heYl2
8z2J0KdVrMhGy7Kx54NE8ug7psIRvcniIQiqIzWPczaU3DDeqCw/5XaiRo6uaMcP
6iIVdJ9VxPb25t8RJxOyEGP4BsRDQSInHDkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQn9viEwjMwGjuGr7aJ5266ijYRNzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjU1MTAzYjQtMjU2My00NTlkLWE0MjUtMTY3ZTExZTQ3NDQ4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI9bQWpZGKRV5bRM
GEWU9+/utbC8J6hxZAU7jHEQ4TTqjPWAbKB+xRTnJRGkt6JGG1FArgP4moUgi6uz
LF+j2uyNsWmcOYJiXJNu+P7IUdgwq/INl/eAboiLZ6G01Is+/gUjDEQhgieK+KlA
G853tWFt2W1R7xiYFNwqp4f9zqg4UtryRlhHErl4BUTVsjtmDR3BxCIh8q/3HWtw
CIkCqOSKznRqBb+2YkMISzNZbEvRGlE0sHsX/EVie1XD8kZVnuZhtyg2tD3HRvLG
shxpoM157lq8Ki9YgbEHpI0c3fhx1uc4nruAhtFGyG8afMYq2HBwqUKwfakEfqg1
i4w5tzs=
-----END CERTIFICATE-----