Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b79c4f43-f51c-4302-a859-9cd997410a8c.roa
File:                     b79c4f43-f51c-4302-a859-9cd997410a8c.roa (raw, json)
Hash identifier:          QlFbhA1b3bURduYYeNupTSoMpg05Qel12SizqxhNrp8=
Subject key identifier:   E3:F1:2C:AF:9B:20:E3:51:67:76:98:55:B7:08:B5:7D:F2:E4:E1:E2
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       26724E7BB8BE64AB61427030C83FBC8FB48004B5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b79c4f43-f51c-4302-a859-9cd997410a8c.roa
Signing time:             Sat 18 Feb 2023 00:00:00 +0000
ROA not before:           Sat 18 Feb 2023 00:00:00 +0000
ROA not after:            Tue 21 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:72:4e:7b:b8:be:64:ab:61:42:70:30:c8:3f:bc:8f:b4:80:04:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 18 00:00:00 2023 GMT
            Not After : Feb 21 23:59:59 2023 GMT
        Subject: serialNumber=aa277efb721e08f79fcfea3da123d82d5eb543ca0397a17dba4357b153027f6f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:94:58:06:5e:38:56:0e:bc:44:16:9a:a1:fa:
                    18:01:39:93:c7:72:f6:73:a0:00:f4:7e:04:11:82:
                    c5:13:b7:90:c6:4c:17:3d:36:e2:b8:38:ae:1c:c0:
                    03:9a:aa:fa:c0:8c:fc:f9:df:37:51:19:8b:72:bc:
                    e4:88:8b:ee:cd:fc:51:41:66:6b:34:ad:71:03:79:
                    16:b8:ba:cf:2b:bd:e6:14:0c:82:9a:09:59:17:fe:
                    3f:7a:ec:6f:3d:d8:bb:cd:92:6c:f9:e6:24:85:b3:
                    bb:a5:c2:20:eb:33:43:35:78:88:a4:38:64:5b:c3:
                    b4:63:46:40:e1:e5:94:ea:6a:88:c2:b3:96:f2:3b:
                    77:d3:cc:1a:2a:c5:ca:f2:65:80:ae:ff:f8:f6:3f:
                    0d:b5:20:f1:12:ba:4d:c2:21:45:9a:5a:8a:96:87:
                    86:6e:2b:d7:b9:4f:91:0c:5b:e0:78:e4:9a:74:82:
                    6a:9f:40:a7:4f:b5:79:d6:38:70:88:ac:84:5f:ca:
                    b1:4e:60:50:83:8b:35:0f:88:9a:85:7e:c0:d7:41:
                    ff:57:72:c1:13:03:68:ff:4d:b9:77:4c:0e:c2:4e:
                    eb:8e:f7:b6:0e:37:a9:c7:02:ab:54:31:28:d4:c9:
                    30:5b:b1:c4:37:bd:78:01:17:88:aa:b1:67:c4:bb:
                    3c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:F1:2C:AF:9B:20:E3:51:67:76:98:55:B7:08:B5:7D:F2:E4:E1:E2
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b79c4f43-f51c-4302-a859-9cd997410a8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:9f:19:5a:a2:3c:84:2a:6a:32:76:83:27:4d:1c:f6:a3:18:
         a9:ab:dc:e6:ad:8c:0f:a2:12:d6:24:a9:11:20:20:37:3a:ad:
         60:c3:61:b7:d1:6a:ff:ea:ed:ca:f1:eb:bf:3a:4e:07:5c:c0:
         82:b8:72:60:8b:e9:b4:d5:a1:da:6d:ae:d7:5d:b4:8b:b8:22:
         8c:ce:d9:28:dd:fc:60:f0:6e:f2:4b:9c:e2:1f:ee:47:ce:6e:
         5f:8d:60:2c:1e:47:f9:6d:d6:b9:1c:3d:a9:18:1a:23:62:a9:
         3e:93:a9:b9:ba:81:19:3a:f2:9d:16:59:58:54:cc:2f:ce:cd:
         33:4b:ac:fa:82:1a:79:60:d0:18:0d:b5:d6:70:79:b7:5b:53:
         f4:11:70:85:4a:37:a4:8f:f6:ae:e4:d1:e1:19:3b:aa:57:21:
         eb:1c:df:61:d4:d3:ae:5b:e9:a8:de:70:25:da:fd:f8:2c:d9:
         d1:33:39:f8:d2:e4:33:bc:be:d7:cb:45:1a:08:67:4c:29:b5:
         4b:d5:3f:2d:33:f0:10:a5:a0:a4:66:9f:23:db:e8:e8:94:8a:
         66:ce:93:49:02:81:9c:d9:80:64:f1:50:2b:61:f0:50:1d:47:
         81:e6:72:c7:49:87:f1:0c:0f:97:ba:a9:c5:c0:ac:72:e0:fd:
         f8:09:47:5c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJnJOe7i+ZKthQnAwyD+8j7SABLUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE4MDAwMDAwWhcNMjMwMjIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWEyNzdlZmI3MjFlMDhmNzlmY2ZlYTNkYTEyM2Q4MmQ1
ZWI1NDNjYTAzOTdhMTdkYmE0MzU3YjE1MzAyN2Y2ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALKUWAZeOFYOvEQWmqH6GAE5k8dy9nOgAPR+BBGCxRO3kMZMFz02
4rg4rhzAA5qq+sCM/PnfN1EZi3K85IiL7s38UUFmazStcQN5Fri6zyu95hQMgpoJ
WRf+P3rsbz3Yu82SbPnmJIWzu6XCIOszQzV4iKQ4ZFvDtGNGQOHllOpqiMKzlvI7
d9PMGirFyvJlgK7/+PY/DbUg8RK6TcIhRZpaipaHhm4r17lPkQxb4HjkmnSCap9A
p0+1edY4cIishF/KsU5gUIOLNQ+ImoV+wNdB/1dywRMDaP9NuXdMDsJO6473tg43
qccCq1QxKNTJMFuxxDe9eAEXiKqxZ8S7PA8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTj8SyvmyDjUWd2mFW3CLV98uTh4jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjc5YzRmNDMtZjUxYy00MzAyLWE4NTktOWNkOTk3NDEwYThjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABWfGVqiPIQqajJ2
gydNHPajGKmr3OatjA+iEtYkqREgIDc6rWDDYbfRav/q7crx6786TgdcwIK4cmCL
6bTVodptrtddtIu4IozO2Sjd/GDwbvJLnOIf7kfObl+NYCweR/lt1rkcPakYGiNi
qT6Tqbm6gRk68p0WWVhUzC/OzTNLrPqCGnlg0BgNtdZwebdbU/QRcIVKN6SP9q7k
0eEZO6pXIesc32HU065b6ajecCXa/fgs2dEzOfjS5DO8vtfLRRoIZ0wptUvVPy0z
8BCloKRmnyPb6OiUimbOk0kCgZzZgGTxUCth8FAdR4HmcsdJh/EMD5e6qcXArHLg
/fgJR1w=
-----END CERTIFICATE-----