Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ba46be03-cc37-424b-a28b-5ae49b37e352.roa
File:                     ba46be03-cc37-424b-a28b-5ae49b37e352.roa (raw, json)
Hash identifier:          yHpjDKfJH2lB+Fjy6ekweLCoUMPrXmbM4FIayb6k3Cc=
Subject key identifier:   57:DD:DF:72:A1:89:5C:2D:F2:51:D6:4C:DC:3D:D0:9B:C7:03:15:3A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       68E88FD4074B8631D48079A7FC5F8B7743F9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ba46be03-cc37-424b-a28b-5ae49b37e352.roa
Signing time:             Fri 16 Dec 2022 00:00:00 +0000
ROA not before:           Fri 16 Dec 2022 00:00:00 +0000
ROA not after:            Mon 19 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:e8:8f:d4:07:4b:86:31:d4:80:79:a7:fc:5f:8b:77:43:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 16 00:00:00 2022 GMT
            Not After : Dec 19 23:59:59 2022 GMT
        Subject: serialNumber=9722d0a255d617ca7a31cd2f5e3bd09e8ec9f95d333a40774818050e4654cf61, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4d:4e:69:86:e2:0f:13:7b:f2:0b:25:c1:4e:
                    51:12:6e:fb:41:f5:63:c3:00:68:56:c6:c5:8c:ea:
                    96:83:d1:f4:f6:e7:41:10:bf:b9:7c:61:96:52:41:
                    9b:a8:be:06:2f:4d:7e:1c:08:1c:62:33:9e:9f:fa:
                    a4:48:5a:2b:17:82:62:51:13:f4:ec:06:53:6d:b7:
                    3a:83:5f:50:57:60:74:de:6b:8f:ad:b3:74:49:8a:
                    8e:fb:11:b8:89:3c:fb:53:3b:91:8e:07:21:1b:83:
                    83:56:88:83:b2:75:6a:c9:18:44:88:a2:94:29:4a:
                    2a:d6:e8:99:27:c4:7c:68:b6:e9:cc:39:01:0a:43:
                    70:e7:36:75:d3:37:6d:3b:85:8e:5d:00:3d:82:de:
                    b9:87:fb:65:e4:0c:b3:1f:60:e4:b0:5b:6c:3d:3c:
                    b1:c3:c8:cb:8c:13:03:c4:a3:4c:66:9f:1b:d5:d1:
                    97:96:09:3e:2f:07:0f:94:58:77:ed:33:d2:72:2a:
                    97:a5:ee:c9:22:01:e1:15:79:45:36:1a:15:80:83:
                    4b:cb:39:a8:55:63:91:63:b4:3a:be:1c:7c:80:43:
                    02:b9:d9:e5:ec:e9:3e:00:24:c6:db:4b:ab:c4:f6:
                    be:71:48:d9:44:01:4b:13:cc:b7:74:c9:21:6a:4c:
                    6b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:DD:DF:72:A1:89:5C:2D:F2:51:D6:4C:DC:3D:D0:9B:C7:03:15:3A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ba46be03-cc37-424b-a28b-5ae49b37e352.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:c4:2c:2e:44:25:6a:b4:2c:6d:d8:79:59:2c:1b:7b:43:c5:
         14:89:2a:e8:6e:bf:67:66:9e:49:a5:c5:0c:77:f1:4f:73:84:
         a2:c7:f7:dd:9c:aa:4d:c4:3c:0e:33:5e:74:92:10:dc:0a:61:
         cd:9b:a0:30:23:36:41:fb:96:3a:3f:ce:d6:3c:32:9d:a1:41:
         95:17:61:88:f0:f5:77:6d:f9:bc:1f:63:22:89:54:6f:14:5a:
         fb:f1:ad:3d:e1:0c:59:28:55:31:da:31:c9:2b:a3:cd:8b:57:
         54:dc:df:46:d0:23:02:4f:50:bb:0b:94:8a:f9:ba:f9:95:d5:
         1d:fe:d1:92:d6:3b:33:96:37:62:24:63:4a:d1:1b:68:2c:20:
         96:e9:2b:a9:1c:03:2a:73:9b:db:56:c6:3f:c1:41:8a:29:d4:
         fa:85:fd:84:f4:20:f8:73:b1:24:10:36:c4:57:2b:10:7f:ce:
         7b:be:38:9f:b8:a2:30:cc:a7:c6:a6:a6:e9:96:5d:fd:ad:4e:
         8e:e4:bb:a8:96:94:4e:ca:bc:b2:85:5b:71:2f:c7:0b:de:37:
         97:7e:0b:5d:85:64:1d:5a:e3:8d:06:26:ac:0f:93:45:e9:40:
         08:8e:57:e8:44:f5:c6:98:6d:e6:32:d7:fe:97:a0:27:1e:dd:
         b1:76:92:8e
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgISaOiP1AdLhjHUgHmn/F+Ld0P5MA0GCSqGSIb3DQEBCwUA
MD0xOzA5BgNVBAMTMjI3OGFhYjg3OGYyODMxYmIxODIzYjU4Nzk0YjA5MmQ4NmZi
MWQ3YTBmNzRlMjgxNjExMB4XDTIyMTIxNjAwMDAwMFoXDTIyMTIxOTIzNTk1OVow
gaUxSTBHBgNVBAUTQDk3MjJkMGEyNTVkNjE3Y2E3YTMxY2QyZjVlM2JkMDllOGVj
OWY5NWQzMzNhNDA3NzQ4MTgwNTBlNDY1NGNmNjExLTArBgNVBAMTJDZhZTRlNTY3
LTYzNDgtNGM0Zi05OGE4LTA0MjJjNGM1MmZmMzEUMBIGA1UECxMLQW1hem9uIFJQ
S0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC2TU5phuIPE3vyCyXBTlESbvtB9WPDAGhWxsWM6paD0fT250EQv7l8
YZZSQZuovgYvTX4cCBxiM56f+qRIWisXgmJRE/TsBlNttzqDX1BXYHTea4+ts3RJ
io77EbiJPPtTO5GOByEbg4NWiIOydWrJGESIopQpSirW6JknxHxotunMOQEKQ3Dn
NnXTN207hY5dAD2C3rmH+2XkDLMfYOSwW2w9PLHDyMuMEwPEo0xmnxvV0ZeWCT4v
Bw+UWHftM9JyKpel7skiAeEVeUU2GhWAg0vLOahVY5FjtDq+HHyAQwK52eXs6T4A
JMbbS6vE9r5xSNlEAUsTzLd0ySFqTGtXAgMBAAGjggK+MIICujAdBgNVHQ4EFgQU
V93fcqGJXC3yUdZM3D3Qm8cDFTowHwYDVR0jBBgwFoAUkUTtx6QO6ZC3+jZv9uF9
ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYB
BQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJw
a2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzAzNTcy
NzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04ODIzLTRj
MjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRi
MDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCB
iwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1YmU3NDhi
ZmVhL2JhNDZiZTAzLWNjMzctNDI0Yi1hMjhiLTVhZTQ5YjM3ZTM1Mi5yb2EwgZUG
A1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3Qt
Mi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0x
YTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3NGUzZGEy
LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQAnxCwuRCVqtCxt2HlZ
LBt7Q8UUiSrobr9nZp5JpcUMd/FPc4Six/fdnKpNxDwOM150khDcCmHNm6AwIzZB
+5Y6P87WPDKdoUGVF2GI8PV3bfm8H2MiiVRvFFr78a094QxZKFUx2jHJK6PNi1dU
3N9G0CMCT1C7C5SK+br5ldUd/tGS1jszljdiJGNK0RtoLCCW6SupHAMqc5vbVsY/
wUGKKdT6hf2E9CD4c7EkEDbEVysQf857vjifuKIwzKfGpqbpll39rU6O5LuolpRO
yryyhVtxL8cL3jeXfgtdhWQdWuONBiasD5NF6UAIjlfoRPXGmG3mMtf+l6AnHt2x
dpKO
-----END CERTIFICATE-----