Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bab72810-d664-4291-af78-c32f17fb4f6c.roa
File:                     bab72810-d664-4291-af78-c32f17fb4f6c.roa (raw, json)
Hash identifier:          WGmIxwQTIJAMt+DLGkMoGVpabppWLHP3Mu0e+cqCTKg=
Subject key identifier:   39:29:72:C1:81:26:70:9E:4A:D5:56:FE:7E:42:D0:7A:50:D7:10:9B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       726CC32EAB97C5862BF2605501A67BD968C06C68
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bab72810-d664-4291-af78-c32f17fb4f6c.roa
Signing time:             Sat 07 Jan 2023 00:00:00 +0000
ROA not before:           Sat 07 Jan 2023 00:00:00 +0000
ROA not after:            Tue 10 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:6c:c3:2e:ab:97:c5:86:2b:f2:60:55:01:a6:7b:d9:68:c0:6c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan  7 00:00:00 2023 GMT
            Not After : Jan 10 23:59:59 2023 GMT
        Subject: serialNumber=73ce8b768b82d12997cac79c217cd2392d87b6deafb32e8433eebd19597505a9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:dd:df:e7:c9:22:56:36:cc:c5:c8:69:cf:1a:
                    fb:d2:f0:c2:00:7c:5f:94:05:54:da:28:52:2d:81:
                    b1:eb:6d:f2:e8:00:b6:eb:ca:bf:4e:b0:2b:6d:16:
                    56:f5:41:e4:80:07:e4:f0:4e:8b:16:27:9c:8e:72:
                    eb:fb:f4:0a:39:01:22:a1:b8:93:e4:14:5c:8a:06:
                    d4:a8:fa:ba:33:61:f4:57:bf:30:7d:84:cf:48:93:
                    e1:47:a4:2c:3e:ed:44:99:e4:6a:3b:08:45:12:08:
                    36:26:e9:a9:8e:4c:79:62:50:92:e3:6d:ab:6b:ac:
                    77:ef:cd:8c:15:bc:83:ee:a0:3f:ea:69:b0:d2:85:
                    c8:fe:33:01:6c:a8:20:c5:e8:a5:f6:3f:45:fd:f6:
                    38:aa:9c:65:f5:b2:7e:98:e2:bb:81:04:eb:6c:e4:
                    60:1c:f4:12:c6:e9:89:73:39:48:48:a7:2c:e1:c1:
                    fe:e0:9a:7f:32:60:3f:47:ef:10:7d:6c:49:98:83:
                    5a:6e:a8:0b:40:f8:f2:85:23:b3:a2:7f:96:d0:4d:
                    9d:42:9a:66:12:5f:78:19:bd:3f:7a:71:23:d8:87:
                    b4:a7:0c:77:4d:8c:5d:7b:87:8a:29:9c:9d:ad:96:
                    6c:c1:74:9d:93:94:3f:5b:36:ad:77:6e:ac:f8:99:
                    20:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:29:72:C1:81:26:70:9E:4A:D5:56:FE:7E:42:D0:7A:50:D7:10:9B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bab72810-d664-4291-af78-c32f17fb4f6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:14:d1:fc:05:09:87:da:23:ba:c8:6c:dd:91:30:81:9b:a8:
         e0:fb:eb:5e:da:dd:af:09:e7:cd:42:c8:d7:27:8e:2d:65:f5:
         86:a7:6b:3d:12:62:86:87:77:ad:21:01:44:05:af:af:d7:e6:
         51:08:4e:34:6f:4f:a1:69:b4:2e:63:ed:9b:78:c0:50:b8:e9:
         9a:ef:35:aa:a1:b7:4b:61:a4:fb:76:46:1b:a5:cd:42:84:bb:
         43:56:11:bf:e1:7f:49:8b:c5:e5:11:ec:26:0c:27:20:a3:b0:
         3c:04:a5:b5:3d:91:24:16:0b:e4:74:5a:5d:74:76:23:2c:24:
         58:e8:6a:aa:cb:b8:bc:35:f3:47:b9:c2:23:b9:21:e0:99:68:
         e9:4e:69:af:f0:64:cd:30:de:4d:b7:b3:fb:5d:b8:d0:2a:c6:
         2c:0a:69:f9:d0:f9:46:61:93:81:94:34:61:fa:68:ab:64:2f:
         37:31:a7:3f:d4:88:a3:c5:5e:ba:00:9b:cd:50:78:1b:5f:91:
         26:b9:24:ea:69:e3:2c:9f:fb:d6:51:1a:51:4f:06:8a:6d:44:
         75:69:eb:92:64:ee:d7:20:ad:f5:bc:eb:06:63:9e:85:5f:d1:
         a7:18:9b:f9:50:bd:ab:b4:fe:28:ec:1b:c7:11:22:8d:c6:82:
         b3:d5:62:90
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcmzDLquXxYYr8mBVAaZ72WjAbGgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTA3MDAwMDAwWhcNMjMwMTEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzNjZThiNzY4YjgyZDEyOTk3Y2FjNzljMjE3Y2QyMzky
ZDg3YjZkZWFmYjMyZTg0MzNlZWJkMTk1OTc1MDVhOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN3d3+fJIlY2zMXIac8a+9LwwgB8X5QFVNooUi2Bsett8ugAtuvK
v06wK20WVvVB5IAH5PBOixYnnI5y6/v0CjkBIqG4k+QUXIoG1Kj6ujNh9Fe/MH2E
z0iT4UekLD7tRJnkajsIRRIINibpqY5MeWJQkuNtq2usd+/NjBW8g+6gP+ppsNKF
yP4zAWyoIMXopfY/Rf32OKqcZfWyfpjiu4EE62zkYBz0EsbpiXM5SEinLOHB/uCa
fzJgP0fvEH1sSZiDWm6oC0D48oUjs6J/ltBNnUKaZhJfeBm9P3pxI9iHtKcMd02M
XXuHiimcna2WbMF0nZOUP1s2rXdurPiZIE0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ5KXLBgSZwnkrVVv5+QtB6UNcQmzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmFiNzI4MTAtZDY2NC00MjkxLWFmNzgtYzMyZjE3ZmI0ZjZjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF4U0fwFCYfaI7rI
bN2RMIGbqOD7617a3a8J581CyNcnji1l9Yanaz0SYoaHd60hAUQFr6/X5lEITjRv
T6FptC5j7Zt4wFC46ZrvNaqht0thpPt2RhulzUKEu0NWEb/hf0mLxeUR7CYMJyCj
sDwEpbU9kSQWC+R0Wl10diMsJFjoaqrLuLw180e5wiO5IeCZaOlOaa/wZM0w3k23
s/tduNAqxiwKafnQ+UZhk4GUNGH6aKtkLzcxpz/UiKPFXroAm81QeBtfkSa5JOpp
4yyf+9ZRGlFPBoptRHVp65Jk7tcgrfW86wZjnoVf0acYm/lQvau0/ijsG8cRIo3G
grPVYpA=
-----END CERTIFICATE-----