Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/be5239a9-c440-4c21-87d6-edbc02578dd1.roa
File:                     be5239a9-c440-4c21-87d6-edbc02578dd1.roa (raw, json)
Hash identifier:          /FHCutMDXJ2n1kd/wOoAmCublC8KcDFVgDbudvuIslQ=
Subject key identifier:   A9:C7:A0:C5:FB:FA:5A:55:66:5D:69:D3:21:33:82:65:5C:60:7E:0E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       168CA46DBBC8A7F27EFB73DF081254CDEB431B3C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/be5239a9-c440-4c21-87d6-edbc02578dd1.roa
Signing time:             Mon 23 Jan 2023 00:00:00 +0000
ROA not before:           Mon 23 Jan 2023 00:00:00 +0000
ROA not after:            Thu 26 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:8c:a4:6d:bb:c8:a7:f2:7e:fb:73:df:08:12:54:cd:eb:43:1b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 23 00:00:00 2023 GMT
            Not After : Jan 26 23:59:59 2023 GMT
        Subject: serialNumber=e0d1f040c8fcfbc8e9e134883d9c8c23a2bf01189e5efc739894a62dec95597d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:cf:c6:2d:ca:d1:49:7e:8a:2b:da:76:65:69:
                    80:90:06:c9:2b:b1:e5:29:24:9d:0f:14:bb:69:94:
                    5e:a9:bb:17:11:46:39:35:c0:0b:09:ba:2d:13:bd:
                    b0:48:98:d1:ff:79:12:9b:2d:8a:9c:cc:2f:ea:42:
                    95:9b:69:a1:51:9c:7a:97:81:25:4e:79:79:de:52:
                    41:dd:9f:e8:aa:68:2e:0e:ba:99:73:8a:45:1c:d8:
                    48:e2:57:a0:9e:26:20:90:e1:ab:b1:d5:1a:c2:1b:
                    83:78:4f:bd:36:52:7e:1a:54:54:71:80:f1:81:0a:
                    f1:e9:3b:40:da:6a:68:43:97:c6:86:ee:b1:48:a9:
                    82:4a:85:0c:c8:3e:cc:00:64:02:e4:f7:5a:8c:9c:
                    65:16:fc:9e:39:75:e9:c9:78:fe:f0:09:a5:b5:ff:
                    10:50:52:d3:6f:9a:cb:a6:2c:cd:df:bb:6b:16:ae:
                    4d:7c:25:22:92:f9:b2:48:b9:8d:4c:70:b5:d0:41:
                    57:b4:6b:40:91:fe:29:85:2d:90:1d:4e:08:43:3a:
                    51:2e:39:6f:f4:fd:05:6e:68:ad:21:f4:67:4e:ee:
                    cf:50:79:3f:ea:64:ea:d7:65:0f:6c:0c:a7:3b:ca:
                    9f:6c:48:f3:bb:86:12:44:85:52:99:94:65:4a:8d:
                    26:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C7:A0:C5:FB:FA:5A:55:66:5D:69:D3:21:33:82:65:5C:60:7E:0E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/be5239a9-c440-4c21-87d6-edbc02578dd1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:fd:61:63:53:15:69:4c:bd:a2:07:31:e8:44:e0:99:9c:c6:
         33:6a:79:d5:f0:4d:85:03:05:d7:e6:e4:7c:0b:eb:75:8f:3b:
         d3:44:35:52:b1:5c:98:f0:22:a0:fe:f6:24:20:b9:8e:52:7e:
         c4:d9:6d:ba:3b:39:56:cb:76:ad:f2:45:be:9c:3f:ca:a2:98:
         14:19:b1:df:4c:f3:77:71:b7:f3:1f:c3:53:08:4f:58:25:7d:
         ce:2d:25:99:b7:d1:11:bd:bc:4e:d4:eb:f6:fa:43:b1:76:c6:
         bd:16:cf:0d:89:44:b4:49:3e:74:57:ec:a1:90:c5:51:99:fc:
         0b:0c:c3:8c:df:1c:1d:4e:db:80:39:52:ad:d3:7f:d6:14:03:
         ae:db:16:37:46:9a:32:9d:36:52:30:2c:00:5b:6d:5d:a7:9d:
         30:ea:16:6e:3c:00:a9:03:d1:a9:6c:62:bb:f5:24:7d:df:a9:
         fe:11:4f:d3:83:16:d7:c0:3b:51:4c:96:61:95:4f:9b:43:dd:
         55:f9:4b:4f:e8:b5:c7:56:a6:e6:05:b8:95:6d:5c:a0:a7:8d:
         7a:c1:36:91:be:1f:e1:e6:52:a0:e2:3a:37:57:de:1c:99:55:
         01:c3:18:0f:56:0d:7c:50:05:13:0c:58:af:0f:c1:af:5c:5b:
         3f:7e:2d:16
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUFoykbbvIp/J++3PfCBJUzetDGzwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTIzMDAwMDAwWhcNMjMwMTI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTBkMWYwNDBjOGZjZmJjOGU5ZTEzNDg4M2Q5YzhjMjNh
MmJmMDExODllNWVmYzczOTg5NGE2MmRlYzk1NTk3ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIvPxi3K0Ul+iivadmVpgJAGySux5SkknQ8Uu2mUXqm7FxFGOTXA
Cwm6LRO9sEiY0f95EpstipzML+pClZtpoVGcepeBJU55ed5SQd2f6KpoLg66mXOK
RRzYSOJXoJ4mIJDhq7HVGsIbg3hPvTZSfhpUVHGA8YEK8ek7QNpqaEOXxobusUip
gkqFDMg+zABkAuT3WoycZRb8njl16cl4/vAJpbX/EFBS02+ay6Yszd+7axauTXwl
IpL5ski5jUxwtdBBV7RrQJH+KYUtkB1OCEM6US45b/T9BW5orSH0Z07uz1B5P+pk
6tdlD2wMpzvKn2xI87uGEkSFUpmUZUqNJkECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSpx6DF+/paVWZdadMhM4JlXGB+DjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmU1MjM5YTktYzQ0MC00YzIxLTg3ZDYtZWRiYzAyNTc4ZGQxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABX9YWNTFWlMvaIH
MehE4JmcxjNqedXwTYUDBdfm5HwL63WPO9NENVKxXJjwIqD+9iQguY5SfsTZbbo7
OVbLdq3yRb6cP8qimBQZsd9M83dxt/Mfw1MIT1glfc4tJZm30RG9vE7U6/b6Q7F2
xr0Wzw2JRLRJPnRX7KGQxVGZ/AsMw4zfHB1O24A5Uq3Tf9YUA67bFjdGmjKdNlIw
LABbbV2nnTDqFm48AKkD0alsYrv1JH3fqf4RT9ODFtfAO1FMlmGVT5tD3VX5S0/o
tcdWpuYFuJVtXKCnjXrBNpG+H+HmUqDiOjdX3hyZVQHDGA9WDXxQBRMMWK8Pwa9c
Wz9+LRY=
-----END CERTIFICATE-----