Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c5d338de-8b64-404c-806c-5af07842aad9.roa
File:                     c5d338de-8b64-404c-806c-5af07842aad9.roa (raw, json)
Hash identifier:          5Y3npV7z42TCJTV7J2xLqqYgQ34wAscsu5oWBm8xQL0=
Subject key identifier:   99:BE:D9:CB:E2:73:37:EB:03:CF:25:FC:C8:E0:86:2E:9A:E2:EA:A6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2D0E8C4361F6CFC3ED8377260C194F90C821068E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c5d338de-8b64-404c-806c-5af07842aad9.roa
Signing time:             Fri 10 Mar 2023 00:00:00 +0000
ROA not before:           Fri 10 Mar 2023 00:00:00 +0000
ROA not after:            Mon 13 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:0e:8c:43:61:f6:cf:c3:ed:83:77:26:0c:19:4f:90:c8:21:06:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 10 00:00:00 2023 GMT
            Not After : Mar 13 23:59:59 2023 GMT
        Subject: serialNumber=1ed187c1ec308d8a69c90c11d23626272050227d087401c2db8348ad850b9731, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f1:b3:41:4e:70:ec:4a:a1:64:9b:51:dd:79:
                    ff:8d:af:9e:0f:2e:cf:bb:c0:21:b4:0d:6a:dc:d6:
                    df:be:e5:51:86:84:67:da:b5:ec:6a:4a:ee:e5:d8:
                    51:29:1b:6f:da:c6:fc:7e:95:2e:51:e0:3b:83:dc:
                    11:f8:af:72:64:e3:a3:80:c3:47:b7:cd:36:cb:d0:
                    44:ee:be:dc:de:f1:bb:83:bd:b1:22:1c:86:89:92:
                    e1:6f:c3:71:5d:19:e4:a0:80:d5:7b:ef:5c:a4:29:
                    46:fa:94:56:cb:b5:ae:27:8a:ec:b5:2f:24:6f:ba:
                    66:67:91:ef:c6:61:73:63:92:49:4f:a7:f7:c2:b8:
                    66:c2:32:62:93:af:fa:b4:3d:90:b7:f0:1d:8b:16:
                    b9:3e:07:f8:dc:99:f5:be:80:c8:d5:63:c3:f8:cd:
                    ab:52:c4:a1:2c:51:df:a1:38:ed:ff:63:a8:bc:69:
                    cc:17:82:77:a4:81:52:17:9b:10:06:4b:23:43:6a:
                    dc:55:1d:1e:42:c7:a0:8e:2f:4a:6c:a1:a2:4a:6e:
                    20:05:36:28:29:e7:aa:1b:a6:83:d6:22:36:ce:77:
                    8a:e5:d7:c5:98:2b:fa:f4:49:44:68:05:a5:23:52:
                    ec:2a:04:a2:1c:bb:36:59:e9:00:f4:47:26:a3:4f:
                    ed:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:BE:D9:CB:E2:73:37:EB:03:CF:25:FC:C8:E0:86:2E:9A:E2:EA:A6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c5d338de-8b64-404c-806c-5af07842aad9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:1c:51:dd:bc:ec:d6:8e:ef:33:c1:03:6e:28:0c:b6:39:59:
         1c:71:f6:44:8a:94:43:b9:82:1d:6f:2c:70:11:5b:fd:c6:2f:
         0a:6c:ab:46:d3:3f:79:14:6d:47:df:77:3d:4d:d2:56:3c:16:
         46:0e:6a:2d:7e:4f:81:b7:52:90:80:c8:50:86:c6:5d:86:6e:
         74:2d:df:33:93:d1:9e:c9:48:db:10:b8:7b:ff:91:ad:b9:22:
         2a:b4:09:c9:40:37:9e:31:eb:b5:6f:23:f0:bc:ad:b3:ed:62:
         34:53:63:c3:16:d1:c6:f2:97:73:69:cb:03:ee:4d:73:78:1d:
         82:19:7d:0a:0b:ee:7e:d4:ca:9f:f1:16:2b:31:7d:3f:b1:bc:
         d9:75:3a:1c:a0:34:ae:42:fb:7c:0d:11:2c:27:78:69:3b:c3:
         6d:3d:8a:1a:94:42:78:e3:84:ee:d3:70:b9:71:31:cc:23:24:
         2f:0b:0c:b8:a7:64:31:3f:77:00:f0:c3:a7:86:8e:09:ba:75:
         3e:3c:89:9f:03:2c:5e:8e:f6:e2:27:e2:71:eb:d0:96:c5:df:
         31:89:5f:d5:be:75:49:96:de:ee:b9:6b:e9:6e:16:10:e5:4e:
         a0:07:13:41:6d:62:1e:06:2e:8c:22:d6:79:33:18:4d:f4:f4:
         3b:f3:b4:5b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULQ6MQ2H2z8Ptg3cmDBlPkMghBo4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEwMDAwMDAwWhcNMjMwMzEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWVkMTg3YzFlYzMwOGQ4YTY5YzkwYzExZDIzNjI2Mjcy
MDUwMjI3ZDA4NzQwMWMyZGI4MzQ4YWQ4NTBiOTczMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKnxs0FOcOxKoWSbUd15/42vng8uz7vAIbQNatzW377lUYaEZ9q1
7GpK7uXYUSkbb9rG/H6VLlHgO4PcEfivcmTjo4DDR7fNNsvQRO6+3N7xu4O9sSIc
homS4W/DcV0Z5KCA1XvvXKQpRvqUVsu1rieK7LUvJG+6ZmeR78Zhc2OSSU+n98K4
ZsIyYpOv+rQ9kLfwHYsWuT4H+NyZ9b6AyNVjw/jNq1LEoSxR36E47f9jqLxpzBeC
d6SBUhebEAZLI0Nq3FUdHkLHoI4vSmyhokpuIAU2KCnnqhumg9YiNs53iuXXxZgr
+vRJRGgFpSNS7CoEohy7NlnpAPRHJqNP7RMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSZvtnL4nM36wPPJfzI4IYumuLqpjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzVkMzM4ZGUtOGI2NC00MDRjLTgwNmMtNWFmMDc4NDJhYWQ5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACscUd287NaO7zPB
A24oDLY5WRxx9kSKlEO5gh1vLHARW/3GLwpsq0bTP3kUbUffdz1N0lY8FkYOai1+
T4G3UpCAyFCGxl2GbnQt3zOT0Z7JSNsQuHv/ka25Iiq0CclAN54x67VvI/C8rbPt
YjRTY8MW0cbyl3NpywPuTXN4HYIZfQoL7n7Uyp/xFisxfT+xvNl1OhygNK5C+3wN
ESwneGk7w209ihqUQnjjhO7TcLlxMcwjJC8LDLinZDE/dwDww6eGjgm6dT48iZ8D
LF6O9uIn4nHr0JbF3zGJX9W+dUmW3u65a+luFhDlTqAHE0FtYh4GLowi1nkzGE30
9DvztFs=
-----END CERTIFICATE-----