Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cc196840-edf3-4a90-95dc-55956f12c653.roa
File:                     cc196840-edf3-4a90-95dc-55956f12c653.roa (raw, json)
Hash identifier:          DHZFG1+i5ZAXcsYia5gcqxqMEJmyJdpmS0IpXqVmEiM=
Subject key identifier:   52:9B:10:89:4D:20:F7:FE:5F:67:C6:B4:77:ED:4D:C6:77:64:0A:EC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       034118FCC874AE4B6E916D08762554F68FA7CA86
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cc196840-edf3-4a90-95dc-55956f12c653.roa
Signing time:             Mon 27 Mar 2023 00:00:00 +0000
ROA not before:           Mon 27 Mar 2023 00:00:00 +0000
ROA not after:            Thu 30 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:41:18:fc:c8:74:ae:4b:6e:91:6d:08:76:25:54:f6:8f:a7:ca:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 27 00:00:00 2023 GMT
            Not After : Mar 30 23:59:59 2023 GMT
        Subject: serialNumber=6121d281acc38a482ba16f281b3a2a7c6eeaf2e44d063b09884a283f9bccad09, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b9:b1:b8:cb:8f:fc:87:70:8b:10:d6:60:5a:
                    da:cf:15:34:ab:ec:98:1e:2c:d5:cf:61:cb:56:45:
                    cc:f9:53:62:bc:52:1f:3d:c7:0b:43:45:0d:cd:b4:
                    12:77:0e:31:0e:71:9d:34:f3:7a:c4:21:61:88:8f:
                    17:65:41:ed:bc:d3:b1:68:5c:5a:a6:37:af:8a:69:
                    91:9f:33:b6:6a:56:0c:1c:2d:5d:80:11:7e:36:c9:
                    4b:eb:3f:2c:b1:de:19:4b:b0:6c:f1:a3:4f:7e:c0:
                    b6:01:6a:2a:32:a6:55:d8:9b:6d:f2:28:6b:f3:68:
                    2c:f5:64:b5:f1:cb:48:bf:7b:a5:53:21:0f:59:ae:
                    a4:52:68:10:82:27:9d:af:e7:6e:5a:74:da:84:4b:
                    22:5e:05:65:34:6c:ae:af:c7:7e:9b:11:01:61:a5:
                    38:29:3e:70:18:9d:86:5f:79:14:10:0c:df:00:a3:
                    c6:f6:06:04:0f:b7:7a:86:bd:2e:a6:0f:93:49:5c:
                    b9:1a:6d:b3:10:33:26:1e:17:b1:af:6e:16:65:ae:
                    13:40:cc:18:7c:85:1b:b0:48:ad:6d:3f:38:29:ed:
                    81:43:5e:13:a6:ee:f2:94:34:c6:12:6a:56:0e:27:
                    52:c4:15:ff:25:b2:70:b6:92:e7:ed:34:75:ae:3d:
                    e4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:9B:10:89:4D:20:F7:FE:5F:67:C6:B4:77:ED:4D:C6:77:64:0A:EC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cc196840-edf3-4a90-95dc-55956f12c653.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:c9:e0:3f:d7:58:7c:52:4c:58:f4:27:8a:18:db:fd:8f:2a:
         7a:3c:5f:c3:f8:48:9c:67:20:a3:6b:53:ab:e4:f7:b1:1d:9d:
         1d:72:8a:4f:6d:e9:b5:19:76:98:c2:88:ae:6c:30:22:e6:4d:
         27:31:b3:02:e4:ea:72:62:2f:0f:c9:b1:1f:47:66:41:d2:f6:
         f1:04:66:aa:fd:53:13:34:b3:16:16:5a:fc:7d:07:1d:94:bb:
         03:5d:d1:a8:77:1d:80:e2:2c:5e:3d:d4:12:86:e0:88:18:be:
         6f:5e:17:7b:c5:d2:f2:3f:86:4a:ad:ec:35:bc:c0:7d:33:91:
         18:da:28:28:4f:db:00:d9:22:b3:73:36:66:38:1d:88:9a:ba:
         7b:87:50:2f:7f:fd:f7:ed:66:89:c3:dd:ba:d8:4f:5f:a4:ef:
         bf:5f:66:0e:08:29:34:15:7f:2a:88:cb:c7:a4:c6:75:82:ce:
         a4:ae:da:11:03:11:f0:b6:8a:6a:e2:50:f0:5b:ec:ac:d6:0c:
         7e:04:d5:92:d2:d0:e8:a6:12:a5:6e:6d:13:5a:04:8c:41:17:
         e2:84:e4:49:4a:49:8f:ff:3a:4b:ef:0f:9e:45:90:fa:5c:ff:
         c3:65:6c:70:e2:b6:aa:07:74:65:ba:3d:c0:4d:52:4e:03:56:
         2e:e7:cc:ff
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUA0EY/Mh0rktukW0IdiVU9o+nyoYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI3MDAwMDAwWhcNMjMwMzMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANjEyMWQyODFhY2MzOGE0ODJiYTE2ZjI4MWIzYTJhN2M2
ZWVhZjJlNDRkMDYzYjA5ODg0YTI4M2Y5YmNjYWQwOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANy5sbjLj/yHcIsQ1mBa2s8VNKvsmB4s1c9hy1ZFzPlTYrxSHz3H
C0NFDc20EncOMQ5xnTTzesQhYYiPF2VB7bzTsWhcWqY3r4ppkZ8ztmpWDBwtXYAR
fjbJS+s/LLHeGUuwbPGjT37AtgFqKjKmVdibbfIoa/NoLPVktfHLSL97pVMhD1mu
pFJoEIInna/nblp02oRLIl4FZTRsrq/HfpsRAWGlOCk+cBidhl95FBAM3wCjxvYG
BA+3eoa9LqYPk0lcuRptsxAzJh4Xsa9uFmWuE0DMGHyFG7BIrW0/OCntgUNeE6bu
8pQ0xhJqVg4nUsQV/yWycLaS5+00da495CkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRSmxCJTSD3/l9nxrR37U3Gd2QK7DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2MxOTY4NDAtZWRmMy00YTkwLTk1ZGMtNTU5NTZmMTJjNjUzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALHJ4D/XWHxSTFj0
J4oY2/2PKno8X8P4SJxnIKNrU6vk97EdnR1yik9t6bUZdpjCiK5sMCLmTScxswLk
6nJiLw/JsR9HZkHS9vEEZqr9UxM0sxYWWvx9Bx2UuwNd0ah3HYDiLF491BKG4IgY
vm9eF3vF0vI/hkqt7DW8wH0zkRjaKChP2wDZIrNzNmY4HYiaunuHUC9//fftZonD
3brYT1+k779fZg4IKTQVfyqIy8ekxnWCzqSu2hEDEfC2imriUPBb7KzWDH4E1ZLS
0OimEqVubRNaBIxBF+KE5ElKSY//OkvvD55FkPpc/8NlbHDitqoHdGW6PcBNUk4D
Vi7nzP8=
-----END CERTIFICATE-----