Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cc9761e9-af42-4ec5-8961-a257f052afb3.roa
File:                     cc9761e9-af42-4ec5-8961-a257f052afb3.roa (raw, json)
Hash identifier:          H91kKEvUF1oZGEucW1YJwsj1XuGDvOVXb6bXtuqFvQs=
Subject key identifier:   7A:F6:71:98:4B:C2:D9:D2:31:1B:D9:93:09:FB:D2:F9:49:FB:0D:44
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       614957B8226394CDA383CF2C391E6254A56D017A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cc9761e9-af42-4ec5-8961-a257f052afb3.roa
Signing time:             Thu 23 Feb 2023 00:00:00 +0000
ROA not before:           Thu 23 Feb 2023 00:00:00 +0000
ROA not after:            Sun 26 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:49:57:b8:22:63:94:cd:a3:83:cf:2c:39:1e:62:54:a5:6d:01:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 23 00:00:00 2023 GMT
            Not After : Feb 26 23:59:59 2023 GMT
        Subject: serialNumber=d2160e58513ee9698508f83ef8edf6073ccd7f1b6fae68b869a01f99e11e10c3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2c:5f:ca:13:14:aa:c6:37:ad:48:fa:ed:8e:
                    6a:54:37:47:0e:e2:6e:44:7b:a6:5f:96:3b:71:10:
                    56:46:32:e8:b6:12:74:81:20:5a:4f:51:64:c6:c4:
                    d0:74:74:2c:b7:80:0c:9c:56:4d:bc:4d:f1:bd:76:
                    98:30:9f:46:86:30:3c:10:8b:09:be:d9:8b:82:4d:
                    c0:82:7a:4c:61:5f:66:ef:6b:ee:0e:f4:53:00:e3:
                    9b:f8:4b:b3:b7:a0:26:66:1a:c5:ef:11:b0:e4:3d:
                    75:f4:b0:7b:2e:03:28:7d:2f:6a:67:bb:95:81:22:
                    64:42:71:e8:d1:79:f8:0d:2e:9c:65:96:4e:58:08:
                    ed:09:2b:69:52:af:57:13:70:8a:3f:c7:71:6b:b8:
                    32:16:8f:8a:80:aa:41:14:e4:b2:4f:bb:b3:38:2d:
                    c5:b5:b3:6f:13:22:79:0f:80:d8:01:6a:ee:10:3e:
                    1f:9d:27:e5:94:5b:8a:75:2d:b6:f1:95:ea:fd:06:
                    0c:d1:4a:6c:01:c2:d7:1e:c7:34:48:04:16:32:7e:
                    90:05:10:2b:98:c6:5e:38:4e:dc:9c:8b:b2:e7:ff:
                    6a:d3:76:fb:f6:52:c0:ab:17:ef:ae:5b:35:76:3c:
                    67:56:31:9c:82:85:77:6b:1c:46:54:24:23:65:c4:
                    3e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:F6:71:98:4B:C2:D9:D2:31:1B:D9:93:09:FB:D2:F9:49:FB:0D:44
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cc9761e9-af42-4ec5-8961-a257f052afb3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:1c:d6:79:10:f3:2c:be:39:5b:72:b1:9f:29:f8:14:57:d9:
         ad:83:74:71:bb:d6:6d:40:02:71:3b:c9:6c:d7:10:eb:e4:69:
         75:65:e3:c5:5f:a7:c5:90:a9:4f:09:54:9f:32:1b:66:96:f4:
         28:b1:7e:f3:0d:30:a1:b0:c3:87:57:f7:a2:04:aa:34:81:f4:
         9e:e1:b2:55:f3:8c:73:63:1d:98:4d:fa:48:83:f2:57:39:f8:
         5f:41:bd:71:12:f8:5e:0b:00:56:01:ad:2b:13:ae:93:0f:c1:
         fd:14:c8:1a:61:d1:cd:31:a6:c9:c5:cd:01:dc:57:a7:cf:1e:
         8a:37:35:55:2f:bd:dd:3b:c6:fd:82:d3:f3:5e:6f:5b:0a:0c:
         7c:ec:e1:a8:70:da:cf:58:92:f8:0f:92:9b:30:52:c3:7a:ed:
         fa:86:2c:aa:c9:0d:be:fc:30:cd:5d:49:10:9c:9b:33:3a:b3:
         50:b7:f2:f4:a7:8e:d8:e0:ee:ee:98:3b:c3:31:cf:25:ce:0c:
         f0:8d:d1:77:ff:ed:c4:17:e0:0b:8c:e2:62:7f:5c:17:f6:5f:
         52:58:47:61:9c:b8:37:67:9c:02:09:f9:c0:f1:63:78:a7:66:
         f4:81:53:82:65:20:42:c5:cd:54:85:06:02:16:65:33:73:bf:
         44:c5:29:4e
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYUlXuCJjlM2jg88sOR5iVKVtAXowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIzMDAwMDAwWhcNMjMwMjI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDIxNjBlNTg1MTNlZTk2OTg1MDhmODNlZjhlZGY2MDcz
Y2NkN2YxYjZmYWU2OGI4NjlhMDFmOTllMTFlMTBjMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKEsX8oTFKrGN61I+u2OalQ3Rw7ibkR7pl+WO3EQVkYy6LYSdIEg
Wk9RZMbE0HR0LLeADJxWTbxN8b12mDCfRoYwPBCLCb7Zi4JNwIJ6TGFfZu9r7g70
UwDjm/hLs7egJmYaxe8RsOQ9dfSwey4DKH0vame7lYEiZEJx6NF5+A0unGWWTlgI
7QkraVKvVxNwij/HcWu4MhaPioCqQRTksk+7szgtxbWzbxMieQ+A2AFq7hA+H50n
5ZRbinUttvGV6v0GDNFKbAHC1x7HNEgEFjJ+kAUQK5jGXjhO3JyLsuf/atN2+/ZS
wKsX765bNXY8Z1YxnIKFd2scRlQkI2XEPlcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR69nGYS8LZ0jEb2ZMJ+9L5SfsNRDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2M5NzYxZTktYWY0Mi00ZWM1LTg5NjEtYTI1N2YwNTJhZmIzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAM4c1nkQ8yy+OVty
sZ8p+BRX2a2DdHG71m1AAnE7yWzXEOvkaXVl48Vfp8WQqU8JVJ8yG2aW9CixfvMN
MKGww4dX96IEqjSB9J7hslXzjHNjHZhN+kiD8lc5+F9BvXES+F4LAFYBrSsTrpMP
wf0UyBph0c0xpsnFzQHcV6fPHoo3NVUvvd07xv2C0/Neb1sKDHzs4ahw2s9YkvgP
kpswUsN67fqGLKrJDb78MM1dSRCcmzM6s1C38vSnjtjg7u6YO8MxzyXODPCN0Xf/
7cQX4AuM4mJ/XBf2X1JYR2GcuDdnnAIJ+cDxY3inZvSBU4JlIELFzVSFBgIWZTNz
v0TFKU4=
-----END CERTIFICATE-----