Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cca6af76-2513-4ac6-8f03-5000bc9da690.roa
File:                     cca6af76-2513-4ac6-8f03-5000bc9da690.roa (raw, json)
Hash identifier:          xI850HJoAjyzpv/0MgRXoWfWgFjKiVRY2cdOxTjwP+0=
Subject key identifier:   77:AF:2E:4C:FA:38:42:B6:73:89:5A:18:92:44:7E:4B:E9:F3:19:7B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6FF007F79381D2CC611EA639FF74FC934F8D9E5C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cca6af76-2513-4ac6-8f03-5000bc9da690.roa
Signing time:             Wed 22 Feb 2023 00:00:00 +0000
ROA not before:           Wed 22 Feb 2023 00:00:00 +0000
ROA not after:            Sat 25 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:f0:07:f7:93:81:d2:cc:61:1e:a6:39:ff:74:fc:93:4f:8d:9e:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 22 00:00:00 2023 GMT
            Not After : Feb 25 23:59:59 2023 GMT
        Subject: serialNumber=f43a59990228019cb8ceef86ae10dbaa453fd7fbc912a8081595af4b5e9cf370, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:8e:e7:71:54:81:2c:e3:aa:52:ae:6a:dd:83:
                    28:2a:58:9a:42:48:00:c1:98:64:8a:64:e0:35:8d:
                    d4:35:a7:ff:07:1e:51:9e:86:f4:b5:c9:40:a1:89:
                    48:fb:bd:c1:9f:62:ef:df:0c:1c:a6:b0:ec:70:14:
                    5b:ad:a6:60:c2:ea:4a:22:1e:ea:03:ef:cf:b8:c8:
                    f7:5a:3f:d4:26:2b:ee:d3:2f:d6:8f:7d:61:27:69:
                    ad:02:a7:7c:3d:64:30:fd:41:a1:f0:c2:8b:ee:34:
                    a1:0c:7a:fd:1a:22:27:ff:e3:ba:3e:99:da:70:02:
                    95:3b:57:66:20:69:04:83:68:f2:ee:f4:3c:53:2f:
                    ed:6c:eb:86:de:3a:0a:b7:72:1c:90:e1:d5:a2:8d:
                    28:96:c7:d7:73:f8:2e:28:8d:00:97:03:d6:ff:52:
                    1e:e5:42:32:11:bb:f0:c3:50:7a:f8:9b:ef:ed:ad:
                    06:73:55:b3:94:a8:48:2f:b9:f4:8a:85:ef:ed:e3:
                    9c:44:80:75:ed:7e:45:e8:0d:ed:f4:ea:c7:66:a5:
                    04:09:14:2a:dd:f9:70:6c:f0:04:53:4e:c1:53:da:
                    18:86:23:e2:3d:6e:e3:9b:10:93:24:e7:1e:a0:5e:
                    6f:4f:c9:2d:c3:f6:cf:89:08:ee:46:16:aa:5b:8c:
                    a4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:AF:2E:4C:FA:38:42:B6:73:89:5A:18:92:44:7E:4B:E9:F3:19:7B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cca6af76-2513-4ac6-8f03-5000bc9da690.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:7a:f0:68:dd:94:02:10:6b:2a:a6:1b:a0:5d:26:c8:5c:5d:
         f7:16:68:a1:bd:f6:c9:2c:b5:04:4b:44:46:56:20:a2:e1:b4:
         30:e9:fb:f5:f1:04:63:d1:54:76:b8:af:a6:b6:b1:3c:72:f6:
         c3:3f:bf:21:05:c1:95:d0:19:b4:5d:06:e4:ba:5f:5c:1c:8f:
         e1:b0:d4:ae:9b:f3:43:89:4a:e6:d9:e1:24:8a:5a:c3:b0:56:
         6a:1d:62:b9:9e:ad:28:a8:d5:d0:af:d7:5f:49:47:73:51:cc:
         23:e5:9e:82:08:45:5d:8f:a6:d1:93:42:4e:b0:fd:8d:44:7f:
         33:6a:86:87:8e:e5:6b:0f:f5:21:5f:db:36:4b:14:7c:e3:d6:
         3e:58:39:9c:c8:47:04:4c:5d:99:24:32:4f:f4:c8:fa:48:96:
         36:39:0c:af:40:4a:82:6f:5a:a1:21:8a:16:60:7f:42:73:56:
         d6:64:23:96:06:08:19:c9:90:5a:b1:0f:91:d4:aa:cd:91:2f:
         35:24:5e:cc:93:e5:0e:74:6f:33:88:ae:eb:ac:4b:9e:26:ff:
         55:01:f0:49:dc:c2:8f:6f:94:0a:7d:af:e1:07:55:13:8b:97:
         2e:5b:c3:cb:fa:00:1a:d4:1f:89:18:a5:52:e9:f7:85:24:23:
         84:9e:da:d4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUb/AH95OB0sxhHqY5/3T8k0+NnlwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIyMDAwMDAwWhcNMjMwMjI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjQzYTU5OTkwMjI4MDE5Y2I4Y2VlZjg2YWUxMGRiYWE0
NTNmZDdmYmM5MTJhODA4MTU5NWFmNGI1ZTljZjM3MDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAO2O53FUgSzjqlKuat2DKCpYmkJIAMGYZIpk4DWN1DWn/wceUZ6G
9LXJQKGJSPu9wZ9i798MHKaw7HAUW62mYMLqSiIe6gPvz7jI91o/1CYr7tMv1o99
YSdprQKnfD1kMP1BofDCi+40oQx6/RoiJ//juj6Z2nAClTtXZiBpBINo8u70PFMv
7Wzrht46CrdyHJDh1aKNKJbH13P4LiiNAJcD1v9SHuVCMhG78MNQevib7+2tBnNV
s5SoSC+59IqF7+3jnESAde1+RegN7fTqx2alBAkUKt35cGzwBFNOwVPaGIYj4j1u
45sQkyTnHqBeb0/JLcP2z4kI7kYWqluMpOcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR3ry5M+jhCtnOJWhiSRH5L6fMZezAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2NhNmFmNzYtMjUxMy00YWM2LThmMDMtNTAwMGJjOWRhNjkwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMV68GjdlAIQayqm
G6BdJshcXfcWaKG99skstQRLREZWIKLhtDDp+/XxBGPRVHa4r6a2sTxy9sM/vyEF
wZXQGbRdBuS6X1wcj+Gw1K6b80OJSubZ4SSKWsOwVmodYrmerSio1dCv119JR3NR
zCPlnoIIRV2PptGTQk6w/Y1EfzNqhoeO5WsP9SFf2zZLFHzj1j5YOZzIRwRMXZkk
Mk/0yPpIljY5DK9ASoJvWqEhihZgf0JzVtZkI5YGCBnJkFqxD5HUqs2RLzUkXsyT
5Q50bzOIruusS54m/1UB8Encwo9vlAp9r+EHVROLly5bw8v6ABrUH4kYpVLp94Uk
I4Se2tQ=
-----END CERTIFICATE-----