Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cd4e6016-166d-4d43-aec4-0e7d2603306c.roa
File:                     cd4e6016-166d-4d43-aec4-0e7d2603306c.roa (raw, json)
Hash identifier:          K56vvRVe6B1yLS1Jc/Ssy43kGcpDs2L58+1x2Xcdp/k=
Subject key identifier:   68:D2:D6:37:5A:2D:DA:2C:EA:7A:65:B5:49:81:0E:9D:5C:BC:7A:71
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       65549FE01EA5B8F14628174F336188E0448C181D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cd4e6016-166d-4d43-aec4-0e7d2603306c.roa
Signing time:             Tue 21 Mar 2023 00:00:00 +0000
ROA not before:           Tue 21 Mar 2023 00:00:00 +0000
ROA not after:            Fri 24 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:54:9f:e0:1e:a5:b8:f1:46:28:17:4f:33:61:88:e0:44:8c:18:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 21 00:00:00 2023 GMT
            Not After : Mar 24 23:59:59 2023 GMT
        Subject: serialNumber=a68ba75a09c632994e4915fb0a029bb853083291455fd88279d3fc785f6775a8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:88:02:e1:a4:87:d1:52:64:9a:60:87:46:90:
                    30:3c:f3:e1:ad:a0:a7:e3:74:72:17:65:5e:92:1f:
                    43:34:5c:7b:1e:1a:bb:4f:da:57:f1:21:c0:a9:67:
                    64:96:b1:0e:c1:39:ad:22:b0:a7:6d:5f:2e:ba:03:
                    4b:b9:9c:a0:a1:59:e8:cd:53:f8:f9:0a:cf:ea:b6:
                    fa:b1:a7:29:84:b8:1f:72:60:c3:b8:37:29:07:5e:
                    6e:ca:f4:49:06:3e:5e:e0:75:51:31:35:3e:3f:b9:
                    69:39:cf:e4:fc:2d:e1:75:0e:61:ec:50:3a:a5:7f:
                    b1:fb:c2:13:3d:dc:b6:39:06:f2:6c:70:7b:94:7f:
                    3d:c3:52:4c:df:6e:7d:8b:f1:b2:8e:ce:90:3d:16:
                    bd:a5:01:34:6d:51:cf:3b:a6:e3:23:63:44:76:57:
                    01:19:8b:13:a0:cc:a2:48:c2:55:1a:18:a1:86:83:
                    ef:76:3a:b5:4d:4c:83:25:25:6a:5e:6f:cd:5f:57:
                    5c:c7:3c:90:84:6a:49:35:46:f4:95:06:fb:2c:e3:
                    67:98:8f:53:d7:60:46:95:71:85:91:3e:43:04:91:
                    92:b8:9f:eb:c3:12:31:9e:75:d4:e5:b7:2a:88:a0:
                    20:16:00:4a:b0:e7:c2:f2:ee:a6:2b:ab:82:58:94:
                    4f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D2:D6:37:5A:2D:DA:2C:EA:7A:65:B5:49:81:0E:9D:5C:BC:7A:71
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cd4e6016-166d-4d43-aec4-0e7d2603306c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:f2:c7:e6:c8:80:50:bb:6d:30:c9:42:e2:45:fc:7b:75:16:
         22:0b:af:98:5c:70:a3:ea:f9:81:b8:0a:74:b5:db:53:90:3a:
         f8:47:59:88:c4:93:89:48:8f:d0:c0:fe:30:c5:3e:b8:6e:31:
         6c:09:b3:14:48:40:4e:81:fa:e5:9a:34:0e:5d:35:61:96:b5:
         90:b8:3f:e7:bd:35:a0:44:f8:c2:ce:b9:95:d1:47:c4:77:5e:
         1f:57:04:98:2a:60:1a:ce:e9:21:7e:aa:40:9c:26:13:d9:27:
         fd:f2:2a:d4:8d:b5:95:04:d9:7a:b2:0c:fd:bd:1d:b9:43:22:
         7f:e2:db:30:e9:15:60:30:77:ef:b9:8a:22:cf:34:22:27:9d:
         3d:cb:dd:6d:5e:03:f9:95:2c:47:ce:fa:87:fc:a2:44:68:d8:
         51:35:f4:4b:ef:e1:19:02:97:7c:09:bc:7d:9e:8b:50:19:79:
         c2:e7:4d:d2:84:8a:b5:cd:3a:f5:c9:e0:60:24:9d:c7:4c:57:
         07:80:db:92:94:47:9a:bd:12:5d:2e:94:20:3e:af:6c:8f:08:
         58:68:6c:be:44:30:09:48:1f:a7:89:c3:ea:4f:b6:e4:5d:e6:
         33:ec:5f:1e:93:8a:87:78:eb:ff:15:42:cd:ba:9f:92:44:77:
         2d:22:5c:bf
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZVSf4B6luPFGKBdPM2GI4ESMGB0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIxMDAwMDAwWhcNMjMwMzI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTY4YmE3NWEwOWM2MzI5OTRlNDkxNWZiMGEwMjliYjg1
MzA4MzI5MTQ1NWZkODgyNzlkM2ZjNzg1ZjY3NzVhODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMqIAuGkh9FSZJpgh0aQMDzz4a2gp+N0chdlXpIfQzRcex4au0/a
V/EhwKlnZJaxDsE5rSKwp21fLroDS7mcoKFZ6M1T+PkKz+q2+rGnKYS4H3Jgw7g3
KQdebsr0SQY+XuB1UTE1Pj+5aTnP5Pwt4XUOYexQOqV/sfvCEz3ctjkG8mxwe5R/
PcNSTN9ufYvxso7OkD0WvaUBNG1Rzzum4yNjRHZXARmLE6DMokjCVRoYoYaD73Y6
tU1MgyUlal5vzV9XXMc8kIRqSTVG9JUG+yzjZ5iPU9dgRpVxhZE+QwSRkrif68MS
MZ511OW3KoigIBYASrDnwvLupiurgliUT4cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRo0tY3Wi3aLOp6ZbVJgQ6dXLx6cTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2Q0ZTYwMTYtMTY2ZC00ZDQzLWFlYzQtMGU3ZDI2MDMzMDZjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEXyx+bIgFC7bTDJ
QuJF/Ht1FiILr5hccKPq+YG4CnS121OQOvhHWYjEk4lIj9DA/jDFPrhuMWwJsxRI
QE6B+uWaNA5dNWGWtZC4P+e9NaBE+MLOuZXRR8R3Xh9XBJgqYBrO6SF+qkCcJhPZ
J/3yKtSNtZUE2XqyDP29HblDIn/i2zDpFWAwd++5iiLPNCInnT3L3W1eA/mVLEfO
+of8okRo2FE19Evv4RkCl3wJvH2ei1AZecLnTdKEirXNOvXJ4GAkncdMVweA25KU
R5q9El0ulCA+r2yPCFhobL5EMAlIH6eJw+pPtuRd5jPsXx6Tiod46/8VQs26n5JE
dy0iXL8=
-----END CERTIFICATE-----