Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d07e66ba-aaff-4dd8-8d23-5829d9462995.roa
File:                     d07e66ba-aaff-4dd8-8d23-5829d9462995.roa (raw, json)
Hash identifier:          xaCnu/Ix/jy+jh11s32RXMB7xIki8Z0AdVOEdS9+Uhs=
Subject key identifier:   45:A6:9C:48:DB:60:21:30:9E:89:C0:20:56:53:BF:08:D0:1B:F3:63
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7A4C96FC70386D3FB8421389CEA2A3E62D6E8715
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d07e66ba-aaff-4dd8-8d23-5829d9462995.roa
Signing time:             Sun 19 Feb 2023 00:00:00 +0000
ROA not before:           Sun 19 Feb 2023 00:00:00 +0000
ROA not after:            Wed 22 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:4c:96:fc:70:38:6d:3f:b8:42:13:89:ce:a2:a3:e6:2d:6e:87:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 19 00:00:00 2023 GMT
            Not After : Feb 22 23:59:59 2023 GMT
        Subject: serialNumber=d46fd0ff7c21891782b667796b6b7a068cf56a97c8c6a4d9a3a9cf78224d885c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:86:6b:b0:87:a0:0c:26:15:5d:ab:86:8a:6a:
                    41:b5:3c:70:09:af:0d:39:8b:30:a5:af:7e:da:e4:
                    de:30:5c:69:57:e3:c5:99:70:3c:d1:90:ba:97:91:
                    64:d6:c5:a2:66:0e:16:c9:97:6a:e9:df:1c:59:23:
                    ab:e3:dd:ab:c0:c7:5c:a5:b0:22:c4:7a:1d:f7:a2:
                    70:a7:41:7c:72:a7:bb:da:98:24:fa:65:fb:2b:c5:
                    3b:ab:36:4e:14:18:62:9a:a4:93:fc:78:c9:46:a3:
                    58:ca:3a:eb:c4:7e:de:1c:61:13:cf:7f:b9:98:fb:
                    e1:83:2e:13:22:20:ae:44:0d:75:16:22:d5:ea:24:
                    c0:c1:ac:bc:9e:96:ff:af:32:ed:ab:12:59:10:ee:
                    ff:0d:90:12:d7:d3:43:a3:6f:9c:1d:92:6e:03:0b:
                    6f:af:e7:dd:d0:71:1d:14:95:15:26:e1:ed:ad:3b:
                    10:59:36:81:46:2d:92:05:a3:93:d2:ea:51:bf:91:
                    f7:0f:de:b3:48:8b:99:f8:38:b7:dd:c8:4c:19:7a:
                    cd:a7:fa:e3:da:ae:57:ae:1d:28:71:55:a9:aa:ca:
                    a2:cb:69:2e:21:fb:29:ea:a7:54:cc:1f:57:c8:ba:
                    13:1d:f3:46:e9:a9:2c:71:4e:cf:07:45:78:54:cf:
                    cb:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:A6:9C:48:DB:60:21:30:9E:89:C0:20:56:53:BF:08:D0:1B:F3:63
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d07e66ba-aaff-4dd8-8d23-5829d9462995.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:94:8e:3a:68:27:09:91:17:5b:03:68:ad:f1:59:9b:16:41:
         da:5c:37:03:62:fd:45:1f:44:c8:b4:e8:29:95:0f:2f:59:97:
         12:27:15:6f:04:f0:e7:7e:25:62:4b:6b:f8:c6:e0:29:75:37:
         08:b7:d4:48:58:ce:47:c1:9c:02:99:db:eb:d6:f0:59:a8:0b:
         79:47:bb:ad:36:7f:f5:4e:2a:92:54:76:bd:a2:fc:07:01:03:
         b5:9c:6c:79:bb:1c:cc:55:fb:f9:2e:92:a5:10:b5:3a:f4:46:
         71:b8:69:32:b2:68:66:46:1e:0b:88:7f:79:5b:38:c3:49:6e:
         1c:1d:85:0b:2f:17:c8:07:5f:be:4a:47:d8:15:7e:66:29:92:
         25:ac:71:e9:e0:73:80:bd:85:0a:74:c8:3f:26:11:12:fd:65:
         92:6e:ce:a7:c5:a5:72:e0:66:0f:a4:30:7d:d1:bc:05:ac:ec:
         bf:e6:61:70:0f:d8:0b:97:b2:a9:4a:c2:65:3c:33:ba:e8:4b:
         dd:b3:6b:e3:18:ea:f8:94:1e:2c:1d:ec:be:8d:a9:cd:5a:7b:
         56:a6:f0:12:42:b2:c5:ba:e2:4f:99:72:8a:9f:ba:a7:ee:e6:
         ed:5a:05:64:ef:79:66:30:c4:c7:ab:e1:7f:87:fb:87:d9:90:
         b5:17:c4:db
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUekyW/HA4bT+4QhOJzqKj5i1uhxUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE5MDAwMDAwWhcNMjMwMjIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDQ2ZmQwZmY3YzIxODkxNzgyYjY2Nzc5NmI2YjdhMDY4
Y2Y1NmE5N2M4YzZhNGQ5YTNhOWNmNzgyMjRkODg1YzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKyGa7CHoAwmFV2rhopqQbU8cAmvDTmLMKWvftrk3jBcaVfjxZlw
PNGQupeRZNbFomYOFsmXaunfHFkjq+Pdq8DHXKWwIsR6HfeicKdBfHKnu9qYJPpl
+yvFO6s2ThQYYpqkk/x4yUajWMo668R+3hxhE89/uZj74YMuEyIgrkQNdRYi1eok
wMGsvJ6W/68y7asSWRDu/w2QEtfTQ6NvnB2SbgMLb6/n3dBxHRSVFSbh7a07EFk2
gUYtkgWjk9LqUb+R9w/es0iLmfg4t93ITBl6zaf649quV64dKHFVqarKostpLiH7
KeqnVMwfV8i6Ex3zRumpLHFOzwdFeFTPy18CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRFppxI22AhMJ6JwCBWU78I0BvzYzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDA3ZTY2YmEtYWFmZi00ZGQ4LThkMjMtNTgyOWQ5NDYyOTk1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADuUjjpoJwmRF1sD
aK3xWZsWQdpcNwNi/UUfRMi06CmVDy9ZlxInFW8E8Od+JWJLa/jG4Cl1Nwi31EhY
zkfBnAKZ2+vW8FmoC3lHu602f/VOKpJUdr2i/AcBA7WcbHm7HMxV+/kukqUQtTr0
RnG4aTKyaGZGHguIf3lbOMNJbhwdhQsvF8gHX75KR9gVfmYpkiWscengc4C9hQp0
yD8mERL9ZZJuzqfFpXLgZg+kMH3RvAWs7L/mYXAP2AuXsqlKwmU8M7roS92za+MY
6viUHiwd7L6Nqc1ae1am8BJCssW64k+Zcoqfuqfu5u1aBWTveWYwxMer4X+H+4fZ
kLUXxNs=
-----END CERTIFICATE-----