Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d08f5152-bb1e-4460-bf6b-860d82577029.roa
File:                     d08f5152-bb1e-4460-bf6b-860d82577029.roa (raw, json)
Hash identifier:          tS4w7yQIbDdZLBQldLq9bqM84xKg/0ZL4RU8eRXqnZI=
Subject key identifier:   89:D5:DC:C3:27:11:13:0D:84:8D:89:CF:71:00:B6:2F:F0:DC:26:BF
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       063E8C79A95AB23614EA9B4F9DF3D0084BCA79B2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d08f5152-bb1e-4460-bf6b-860d82577029.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:3e:8c:79:a9:5a:b2:36:14:ea:9b:4f:9d:f3:d0:08:4b:ca:79:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=deac4965db2ff57ce5ab664a88da91b55683d24713ffc148a31c48a213387e48, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:88:8f:1a:d3:ab:39:23:4b:ed:86:2c:a9:62:
                    1e:07:58:08:ef:34:3a:a8:38:0e:93:d0:b1:a8:fa:
                    0d:75:6d:2a:4f:b8:14:86:b8:f5:8b:d8:14:b2:d2:
                    4c:c5:2f:ab:b6:4d:6d:97:74:7f:a2:80:8f:c1:bc:
                    86:9b:30:4c:ad:88:b8:0f:33:b9:ea:54:53:6e:5f:
                    0e:e6:3d:51:00:95:61:15:89:2d:de:79:5c:d3:e3:
                    4f:86:c6:4c:97:a1:97:3d:be:04:ce:de:0f:6e:11:
                    12:38:2e:3f:d2:77:1c:a3:ff:87:bb:d0:41:95:e1:
                    d8:9e:c8:1c:28:60:fa:1a:64:6c:2f:52:cb:00:12:
                    e6:80:ac:2e:27:36:e9:86:b8:b9:75:91:fc:71:32:
                    23:42:68:96:a5:56:ff:29:5a:71:0b:5d:47:bc:fe:
                    e6:77:23:6c:c9:e8:86:86:d3:c1:13:37:ec:58:29:
                    99:dd:cc:f9:d1:88:66:a8:10:d3:25:09:87:06:57:
                    be:c9:86:fb:bc:8e:64:04:39:72:b4:b6:db:08:81:
                    49:4e:32:df:05:2a:54:1b:42:c6:64:12:81:5b:ab:
                    be:03:8b:80:b2:86:2f:a1:69:f6:a1:73:15:2e:ac:
                    26:5f:e9:be:af:4e:87:4b:23:c2:e7:7e:80:57:59:
                    7c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:D5:DC:C3:27:11:13:0D:84:8D:89:CF:71:00:B6:2F:F0:DC:26:BF
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d08f5152-bb1e-4460-bf6b-860d82577029.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:34:40:77:41:97:9b:f3:20:70:73:d1:93:13:99:16:93:9b:
         2c:e4:8e:b3:4d:10:95:dd:9d:a8:cd:1f:5b:d4:34:56:0d:4c:
         db:32:9b:6f:38:cc:c7:bd:4c:e5:8e:95:bd:1c:13:b8:5f:3a:
         f9:67:39:5b:35:ce:21:cd:a0:de:5a:aa:72:a3:d1:e2:a5:52:
         25:07:d7:32:c0:d1:cf:4c:f1:c8:0a:d4:4e:e9:77:42:7a:59:
         ba:52:6b:48:e2:74:00:e0:3a:5d:25:80:4c:22:50:06:df:13:
         04:c8:7b:91:36:06:22:a4:90:08:79:84:af:d3:ca:0d:4f:09:
         46:a7:ea:7d:74:c2:da:f0:b1:4d:22:c3:11:77:86:55:a4:ae:
         df:b3:aa:25:53:ef:db:73:3b:14:65:ac:be:9e:6b:dd:96:d4:
         12:09:40:59:63:69:37:d3:c0:aa:03:be:54:ba:f7:2f:21:80:
         99:d5:67:5c:9e:4a:f7:28:8b:ac:29:16:8f:14:c9:81:40:ef:
         e0:f7:6b:5f:70:f9:83:72:eb:84:9f:31:6b:45:e3:d6:62:a8:
         6f:c6:88:b5:82:b5:df:62:6d:2a:f9:be:e9:81:94:19:2c:68:
         e6:7b:2e:f7:75:3a:7b:56:d1:6f:07:b5:d0:9e:e8:a6:ac:d9:
         e5:00:73:f7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBj6MealasjYU6ptPnfPQCEvKebIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGVhYzQ5NjVkYjJmZjU3Y2U1YWI2NjRhODhkYTkxYjU1
NjgzZDI0NzEzZmZjMTQ4YTMxYzQ4YTIxMzM4N2U0ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANeIjxrTqzkjS+2GLKliHgdYCO80Oqg4DpPQsaj6DXVtKk+4FIa4
9YvYFLLSTMUvq7ZNbZd0f6KAj8G8hpswTK2IuA8zuepUU25fDuY9UQCVYRWJLd55
XNPjT4bGTJehlz2+BM7eD24REjguP9J3HKP/h7vQQZXh2J7IHChg+hpkbC9SywAS
5oCsLic26Ya4uXWR/HEyI0JolqVW/ylacQtdR7z+5ncjbMnohobTwRM37Fgpmd3M
+dGIZqgQ0yUJhwZXvsmG+7yOZAQ5crS22wiBSU4y3wUqVBtCxmQSgVurvgOLgLKG
L6Fp9qFzFS6sJl/pvq9Oh0sjwud+gFdZfC8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSJ1dzDJxETDYSNic9xALYv8NwmvzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDA4ZjUxNTItYmIxZS00NDYwLWJmNmItODYwZDgyNTc3MDI5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMo0QHdBl5vzIHBz
0ZMTmRaTmyzkjrNNEJXdnajNH1vUNFYNTNsym284zMe9TOWOlb0cE7hfOvlnOVs1
ziHNoN5aqnKj0eKlUiUH1zLA0c9M8cgK1E7pd0J6WbpSa0jidADgOl0lgEwiUAbf
EwTIe5E2BiKkkAh5hK/Tyg1PCUan6n10wtrwsU0iwxF3hlWkrt+zqiVT79tzOxRl
rL6ea92W1BIJQFljaTfTwKoDvlS69y8hgJnVZ1yeSvcoi6wpFo8UyYFA7+D3a19w
+YNy64SfMWtF49ZiqG/GiLWCtd9ibSr5vumBlBksaOZ7Lvd1OntW0W8HtdCe6Kas
2eUAc/c=
-----END CERTIFICATE-----