Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d17bfb69-905c-455f-8537-1882a540a794.roa
File:                     d17bfb69-905c-455f-8537-1882a540a794.roa (raw, json)
Hash identifier:          dtUZF2NEGPbI7yI4+sCkXslrkT0CQ/im/hAIj0QJFSE=
Subject key identifier:   AB:84:6B:64:D1:30:B7:B7:48:E7:A0:F2:5B:AC:7C:0E:89:D5:4A:5B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5289B5A6FFD2E38FDD4695667DFDF90374857BF3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d17bfb69-905c-455f-8537-1882a540a794.roa
Signing time:             Sun 23 Apr 2023 00:00:00 +0000
ROA not before:           Sun 23 Apr 2023 00:00:00 +0000
ROA not after:            Wed 26 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:89:b5:a6:ff:d2:e3:8f:dd:46:95:66:7d:fd:f9:03:74:85:7b:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 23 00:00:00 2023 GMT
            Not After : Apr 26 23:59:59 2023 GMT
        Subject: serialNumber=73bc346c0065e08d0bbf75739dda3a5359d32742af3c984e1311373068317ac8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b9:d4:7c:5b:9e:fb:71:88:03:35:86:a1:9c:
                    15:04:e2:09:39:c3:94:93:d6:4e:81:4e:ff:a6:d9:
                    a7:15:4f:67:21:46:4f:97:56:c1:77:83:0f:44:2d:
                    f4:36:30:83:2a:7b:04:cf:67:f3:76:c5:40:7f:af:
                    a7:77:cf:8e:e8:dd:69:9b:96:19:22:d0:96:d2:b8:
                    6c:80:1f:2a:10:fb:02:6b:1f:c8:bf:2e:77:9b:26:
                    62:ee:82:b8:46:0e:b5:5f:1a:67:6d:d0:8e:ca:87:
                    28:8f:79:de:eb:09:b4:a4:1a:ec:37:79:65:2f:4f:
                    bb:04:90:35:87:15:49:2c:b5:c7:14:f9:00:38:ee:
                    68:b4:a1:8b:4f:ac:0d:81:8c:df:9e:18:be:79:92:
                    d8:99:c2:49:f3:07:25:af:2d:aa:9d:7f:c4:70:76:
                    75:ba:aa:7c:be:a4:7d:e3:62:57:90:3d:d7:57:8e:
                    c5:2e:47:20:d7:c9:42:14:6b:f7:2a:77:38:2d:39:
                    fa:99:48:5a:e3:b5:19:04:91:d6:1a:70:c3:16:40:
                    73:c0:b9:97:4d:20:72:2b:5f:59:6c:a6:33:b7:c9:
                    2d:53:2c:d1:b3:2a:4e:74:2b:dd:8e:e9:78:f0:83:
                    70:da:3b:d8:72:e4:87:af:c5:91:9a:c5:73:92:10:
                    b2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:84:6B:64:D1:30:B7:B7:48:E7:A0:F2:5B:AC:7C:0E:89:D5:4A:5B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d17bfb69-905c-455f-8537-1882a540a794.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:59:77:b5:70:d9:a4:f2:4e:d6:29:d9:29:b5:3d:95:b5:1e:
         4b:35:54:6d:2c:1d:dc:40:4f:60:c9:13:65:a8:7f:85:e4:88:
         10:93:60:42:7d:16:5c:eb:ee:b7:4d:b5:ca:04:c1:fb:aa:d3:
         80:31:05:ad:de:6b:fc:94:e9:04:3c:e5:e6:2d:33:a0:a0:73:
         3f:a0:68:0c:90:1e:4f:83:95:aa:dd:cd:a1:e0:e2:35:53:ec:
         2e:6f:57:b2:e6:a0:83:ea:5a:52:77:8c:01:94:08:df:43:91:
         89:b1:2b:3d:63:c3:46:d8:59:de:0c:7a:70:cd:a7:e6:71:00:
         cf:8e:6a:aa:5d:e3:77:d3:9a:a5:96:d4:c9:62:3e:b6:08:e5:
         d8:68:3a:25:11:b0:51:90:83:e3:79:31:48:3f:69:2e:65:e6:
         9f:68:5d:d6:37:2e:64:b9:f2:1e:19:6d:d9:7f:e3:de:02:81:
         d6:fd:27:a2:20:27:a0:76:e7:bb:85:3f:31:f9:eb:48:80:aa:
         9e:b5:af:59:15:af:ef:b6:a8:b3:f5:dd:c4:3b:7e:95:fc:36:
         9d:a5:88:0d:a6:44:d1:8a:c4:cb:f0:5e:e4:c7:2a:e2:b7:bf:
         a0:fb:c3:e6:f1:00:6a:79:03:86:00:83:81:9b:08:5e:a6:d6:
         33:cd:e9:d9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUom1pv/S44/dRpVmff35A3SFe/MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIzMDAwMDAwWhcNMjMwNDI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzNiYzM0NmMwMDY1ZTA4ZDBiYmY3NTczOWRkYTNhNTM1
OWQzMjc0MmFmM2M5ODRlMTMxMTM3MzA2ODMxN2FjODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKW51HxbnvtxiAM1hqGcFQTiCTnDlJPWToFO/6bZpxVPZyFGT5dW
wXeDD0Qt9DYwgyp7BM9n83bFQH+vp3fPjujdaZuWGSLQltK4bIAfKhD7AmsfyL8u
d5smYu6CuEYOtV8aZ23QjsqHKI953usJtKQa7Dd5ZS9PuwSQNYcVSSy1xxT5ADju
aLShi0+sDYGM354YvnmS2JnCSfMHJa8tqp1/xHB2dbqqfL6kfeNiV5A911eOxS5H
INfJQhRr9yp3OC05+plIWuO1GQSR1hpwwxZAc8C5l00gcitfWWymM7fJLVMs0bMq
TnQr3Y7pePCDcNo72HLkh6/FkZrFc5IQsukCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSrhGtk0TC3t0jnoPJbrHwOidVKWzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDE3YmZiNjktOTA1Yy00NTVmLTg1MzctMTg4MmE1NDBhNzk0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ9Zd7Vw2aTyTtYp
2Sm1PZW1Hks1VG0sHdxAT2DJE2Wof4XkiBCTYEJ9Flzr7rdNtcoEwfuq04AxBa3e
a/yU6QQ85eYtM6Cgcz+gaAyQHk+DlardzaHg4jVT7C5vV7LmoIPqWlJ3jAGUCN9D
kYmxKz1jw0bYWd4MenDNp+ZxAM+Oaqpd43fTmqWW1MliPrYI5dhoOiURsFGQg+N5
MUg/aS5l5p9oXdY3LmS58h4Zbdl/494Cgdb9J6IgJ6B257uFPzH560iAqp61r1kV
r++2qLP13cQ7fpX8Np2liA2mRNGKxMvwXuTHKuK3v6D7w+bxAGp5A4YAg4GbCF6m
1jPN6dk=
-----END CERTIFICATE-----