Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d3c62150-1edc-4441-9cb0-59f015823fc1.roa
File:                     d3c62150-1edc-4441-9cb0-59f015823fc1.roa (raw, json)
Hash identifier:          OcUEr1jlmwu37DixcXwfrwym0I/02smMQA3k5MtwOWE=
Subject key identifier:   4A:9E:A6:17:7F:74:1B:60:01:0E:3E:CA:46:66:6D:D4:92:A8:49:9F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       52EC322E67AE70E8991EAFADC359422C7561A40A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d3c62150-1edc-4441-9cb0-59f015823fc1.roa
Signing time:             Fri 03 Mar 2023 00:00:00 +0000
ROA not before:           Fri 03 Mar 2023 00:00:00 +0000
ROA not after:            Mon 06 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:ec:32:2e:67:ae:70:e8:99:1e:af:ad:c3:59:42:2c:75:61:a4:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  3 00:00:00 2023 GMT
            Not After : Mar  6 23:59:59 2023 GMT
        Subject: serialNumber=1fff0a2943c1fbae5ae7ec36bce6c5c6cecd03ef39411d1b87caca3e5bccf603, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:14:62:f0:29:11:85:9e:ff:72:05:59:cc:67:
                    52:2a:ba:58:95:2c:bc:1d:54:d3:f1:9b:45:0c:9c:
                    f9:a8:c7:8c:31:85:75:1a:4f:07:76:9e:ed:ad:2b:
                    6a:7c:17:af:ec:58:b7:fe:cc:e3:8c:7d:df:ac:59:
                    ae:48:0a:62:cd:cb:6e:48:2b:6f:e6:57:21:c2:0f:
                    35:f5:66:fc:e9:8a:f9:f7:d5:7f:33:3d:92:86:50:
                    62:72:a5:6b:57:79:a5:e3:d0:4f:e6:33:27:bd:59:
                    84:bb:aa:4e:82:b5:dc:51:d7:1b:90:94:32:33:bf:
                    d4:25:a2:48:f9:d0:75:a1:b3:8c:97:24:ad:45:94:
                    15:8f:c4:1e:de:29:26:a9:ea:9f:77:fb:03:ed:e2:
                    b3:90:d3:34:73:c2:29:97:9a:be:ba:ac:8e:e7:c2:
                    fb:50:72:7b:7d:27:9a:9e:6f:0b:41:ba:26:7a:28:
                    03:0c:9e:ff:b2:8f:b2:e5:f6:55:a8:32:f3:8a:f6:
                    a1:7e:65:83:ba:2d:3d:e9:a6:8b:2b:b4:f4:57:83:
                    1b:b4:aa:62:25:8c:16:be:5a:92:4e:67:c0:d4:1c:
                    94:f1:e1:27:03:ec:d8:c9:43:f2:f3:5e:7e:5e:b5:
                    2c:b4:76:37:76:13:75:b2:ae:45:c0:25:d3:c1:93:
                    9d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:9E:A6:17:7F:74:1B:60:01:0E:3E:CA:46:66:6D:D4:92:A8:49:9F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d3c62150-1edc-4441-9cb0-59f015823fc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:a9:3e:58:1e:80:f0:ee:77:90:fc:3c:9a:fe:6c:dd:2f:27:
         4b:f4:ea:ba:ea:19:1b:68:1c:e7:c9:84:c9:8a:89:76:0e:06:
         69:98:a1:14:82:cf:ac:c3:a1:5e:77:b2:49:9d:7e:b4:39:61:
         cf:4b:9f:92:b8:75:1b:27:75:6e:1b:db:ff:92:1f:91:6a:c8:
         89:98:6e:12:2c:17:e4:9b:14:22:30:5c:5c:e4:2f:18:e6:7f:
         01:5b:d1:b7:4c:22:e4:55:ff:95:17:a5:0d:dc:ec:3f:71:27:
         b4:3b:8e:88:ed:fd:33:e9:ab:be:82:c3:58:0e:c9:bc:6a:e3:
         35:14:8c:70:89:1e:ea:9b:cc:9e:d1:32:08:d5:57:82:73:2f:
         5c:4b:49:76:85:24:cf:33:5f:79:73:ca:71:39:47:09:fc:a6:
         71:9a:86:f1:68:48:23:6c:46:7b:04:0c:63:a4:db:34:a0:9c:
         12:b1:6b:46:8d:be:e8:4b:65:7f:86:d3:94:15:7d:61:4e:d0:
         06:9d:9d:df:a7:a7:05:11:95:c1:af:ce:b3:00:f5:ce:2e:aa:
         3c:25:1a:d6:3b:05:0e:2c:4b:bd:90:ba:b0:ca:09:1a:9b:5d:
         51:b9:6a:b0:ad:99:4f:7e:5f:62:a8:52:63:98:ac:b7:ad:eb:
         08:c3:97:65
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUuwyLmeucOiZHq+tw1lCLHVhpAowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzAzMDAwMDAwWhcNMjMwMzA2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWZmZjBhMjk0M2MxZmJhZTVhZTdlYzM2YmNlNmM1YzZj
ZWNkMDNlZjM5NDExZDFiODdjYWNhM2U1YmNjZjYwMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANAUYvApEYWe/3IFWcxnUiq6WJUsvB1U0/GbRQyc+ajHjDGFdRpP
B3ae7a0ranwXr+xYt/7M44x936xZrkgKYs3Lbkgrb+ZXIcIPNfVm/OmK+ffVfzM9
koZQYnKla1d5pePQT+YzJ71ZhLuqToK13FHXG5CUMjO/1CWiSPnQdaGzjJckrUWU
FY/EHt4pJqnqn3f7A+3is5DTNHPCKZeavrqsjufC+1Bye30nmp5vC0G6JnooAwye
/7KPsuX2Vagy84r2oX5lg7otPemmiyu09FeDG7SqYiWMFr5akk5nwNQclPHhJwPs
2MlD8vNefl61LLR2N3YTdbKuRcAl08GTnecCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRKnqYXf3QbYAEOPspGZm3UkqhJnzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDNjNjIxNTAtMWVkYy00NDQxLTljYjAtNTlmMDE1ODIzZmMxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALSpPlgegPDud5D8
PJr+bN0vJ0v06rrqGRtoHOfJhMmKiXYOBmmYoRSCz6zDoV53skmdfrQ5Yc9Ln5K4
dRsndW4b2/+SH5FqyImYbhIsF+SbFCIwXFzkLxjmfwFb0bdMIuRV/5UXpQ3c7D9x
J7Q7jojt/TPpq76Cw1gOybxq4zUUjHCJHuqbzJ7RMgjVV4JzL1xLSXaFJM8zX3lz
ynE5Rwn8pnGahvFoSCNsRnsEDGOk2zSgnBKxa0aNvuhLZX+G05QVfWFO0Aadnd+n
pwURlcGvzrMA9c4uqjwlGtY7BQ4sS72QurDKCRqbXVG5arCtmU9+X2KoUmOYrLet
6wjDl2U=
-----END CERTIFICATE-----