Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d3db20e0-9608-4e60-9161-438853aa8320.roa
File:                     d3db20e0-9608-4e60-9161-438853aa8320.roa (raw, json)
Hash identifier:          zwsaPkFEt52JlfTQyMOHrSDZtOs7DuY3i7q3SwgqN/4=
Subject key identifier:   58:71:DA:82:A7:0A:23:D7:F0:E0:CF:42:54:B8:07:29:E0:9D:BA:C3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       028E15F34BCACF4E93FD13047D4067332EC4554D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d3db20e0-9608-4e60-9161-438853aa8320.roa
Signing time:             Sat 14 Jan 2023 00:00:00 +0000
ROA not before:           Sat 14 Jan 2023 00:00:00 +0000
ROA not after:            Tue 17 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:8e:15:f3:4b:ca:cf:4e:93:fd:13:04:7d:40:67:33:2e:c4:55:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 14 00:00:00 2023 GMT
            Not After : Jan 17 23:59:59 2023 GMT
        Subject: serialNumber=67a691803c77e9929fcc8e833e9f0b7a49af588c070bac22abb58b290dd11ddd, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4c:bb:70:3b:6f:02:94:37:3e:30:cb:5d:6d:
                    54:29:ed:dc:72:e5:67:64:44:06:c4:c3:c8:9d:00:
                    32:89:74:57:d7:15:1c:3e:9b:50:a3:49:2f:09:aa:
                    4f:bc:09:22:6f:ee:e2:fc:3b:94:b1:72:e2:b7:86:
                    5b:58:0a:30:78:1f:67:d6:74:6d:c7:8b:34:48:f7:
                    3a:17:6f:ef:a7:28:a6:e8:4d:76:5f:79:8f:c2:11:
                    e7:f2:45:93:3e:2f:49:4e:b9:7f:60:5e:d4:87:3e:
                    8c:39:e9:be:95:c2:62:8b:ee:a8:e9:a1:77:f6:69:
                    37:4f:92:12:b5:9e:48:c7:ae:c3:0d:3d:93:22:7e:
                    40:66:93:c4:75:ba:61:33:07:ab:4f:a5:98:9d:1b:
                    1b:cd:15:e2:f3:bf:3a:c3:8c:a6:9e:b2:11:43:94:
                    c2:67:be:6b:36:10:14:ce:70:1c:cf:25:58:40:cd:
                    cc:8c:cf:1e:9d:29:1c:c6:ce:41:01:8a:1f:0b:ee:
                    89:f0:65:54:04:0d:c5:77:08:01:d1:31:ab:cc:26:
                    fd:2a:4b:dd:4a:b5:36:58:17:52:4e:4e:27:81:0e:
                    b0:2c:24:4f:61:f6:f1:5c:ff:36:61:67:3c:06:2b:
                    f5:73:7c:41:0f:12:55:95:94:30:d8:78:b8:d6:48:
                    5b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:71:DA:82:A7:0A:23:D7:F0:E0:CF:42:54:B8:07:29:E0:9D:BA:C3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d3db20e0-9608-4e60-9161-438853aa8320.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:4a:23:3a:ad:b4:d8:33:a1:e0:29:44:ba:d5:bf:7e:ed:9e:
         43:62:96:50:a1:98:c5:f0:0b:3b:de:16:a4:2b:88:8f:9e:f5:
         f0:34:07:a0:5b:fa:c2:44:77:ab:0a:64:b6:33:ef:77:08:2b:
         8d:49:1b:3e:ee:d5:be:00:79:ab:75:09:ad:b8:02:4e:84:64:
         7e:3c:d3:bd:9b:4f:21:a2:4f:c7:05:4b:97:9c:f9:64:58:fa:
         0b:42:c3:2c:61:52:5f:e2:e1:5c:17:65:3d:5d:8e:5e:5e:3c:
         0b:89:1d:d4:a1:9e:69:f2:2a:fd:d9:26:48:28:76:65:e0:b6:
         dd:45:08:81:50:e5:df:7d:bf:33:0e:b8:b3:a9:e8:91:8d:3e:
         d9:e2:66:7b:d7:50:32:d0:b2:f7:55:17:9a:96:70:51:b0:0a:
         a0:56:d2:32:d2:11:97:57:99:87:92:4a:98:d2:a8:75:17:fc:
         44:cd:b2:2b:c3:ee:71:23:01:6d:66:c8:e0:f8:fb:4b:be:e8:
         04:3c:88:fa:fc:08:eb:03:ed:e2:f1:1f:6f:3e:55:b2:5f:a0:
         e5:62:f4:73:9e:e1:11:86:30:4d:20:22:f2:33:97:5b:40:2f:
         78:e8:4d:d7:97:58:05:40:d6:40:70:f6:d0:31:e0:af:07:c7:
         c4:44:7b:00
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAo4V80vKz06T/RMEfUBnMy7EVU0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTE0MDAwMDAwWhcNMjMwMTE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjdhNjkxODAzYzc3ZTk5MjlmY2M4ZTgzM2U5ZjBiN2E0
OWFmNTg4YzA3MGJhYzIyYWJiNThiMjkwZGQxMWRkZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALpMu3A7bwKUNz4wy11tVCnt3HLlZ2REBsTDyJ0AMol0V9cVHD6b
UKNJLwmqT7wJIm/u4vw7lLFy4reGW1gKMHgfZ9Z0bceLNEj3Ohdv76copuhNdl95
j8IR5/JFkz4vSU65f2Be1Ic+jDnpvpXCYovuqOmhd/ZpN0+SErWeSMeuww09kyJ+
QGaTxHW6YTMHq0+lmJ0bG80V4vO/OsOMpp6yEUOUwme+azYQFM5wHM8lWEDNzIzP
Hp0pHMbOQQGKHwvuifBlVAQNxXcIAdExq8wm/SpL3Uq1NlgXUk5OJ4EOsCwkT2H2
8Vz/NmFnPAYr9XN8QQ8SVZWUMNh4uNZIWxcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRYcdqCpwoj1/Dgz0JUuAcp4J26wzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDNkYjIwZTAtOTYwOC00ZTYwLTkxNjEtNDM4ODUzYWE4MzIwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALpKIzqttNgzoeAp
RLrVv37tnkNillChmMXwCzveFqQriI+e9fA0B6Bb+sJEd6sKZLYz73cIK41JGz7u
1b4Aeat1Ca24Ak6EZH48072bTyGiT8cFS5ec+WRY+gtCwyxhUl/i4VwXZT1djl5e
PAuJHdShnmnyKv3ZJkgodmXgtt1FCIFQ5d99vzMOuLOp6JGNPtniZnvXUDLQsvdV
F5qWcFGwCqBW0jLSEZdXmYeSSpjSqHUX/ETNsivD7nEjAW1myOD4+0u+6AQ8iPr8
COsD7eLxH28+VbJfoOVi9HOe4RGGME0gIvIzl1tAL3joTdeXWAVA1kBw9tAx4K8H
x8REewA=
-----END CERTIFICATE-----