Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d56520a3-72ab-4655-822c-b4c17c18548b.roa
File:                     d56520a3-72ab-4655-822c-b4c17c18548b.roa (raw, json)
Hash identifier:          /+VcjBD3dudXSowybSQdboqfIRSrTXXvVBCeZlZOLYk=
Subject key identifier:   62:15:85:2F:FC:5B:8C:A8:5E:77:14:34:8C:53:2D:6B:10:AE:D0:0C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3EF038A8094BEEEC3C627FC99886C38B9A1F3EE5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d56520a3-72ab-4655-822c-b4c17c18548b.roa
Signing time:             Wed 22 Mar 2023 00:00:00 +0000
ROA not before:           Wed 22 Mar 2023 00:00:00 +0000
ROA not after:            Sat 25 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:f0:38:a8:09:4b:ee:ec:3c:62:7f:c9:98:86:c3:8b:9a:1f:3e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 22 00:00:00 2023 GMT
            Not After : Mar 25 23:59:59 2023 GMT
        Subject: serialNumber=2f40a2b8d6e7ca3d8135a2a8c578fecb1464611ba47ad6ef241732c919486f68, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8e:b3:8e:c6:ef:00:f0:36:f7:22:77:48:cd:
                    ce:5a:9e:7f:2c:80:2e:fe:49:95:61:b7:11:c9:df:
                    26:33:f9:4d:d5:4d:b5:a2:5f:00:64:69:4e:98:75:
                    cd:fc:b4:ce:7b:32:5c:a2:d2:ce:85:76:e8:6d:dd:
                    a3:c9:73:13:65:ea:9b:89:0c:6d:1d:05:a8:91:c9:
                    93:f0:73:e6:a5:7a:a7:3f:ee:3f:4e:38:06:31:90:
                    7a:4d:5a:bb:90:b0:14:8e:48:1e:56:1b:ac:38:57:
                    cd:e7:bb:ca:a2:a0:b4:ab:5b:6c:06:58:34:4c:3a:
                    6c:ae:2d:3d:b0:33:13:2e:d6:f5:cf:09:93:22:08:
                    0c:25:04:9f:21:b9:89:b6:1e:0f:b2:26:7b:5a:17:
                    1e:4f:48:67:01:4f:ea:76:1e:57:31:5a:22:96:20:
                    8f:53:24:33:b5:1a:90:7e:74:c6:6c:0c:c2:cf:05:
                    39:e8:d3:8c:61:81:94:f3:2e:c3:47:2f:8a:ec:09:
                    7d:ed:4f:94:20:42:00:72:11:df:19:4f:fc:54:9b:
                    bf:88:7a:df:bf:0a:51:09:94:90:ae:2f:19:6f:49:
                    49:d7:31:db:96:2c:f9:b3:fc:d2:ab:f9:ba:42:24:
                    c3:b0:4d:22:51:24:1c:dc:2e:20:9e:4e:0a:19:00:
                    d6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:15:85:2F:FC:5B:8C:A8:5E:77:14:34:8C:53:2D:6B:10:AE:D0:0C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d56520a3-72ab-4655-822c-b4c17c18548b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:28:b3:d0:a7:af:a0:81:ec:72:41:f8:20:8c:c2:ad:b1:5e:
         65:76:58:c1:43:cb:af:f3:7f:2f:bf:18:e0:b2:34:d6:17:89:
         69:44:1e:1b:ac:6a:59:cc:7b:bb:1f:f3:4d:fa:69:c7:29:12:
         df:4a:c4:64:d6:86:85:e2:db:ca:20:35:be:d0:93:de:0a:ac:
         82:2b:df:25:95:47:d8:8e:97:a7:38:ee:62:a8:7c:7c:68:11:
         94:b3:d0:34:08:13:00:bc:34:d5:3c:e9:1f:3f:ff:ec:ac:4d:
         c8:31:29:f1:4f:a4:2e:01:d8:bc:61:7e:48:30:07:26:f9:49:
         80:c1:eb:73:ff:89:a5:1f:d0:e4:ff:5d:40:b4:1e:0c:93:25:
         2a:fd:41:f3:97:d4:35:d8:68:f5:92:e8:4c:c1:c4:4e:66:96:
         b5:42:bd:c3:31:83:38:98:eb:68:b8:d3:b8:e3:6d:14:02:b2:
         e4:25:3b:9a:fc:e1:6a:31:2e:63:91:c1:1e:c5:c1:0c:b8:40:
         3f:70:64:a9:3f:d0:b9:6f:0f:e2:78:b0:fe:b6:82:b9:8a:a0:
         e6:ae:74:fd:89:d3:d7:52:a4:35:07:0a:79:e9:0a:15:aa:aa:
         b1:57:f9:86:ba:85:80:7f:e9:7c:84:57:d6:db:0f:d0:85:cf:
         06:57:b7:c4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPvA4qAlL7uw8Yn/JmIbDi5ofPuUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIyMDAwMDAwWhcNMjMwMzI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmY0MGEyYjhkNmU3Y2EzZDgxMzVhMmE4YzU3OGZlY2Ix
NDY0NjExYmE0N2FkNmVmMjQxNzMyYzkxOTQ4NmY2ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJaOs47G7wDwNvcid0jNzlqefyyALv5JlWG3EcnfJjP5TdVNtaJf
AGRpTph1zfy0znsyXKLSzoV26G3do8lzE2Xqm4kMbR0FqJHJk/Bz5qV6pz/uP044
BjGQek1au5CwFI5IHlYbrDhXzee7yqKgtKtbbAZYNEw6bK4tPbAzEy7W9c8JkyII
DCUEnyG5ibYeD7Ime1oXHk9IZwFP6nYeVzFaIpYgj1MkM7UakH50xmwMws8FOejT
jGGBlPMuw0cviuwJfe1PlCBCAHIR3xlP/FSbv4h6378KUQmUkK4vGW9JSdcx25Ys
+bP80qv5ukIkw7BNIlEkHNwuIJ5OChkA1jcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRiFYUv/FuMqF53FDSMUy1rEK7QDDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDU2NTIwYTMtNzJhYi00NjU1LTgyMmMtYjRjMTdjMTg1NDhiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKsos9Cnr6CB7HJB
+CCMwq2xXmV2WMFDy6/zfy+/GOCyNNYXiWlEHhusalnMe7sf8036accpEt9KxGTW
hoXi28ogNb7Qk94KrIIr3yWVR9iOl6c47mKofHxoEZSz0DQIEwC8NNU86R8//+ys
TcgxKfFPpC4B2LxhfkgwByb5SYDB63P/iaUf0OT/XUC0HgyTJSr9QfOX1DXYaPWS
6EzBxE5mlrVCvcMxgziY62i407jjbRQCsuQlO5r84WoxLmORwR7FwQy4QD9wZKk/
0LlvD+J4sP62grmKoOaudP2J09dSpDUHCnnpChWqqrFX+Ya6hYB/6XyEV9bbD9CF
zwZXt8Q=
-----END CERTIFICATE-----