Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/de9b7a3d-c651-407f-b152-940655467edc.roa
File:                     de9b7a3d-c651-407f-b152-940655467edc.roa (raw, json)
Hash identifier:          afF5Appcounrtb5s0ts1njMtKZ3CX0cVVpvO/pUW8No=
Subject key identifier:   CA:CC:FB:82:E0:33:B5:A5:C0:13:A6:41:3C:2E:21:1C:91:72:64:DB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       653DAAAA93DDDD27D061305BA275660134400D0F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/de9b7a3d-c651-407f-b152-940655467edc.roa
Signing time:             Wed 15 Feb 2023 00:00:00 +0000
ROA not before:           Wed 15 Feb 2023 00:00:00 +0000
ROA not after:            Sat 18 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:3d:aa:aa:93:dd:dd:27:d0:61:30:5b:a2:75:66:01:34:40:0d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 15 00:00:00 2023 GMT
            Not After : Feb 18 23:59:59 2023 GMT
        Subject: serialNumber=0be643a34d7036a164801090e9492ef93ba75c2a39b076d56bc89bd8302b2eb5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d6:6a:42:dd:d0:f3:0c:e2:d6:42:e8:58:ee:
                    9f:2d:16:9e:41:74:23:77:1f:6d:4d:83:f7:45:5c:
                    02:91:28:66:f1:b0:84:b3:db:b6:9e:83:89:1a:ee:
                    d8:d4:5b:60:1f:61:3d:49:e5:6a:5d:29:c7:48:da:
                    d1:28:29:91:7d:f4:48:cb:2f:7b:02:d5:f9:f9:d9:
                    6d:ca:17:56:6d:58:da:06:55:df:04:b9:5b:c4:65:
                    10:0a:27:da:e4:21:48:84:d7:d2:e4:fa:51:1d:af:
                    4f:df:cb:ad:8c:70:b4:58:55:a1:53:b1:32:e7:f4:
                    b9:2a:0f:20:88:14:de:93:bd:d7:39:5b:18:85:f4:
                    8e:0d:57:8c:cf:6e:2a:91:ae:a3:38:43:8f:d9:53:
                    c9:0b:2b:71:ed:a5:80:21:09:0b:9b:33:6f:c9:58:
                    11:88:14:46:ee:19:92:6d:0c:20:94:da:44:10:a2:
                    3a:ea:0c:91:f7:53:b4:04:d0:06:c1:87:3b:ad:66:
                    cf:61:8f:b3:40:d6:b9:54:4b:ea:8b:d7:06:bf:e9:
                    84:f3:22:2e:58:ec:6e:d7:f0:f1:3d:63:16:0c:9c:
                    ac:5f:fb:0a:14:c0:3d:f3:60:63:4e:ba:96:4a:79:
                    02:b8:15:80:a1:85:69:cc:30:86:b1:66:c3:9b:64:
                    1f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:CC:FB:82:E0:33:B5:A5:C0:13:A6:41:3C:2E:21:1C:91:72:64:DB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/de9b7a3d-c651-407f-b152-940655467edc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:e9:b3:79:02:2d:6e:87:6c:a2:97:2d:5e:41:8a:58:27:fc:
         e1:32:ad:b8:43:e8:8c:1b:93:d3:65:08:35:8d:de:cb:ff:aa:
         d8:2c:78:c8:03:e3:3e:24:45:21:b5:38:ee:a5:6a:11:ae:a4:
         0d:04:8a:33:b9:4e:e2:a1:41:ce:95:31:86:34:d1:4d:24:f0:
         13:09:c6:54:d8:99:60:07:14:55:e8:7b:02:7b:3a:68:df:1d:
         c2:f4:fa:05:24:d1:62:c2:08:d6:6d:aa:55:47:02:9b:21:04:
         c2:09:79:c1:48:6b:f8:4d:a2:ab:ec:f3:0b:63:14:e8:e5:63:
         08:db:40:7a:f3:e2:68:8d:76:f6:f3:55:23:13:18:99:e1:d7:
         cb:86:94:04:b3:29:5b:cc:8b:d3:e4:6e:c8:df:83:5e:14:b8:
         01:a5:46:b5:29:28:f6:b9:3d:d1:52:c0:2e:6e:83:3f:62:b7:
         e9:93:4b:65:33:74:b9:08:1c:62:23:f7:c6:2c:8a:0a:68:89:
         3a:fc:db:15:7e:7d:7c:7d:7e:8e:2f:49:ab:20:7f:8d:8c:33:
         ec:b1:9e:21:f2:b9:4d:fc:53:94:0d:9d:8b:ec:d3:51:b1:72:
         68:ec:fb:5a:5e:55:f7:a7:d2:83:21:cb:27:81:6d:65:06:f5:
         a8:b9:71:f3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZT2qqpPd3SfQYTBbonVmATRADQ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE1MDAwMDAwWhcNMjMwMjE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGJlNjQzYTM0ZDcwMzZhMTY0ODAxMDkwZTk0OTJlZjkz
YmE3NWMyYTM5YjA3NmQ1NmJjODliZDgzMDJiMmViNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMjWakLd0PMM4tZC6Fjuny0WnkF0I3cfbU2D90VcApEoZvGwhLPb
tp6DiRru2NRbYB9hPUnlal0px0ja0SgpkX30SMsvewLV+fnZbcoXVm1Y2gZV3wS5
W8RlEAon2uQhSITX0uT6UR2vT9/LrYxwtFhVoVOxMuf0uSoPIIgU3pO91zlbGIX0
jg1XjM9uKpGuozhDj9lTyQsrce2lgCEJC5szb8lYEYgURu4Zkm0MIJTaRBCiOuoM
kfdTtATQBsGHO61mz2GPs0DWuVRL6ovXBr/phPMiLljsbtfw8T1jFgycrF/7ChTA
PfNgY066lkp5ArgVgKGFacwwhrFmw5tkH2UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTKzPuC4DO1pcATpkE8LiEckXJk2zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGU5YjdhM2QtYzY1MS00MDdmLWIxNTItOTQwNjU1NDY3ZWRjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHrps3kCLW6HbKKX
LV5Bilgn/OEyrbhD6Iwbk9NlCDWN3sv/qtgseMgD4z4kRSG1OO6lahGupA0EijO5
TuKhQc6VMYY00U0k8BMJxlTYmWAHFFXoewJ7OmjfHcL0+gUk0WLCCNZtqlVHApsh
BMIJecFIa/hNoqvs8wtjFOjlYwjbQHrz4miNdvbzVSMTGJnh18uGlASzKVvMi9Pk
bsjfg14UuAGlRrUpKPa5PdFSwC5ugz9it+mTS2UzdLkIHGIj98YsigpoiTr82xV+
fXx9fo4vSasgf42MM+yxniHyuU38U5QNnYvs01Gxcmjs+1peVfen0oMhyyeBbWUG
9ai5cfM=
-----END CERTIFICATE-----