Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e2eb2191-a8f9-400d-b0b7-17920083774f.roa
File:                     e2eb2191-a8f9-400d-b0b7-17920083774f.roa (raw, json)
Hash identifier:          MuDeZs1RawIV+yYDlYDJhlQPahgOonOzf29Hyso5fbU=
Subject key identifier:   99:4E:26:14:6A:AB:BB:DA:D7:42:BD:92:62:F1:14:AF:AC:5B:90:4E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       25ADE1E38391EFF5656FC6318892D7BE2F380BA7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e2eb2191-a8f9-400d-b0b7-17920083774f.roa
Signing time:             Thu 23 Feb 2023 00:00:00 +0000
ROA not before:           Thu 23 Feb 2023 00:00:00 +0000
ROA not after:            Sun 26 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:ad:e1:e3:83:91:ef:f5:65:6f:c6:31:88:92:d7:be:2f:38:0b:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 23 00:00:00 2023 GMT
            Not After : Feb 26 23:59:59 2023 GMT
        Subject: serialNumber=81c9f34b4c9969792bf825666c1ed0fac825a11d98bb9fbac774f8bcb1187399, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:be:d1:b8:df:b1:82:7e:a5:ff:e4:f5:46:7d:
                    4f:c3:85:f7:de:86:e4:21:26:dd:32:3f:5b:3e:77:
                    42:0a:67:59:03:f4:0a:5c:42:02:f2:8d:a5:5c:67:
                    38:76:44:64:4e:63:61:34:86:47:dd:25:97:57:ea:
                    dc:8d:39:5a:64:2f:a3:b4:14:83:7f:37:5b:a6:6d:
                    d5:f4:45:bd:5e:de:6a:c3:4d:d3:9d:17:8a:7e:4c:
                    a2:03:5f:44:6b:18:d8:82:64:d1:fa:cb:42:fa:3d:
                    ca:b2:25:80:2b:a6:6a:31:d1:71:07:3c:3b:0c:c0:
                    dc:48:f0:63:78:77:fc:32:6d:37:ef:c9:44:41:a5:
                    37:9f:26:9a:17:eb:6c:41:d5:90:ec:fa:4d:71:73:
                    78:be:ba:1b:c5:f6:b4:d8:86:32:92:ff:fa:b9:84:
                    99:95:67:7d:74:00:2b:f7:e0:62:03:d1:4f:c1:d5:
                    ad:54:8b:c8:a2:c9:7a:cf:c9:d3:a5:b6:3e:95:70:
                    fe:84:0c:89:83:7d:96:99:b9:38:5a:b0:01:3e:4f:
                    25:a6:20:79:28:66:f1:bb:4b:5c:da:a1:42:92:33:
                    b3:07:14:10:d7:18:cc:45:ec:30:3d:52:cb:db:7f:
                    0e:04:e0:5d:01:3f:fc:37:af:ed:18:0e:e2:9a:39:
                    31:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:4E:26:14:6A:AB:BB:DA:D7:42:BD:92:62:F1:14:AF:AC:5B:90:4E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e2eb2191-a8f9-400d-b0b7-17920083774f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:9f:d8:9f:92:8e:12:79:11:56:af:45:ed:c2:6e:b5:ad:52:
         c9:39:0e:d3:e5:b4:00:3c:d6:46:16:41:2b:8c:fb:86:55:19:
         d2:50:6e:16:67:17:3c:3d:17:2f:03:26:5a:b8:94:83:e1:e1:
         df:89:1b:b0:c9:0d:97:25:c9:7c:52:34:70:e3:92:56:65:81:
         8a:b3:b0:75:66:89:07:3d:5a:eb:54:fd:df:82:e9:6e:0e:43:
         9d:de:55:23:6c:fd:ce:7c:b1:5f:c3:b0:84:d5:4c:b0:1f:11:
         52:2a:27:61:7a:d1:e2:31:37:d8:69:d3:9e:d6:ca:fa:9d:31:
         51:f8:2d:1d:73:b6:7c:46:1a:11:1d:c8:b0:02:5b:43:0a:dc:
         35:8a:0f:e5:b7:97:0f:f9:39:28:f0:d5:d7:06:e8:51:8a:42:
         18:7b:d0:2b:9b:9b:dd:d7:90:cd:50:77:9e:87:29:39:19:cc:
         aa:ad:a2:11:14:3e:7d:da:3d:cc:75:cc:24:f3:05:46:ba:28:
         f7:64:1a:4e:22:c8:38:e3:5f:bd:7e:6d:48:72:b7:d9:61:76:
         7f:6e:91:99:64:fa:f6:37:72:ba:00:e0:c0:e3:63:f0:52:1a:
         e7:c1:3b:8b:12:01:4f:8a:a0:fb:cf:40:98:2f:f1:b9:65:a6:
         d0:ec:19:50
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJa3h44OR7/Vlb8YxiJLXvi84C6cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIzMDAwMDAwWhcNMjMwMjI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODFjOWYzNGI0Yzk5Njk3OTJiZjgyNTY2NmMxZWQwZmFj
ODI1YTExZDk4YmI5ZmJhYzc3NGY4YmNiMTE4NzM5OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJe+0bjfsYJ+pf/k9UZ9T8OF996G5CEm3TI/Wz53QgpnWQP0ClxC
AvKNpVxnOHZEZE5jYTSGR90ll1fq3I05WmQvo7QUg383W6Zt1fRFvV7easNN050X
in5MogNfRGsY2IJk0frLQvo9yrIlgCumajHRcQc8OwzA3EjwY3h3/DJtN+/JREGl
N58mmhfrbEHVkOz6TXFzeL66G8X2tNiGMpL/+rmEmZVnfXQAK/fgYgPRT8HVrVSL
yKLJes/J06W2PpVw/oQMiYN9lpm5OFqwAT5PJaYgeShm8btLXNqhQpIzswcUENcY
zEXsMD1Sy9t/DgTgXQE//Dev7RgO4po5MSECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSZTiYUaqu72tdCvZJi8RSvrFuQTjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTJlYjIxOTEtYThmOS00MDBkLWIwYjctMTc5MjAwODM3NzRmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMef2J+SjhJ5EVav
Re3CbrWtUsk5DtPltAA81kYWQSuM+4ZVGdJQbhZnFzw9Fy8DJlq4lIPh4d+JG7DJ
DZclyXxSNHDjklZlgYqzsHVmiQc9WutU/d+C6W4OQ53eVSNs/c58sV/DsITVTLAf
EVIqJ2F60eIxN9hp057WyvqdMVH4LR1ztnxGGhEdyLACW0MK3DWKD+W3lw/5OSjw
1dcG6FGKQhh70Cubm93XkM1Qd56HKTkZzKqtohEUPn3aPcx1zCTzBUa6KPdkGk4i
yDjjX71+bUhyt9lhdn9ukZlk+vY3croA4MDjY/BSGufBO4sSAU+KoPvPQJgv8bll
ptDsGVA=
-----END CERTIFICATE-----