Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e4c686bd-b438-4041-8279-249c73010f66.roa
File:                     e4c686bd-b438-4041-8279-249c73010f66.roa (raw, json)
Hash identifier:          bEsnVSsVmWQa1qI1ZTlle2pS2qs4JkorDnyKBccv/OM=
Subject key identifier:   3B:E6:A2:38:C1:CF:12:61:CC:02:4D:A1:A2:08:4F:FF:26:D3:6B:4B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       417D9B6A3D4E043D19B7375174B7A2DA86CD3349
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e4c686bd-b438-4041-8279-249c73010f66.roa
Signing time:             Sat 25 Feb 2023 00:00:00 +0000
ROA not before:           Sat 25 Feb 2023 00:00:00 +0000
ROA not after:            Tue 28 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:7d:9b:6a:3d:4e:04:3d:19:b7:37:51:74:b7:a2:da:86:cd:33:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 25 00:00:00 2023 GMT
            Not After : Feb 28 23:59:59 2023 GMT
        Subject: serialNumber=5547af9be654141f1cbd00c98e132b84483ada5bee24919ca20a5d4faafc1d07, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a2:7a:41:30:c2:48:e1:48:c3:38:e4:e3:cf:
                    ff:94:d1:18:ba:10:96:07:20:35:89:d1:ef:8a:75:
                    ed:eb:be:eb:0e:41:ca:63:41:59:ad:ba:da:ac:16:
                    fd:83:b8:23:55:fb:7b:52:6b:64:1d:06:ae:c7:9a:
                    72:c9:72:5b:3b:30:2d:d6:f3:41:0e:0d:c4:d8:5c:
                    ff:fa:07:50:bd:d7:d3:69:ba:a0:74:28:d0:14:5c:
                    59:d4:0b:c7:83:51:50:d9:d2:33:65:de:10:22:8d:
                    99:db:ef:98:1d:6b:cf:ff:de:e7:6c:a3:d6:eb:70:
                    99:4d:e0:79:ee:24:50:7f:ae:1a:76:07:75:52:cb:
                    ba:8a:e2:68:a0:ae:dc:38:f2:46:a3:8e:ae:d1:20:
                    6c:cb:0f:32:43:82:ec:26:cf:63:fc:c2:2f:9c:1a:
                    32:ac:b5:35:4f:b8:f6:f5:0e:0d:b2:04:a8:3c:67:
                    be:cc:ae:89:93:68:62:2f:98:6e:c1:3d:43:9a:e0:
                    97:f6:16:18:09:a9:71:35:01:be:e0:e7:9f:0c:d7:
                    73:8c:56:9a:02:f4:94:76:37:fd:8b:40:67:c2:23:
                    96:85:79:d4:3d:82:ba:f0:cd:2a:ee:d7:bf:cd:a6:
                    16:99:b4:7c:83:27:03:8d:cb:28:31:20:fd:c4:f0:
                    40:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:E6:A2:38:C1:CF:12:61:CC:02:4D:A1:A2:08:4F:FF:26:D3:6B:4B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e4c686bd-b438-4041-8279-249c73010f66.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:c6:bd:5f:28:82:96:b9:1f:a0:ef:dc:12:5c:20:99:3f:91:
         97:14:85:14:a9:0f:4b:35:f4:bf:85:cf:52:12:ed:38:01:f0:
         78:65:f5:0b:8a:de:89:00:4d:f1:68:86:24:d7:76:80:03:6a:
         f7:49:14:74:f6:d4:ab:b8:45:25:b3:e3:b0:48:2f:b4:7d:d5:
         ca:ef:0e:15:7d:6a:23:da:f1:79:b4:89:3a:b3:9d:cf:eb:f6:
         2d:f2:4d:82:06:c9:19:1b:c7:33:9b:2a:44:42:e7:1a:5a:f9:
         5e:48:67:db:24:2b:9f:bb:63:c7:5a:df:bf:35:21:d6:d6:2c:
         87:61:6a:ba:f5:cc:b6:8d:b5:27:e2:43:1a:39:61:6a:9f:30:
         74:32:36:25:e2:07:bd:95:e8:b2:96:ae:0c:46:47:6f:3c:e9:
         55:94:3d:2b:de:3d:e5:14:2b:5f:62:d8:aa:7a:92:86:10:bd:
         97:1e:a1:c9:dd:de:71:cc:8b:a2:da:ef:61:e4:7f:3b:1b:60:
         43:ad:b4:dd:11:97:93:fa:3e:fa:f0:70:03:44:cb:13:64:d9:
         4b:cd:e5:2e:90:85:f1:9d:e8:d4:0b:cc:a7:9e:55:f5:f0:ea:
         a3:56:ee:23:2d:d5:57:bb:f7:02:31:15:be:e3:ec:97:4b:b0:
         11:f5:b9:a9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQX2baj1OBD0ZtzdRdLei2obNM0kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI1MDAwMDAwWhcNMjMwMjI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTU0N2FmOWJlNjU0MTQxZjFjYmQwMGM5OGUxMzJiODQ0
ODNhZGE1YmVlMjQ5MTljYTIwYTVkNGZhYWZjMWQwNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOGiekEwwkjhSMM45OPP/5TRGLoQlgcgNYnR74p17eu+6w5BymNB
Wa262qwW/YO4I1X7e1JrZB0GrseacslyWzswLdbzQQ4NxNhc//oHUL3X02m6oHQo
0BRcWdQLx4NRUNnSM2XeECKNmdvvmB1rz//e52yj1utwmU3gee4kUH+uGnYHdVLL
uoriaKCu3DjyRqOOrtEgbMsPMkOC7CbPY/zCL5waMqy1NU+49vUODbIEqDxnvsyu
iZNoYi+YbsE9Q5rgl/YWGAmpcTUBvuDnnwzXc4xWmgL0lHY3/YtAZ8IjloV51D2C
uvDNKu7Xv82mFpm0fIMnA43LKDEg/cTwQEsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ75qI4wc8SYcwCTaGiCE//JtNrSzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTRjNjg2YmQtYjQzOC00MDQxLTgyNzktMjQ5YzczMDEwZjY2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEzGvV8ogpa5H6Dv
3BJcIJk/kZcUhRSpD0s19L+Fz1IS7TgB8Hhl9QuK3okATfFohiTXdoADavdJFHT2
1Ku4RSWz47BIL7R91crvDhV9aiPa8Xm0iTqznc/r9i3yTYIGyRkbxzObKkRC5xpa
+V5IZ9skK5+7Y8da3781IdbWLIdharr1zLaNtSfiQxo5YWqfMHQyNiXiB72V6LKW
rgxGR2886VWUPSvePeUUK19i2Kp6koYQvZceocnd3nHMi6La72HkfzsbYEOttN0R
l5P6PvrwcANEyxNk2UvN5S6QhfGd6NQLzKeeVfXw6qNW7iMt1Ve79wIxFb7j7JdL
sBH1uak=
-----END CERTIFICATE-----