Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e6c31752-8b3a-497f-9464-c2076624d399.roa
File:                     e6c31752-8b3a-497f-9464-c2076624d399.roa (raw, json)
Hash identifier:          /rNgRJZ1i0tNON5cpARkBiaqX/65p55OIJ6inleJwbI=
Subject key identifier:   25:64:43:80:28:EC:F6:28:5C:C6:DD:77:BD:2F:D0:4A:20:10:E3:A0
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       25B6008EDDC826F7A80EC5C37C25E88FDDEAB5C9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e6c31752-8b3a-497f-9464-c2076624d399.roa
Signing time:             Sat 11 Feb 2023 00:00:00 +0000
ROA not before:           Sat 11 Feb 2023 00:00:00 +0000
ROA not after:            Tue 14 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:b6:00:8e:dd:c8:26:f7:a8:0e:c5:c3:7c:25:e8:8f:dd:ea:b5:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 11 00:00:00 2023 GMT
            Not After : Feb 14 23:59:59 2023 GMT
        Subject: serialNumber=3a0c8d9e93991ca923a28538ee7d31b40f7c78b2bc6c074b7d7d51eb4f578bd5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:23:9f:6f:cf:88:03:90:f3:a1:35:a2:58:0d:
                    d2:09:6e:28:e1:fe:54:62:0f:2c:02:61:b6:6d:d5:
                    57:30:b7:16:3f:36:b8:e2:75:1b:a7:d0:ce:3d:c6:
                    13:f3:fb:a0:b0:66:9a:3f:18:08:c3:89:25:64:26:
                    d3:4b:f5:cb:11:1c:e4:06:34:89:bb:d7:e8:32:a5:
                    dc:fd:c7:16:ff:ea:b8:a5:35:5d:ea:aa:bc:96:1a:
                    42:44:23:3e:88:47:2f:cc:cd:c7:be:7b:90:b5:54:
                    24:29:73:aa:58:3b:16:db:4b:49:71:ae:5b:b8:66:
                    46:be:c4:eb:c0:cb:41:c0:43:bd:32:7a:9a:7a:06:
                    8c:cf:4e:be:95:79:7f:ad:25:c8:41:66:83:61:ad:
                    eb:66:7c:9d:c0:9e:c7:26:e7:d7:f5:e7:99:b3:0c:
                    2f:cc:bb:08:5c:32:c3:b8:7c:e2:49:e3:98:15:f4:
                    96:aa:9d:98:66:22:dc:15:f7:40:d5:98:29:c2:51:
                    ca:fe:18:3b:e8:4c:a5:53:2e:a1:2a:5f:f2:e6:36:
                    de:66:1f:30:3c:d6:41:7d:48:48:75:51:b4:85:99:
                    47:a6:88:81:d0:e8:ba:d7:85:3c:25:88:0c:86:8f:
                    1a:99:cf:98:97:d8:18:c1:a2:28:70:7a:a1:f0:4d:
                    8c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:64:43:80:28:EC:F6:28:5C:C6:DD:77:BD:2F:D0:4A:20:10:E3:A0
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e6c31752-8b3a-497f-9464-c2076624d399.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:5e:8d:75:8b:0e:56:dd:fe:e2:fc:69:5f:57:ab:d1:45:6f:
         4e:9e:2d:04:2c:7e:07:cf:2e:00:e5:79:60:43:5b:4c:61:59:
         36:5c:33:3e:97:af:26:e2:87:1b:de:a2:ed:fc:ba:a5:7e:65:
         37:ef:09:7b:68:75:21:a1:74:d9:11:c9:56:30:4c:f8:01:ad:
         ce:25:b6:cd:3d:bc:df:f9:e2:c0:cd:9e:69:96:96:64:20:c7:
         b0:52:60:6d:b7:77:c4:89:68:23:8e:59:be:78:39:98:9d:fd:
         c6:41:42:9d:86:72:0e:da:10:ce:cb:62:16:d1:9e:2b:8c:bc:
         2c:7b:6b:ed:00:6b:c1:e6:e2:56:a5:22:50:9c:5e:aa:e3:1e:
         53:a4:39:d4:03:5a:f7:8e:2f:55:7d:dd:f3:52:5a:7c:21:7f:
         8c:2c:2b:40:6d:ec:a1:86:33:e4:83:63:56:c1:cb:3c:de:a3:
         08:93:12:c1:9c:02:c2:74:54:cd:d1:b3:20:ba:59:6e:31:73:
         90:a9:d0:85:36:ab:24:ef:b4:c8:23:61:86:1e:c1:73:b7:95:
         dd:67:73:cd:b9:a9:15:46:cc:c1:97:c2:c8:49:74:0b:03:a4:
         9b:03:c9:40:27:79:24:80:e0:a4:53:6b:f1:f6:dd:a7:a5:03:
         11:c9:a1:7b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJbYAjt3IJveoDsXDfCXoj93qtckwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjExMDAwMDAwWhcNMjMwMjE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2EwYzhkOWU5Mzk5MWNhOTIzYTI4NTM4ZWU3ZDMxYjQw
ZjdjNzhiMmJjNmMwNzRiN2Q3ZDUxZWI0ZjU3OGJkNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOAjn2/PiAOQ86E1olgN0gluKOH+VGIPLAJhtm3VVzC3Fj82uOJ1
G6fQzj3GE/P7oLBmmj8YCMOJJWQm00v1yxEc5AY0ibvX6DKl3P3HFv/quKU1Xeqq
vJYaQkQjPohHL8zNx757kLVUJClzqlg7FttLSXGuW7hmRr7E68DLQcBDvTJ6mnoG
jM9OvpV5f60lyEFmg2Gt62Z8ncCexybn1/XnmbMML8y7CFwyw7h84knjmBX0lqqd
mGYi3BX3QNWYKcJRyv4YO+hMpVMuoSpf8uY23mYfMDzWQX1ISHVRtIWZR6aIgdDo
uteFPCWIDIaPGpnPmJfYGMGiKHB6ofBNjPkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQlZEOAKOz2KFzG3Xe9L9BKIBDjoDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTZjMzE3NTItOGIzYS00OTdmLTk0NjQtYzIwNzY2MjRkMzk5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALlejXWLDlbd/uL8
aV9Xq9FFb06eLQQsfgfPLgDleWBDW0xhWTZcMz6Xrybihxveou38uqV+ZTfvCXto
dSGhdNkRyVYwTPgBrc4lts09vN/54sDNnmmWlmQgx7BSYG23d8SJaCOOWb54OZid
/cZBQp2Gcg7aEM7LYhbRniuMvCx7a+0Aa8Hm4lalIlCcXqrjHlOkOdQDWveOL1V9
3fNSWnwhf4wsK0Bt7KGGM+SDY1bByzzeowiTEsGcAsJ0VM3RsyC6WW4xc5Cp0IU2
qyTvtMgjYYYewXO3ld1nc825qRVGzMGXwshJdAsDpJsDyUAneSSA4KRTa/H23ael
AxHJoXs=
-----END CERTIFICATE-----