Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e790b908-8db6-4258-84e7-10e46af82029.roa
File:                     e790b908-8db6-4258-84e7-10e46af82029.roa (raw, json)
Hash identifier:          ZCeOymHxj2Q5svU77EAgX+ei6BngWR8xzpIjt9aOyzs=
Subject key identifier:   8C:7A:35:D7:8B:DF:C0:96:F6:D6:99:BB:7F:61:D1:1F:5A:B2:9B:B4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0870CF0A06CA60D80B10F38F49CA6949ECF264FD
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e790b908-8db6-4258-84e7-10e46af82029.roa
Signing time:             Sun 30 Apr 2023 00:00:00 +0000
ROA not before:           Sun 30 Apr 2023 00:00:00 +0000
ROA not after:            Wed 03 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:70:cf:0a:06:ca:60:d8:0b:10:f3:8f:49:ca:69:49:ec:f2:64:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 30 00:00:00 2023 GMT
            Not After : May  3 23:59:59 2023 GMT
        Subject: serialNumber=8865f8398fe28b6e2c56325c839322404d8049a3531e3a952c7c04978777ba7a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a5:97:cb:ea:ee:a7:41:5f:f9:27:97:34:42:
                    4b:11:6c:68:93:57:23:43:c6:2d:34:05:b9:d3:df:
                    81:b4:bb:5e:d0:68:22:93:39:46:09:1c:4f:90:6d:
                    8f:fb:ff:88:03:57:cc:40:8a:58:36:0f:8f:9a:8b:
                    84:73:7d:dc:77:f2:0b:fd:dc:f8:fb:6f:eb:87:45:
                    df:ee:fe:4f:46:bf:53:45:06:6f:79:cc:34:69:5a:
                    9e:b2:45:b5:e9:02:61:1b:88:df:2e:1d:21:de:3c:
                    cd:95:fb:b8:e6:ff:43:ec:26:1b:4c:86:42:4f:f5:
                    64:6f:29:23:44:82:38:40:14:ad:2a:bf:77:3c:f6:
                    dd:3b:67:e6:ce:04:51:c6:47:6b:21:68:70:41:b3:
                    33:51:16:1d:23:ac:a6:e1:59:24:6d:2b:99:56:0e:
                    c5:6e:c2:89:23:a4:5e:00:12:88:db:39:a5:cb:b0:
                    e0:e3:e5:f6:6e:be:0b:8a:a7:4b:92:d4:e1:e4:2d:
                    82:17:a6:c2:f7:06:a1:b3:3f:c3:b1:3d:1a:76:e3:
                    47:ae:28:ea:3d:a6:8a:2f:63:2e:9d:81:86:6f:7d:
                    33:37:2e:3c:12:4f:74:a1:6c:27:4e:97:73:f8:4f:
                    cc:15:0e:f1:ba:c3:8a:d9:ca:0a:94:1c:02:7b:fe:
                    ca:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:7A:35:D7:8B:DF:C0:96:F6:D6:99:BB:7F:61:D1:1F:5A:B2:9B:B4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e790b908-8db6-4258-84e7-10e46af82029.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:1e:ab:6f:3f:a0:ff:c4:dc:95:05:fa:e0:73:04:a9:e0:fc:
         f9:71:74:2e:0a:df:24:b1:2c:a0:d2:d0:54:3b:cc:cb:24:d0:
         7a:d6:12:0f:df:67:c5:fd:fe:c5:16:22:39:74:21:44:23:f0:
         b6:05:bc:3f:bf:78:63:63:a8:81:b2:6b:c1:99:2f:3d:e1:c4:
         ba:c7:52:d4:32:e8:95:8a:fc:81:62:99:91:3b:4b:cd:55:14:
         98:76:a4:38:bf:e9:9c:4b:bf:c0:c3:2f:e9:3e:a8:b6:37:16:
         7d:d6:51:7e:97:62:1f:e1:0f:36:f8:fd:7a:a2:92:7e:7a:93:
         9d:02:11:3b:aa:7f:84:aa:3e:e6:4f:6d:e2:63:e2:31:81:92:
         0f:98:d7:7e:5f:01:d5:30:37:a5:9e:85:d5:a8:f0:42:1f:a8:
         2c:36:e8:8f:02:a0:f5:46:40:12:26:eb:28:6c:10:77:20:ce:
         57:a3:82:1f:24:6a:8a:c4:eb:73:5c:44:88:18:25:ec:39:fb:
         a9:51:1c:60:46:a9:24:49:e1:7f:2a:7e:27:d8:20:c3:40:e5:
         0b:66:3c:36:56:2e:91:0e:11:4a:f4:88:91:04:5e:03:12:80:
         16:33:03:88:a4:76:7b:4a:cc:21:df:e9:02:c7:a4:21:3d:65:
         6b:bb:1a:1e
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCHDPCgbKYNgLEPOPScppSezyZP0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDMwMDAwMDAwWhcNMjMwNTAzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAODg2NWY4Mzk4ZmUyOGI2ZTJjNTYzMjVjODM5MzIyNDA0
ZDgwNDlhMzUzMWUzYTk1MmM3YzA0OTc4Nzc3YmE3YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMyll8vq7qdBX/knlzRCSxFsaJNXI0PGLTQFudPfgbS7XtBoIpM5
RgkcT5Btj/v/iANXzECKWDYPj5qLhHN93HfyC/3c+Ptv64dF3+7+T0a/U0UGb3nM
NGlanrJFtekCYRuI3y4dId48zZX7uOb/Q+wmG0yGQk/1ZG8pI0SCOEAUrSq/dzz2
3Ttn5s4EUcZHayFocEGzM1EWHSOspuFZJG0rmVYOxW7CiSOkXgASiNs5pcuw4OPl
9m6+C4qnS5LU4eQtghemwvcGobM/w7E9GnbjR64o6j2mii9jLp2Bhm99MzcuPBJP
dKFsJ06Xc/hPzBUO8brDitnKCpQcAnv+ylcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSMejXXi9/AlvbWmbt/YdEfWrKbtDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTc5MGI5MDgtOGRiNi00MjU4LTg0ZTctMTBlNDZhZjgyMDI5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMIeq28/oP/E3JUF
+uBzBKng/PlxdC4K3ySxLKDS0FQ7zMsk0HrWEg/fZ8X9/sUWIjl0IUQj8LYFvD+/
eGNjqIGya8GZLz3hxLrHUtQy6JWK/IFimZE7S81VFJh2pDi/6ZxLv8DDL+k+qLY3
Fn3WUX6XYh/hDzb4/Xqikn56k50CETuqf4SqPuZPbeJj4jGBkg+Y135fAdUwN6We
hdWo8EIfqCw26I8CoPVGQBIm6yhsEHcgzlejgh8kaorE63NcRIgYJew5+6lRHGBG
qSRJ4X8qfifYIMNA5QtmPDZWLpEOEUr0iJEEXgMSgBYzA4ikdntKzCHf6QLHpCE9
ZWu7Gh4=
-----END CERTIFICATE-----