Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/eaf3f7a0-372f-4035-9b78-938c0837f285.roa
File:                     eaf3f7a0-372f-4035-9b78-938c0837f285.roa (raw, json)
Hash identifier:          j82Vc4goe7JOrEOx0UwOxhnfCdB7Sy7quH4efgsNKl8=
Subject key identifier:   40:E2:E7:61:37:97:6A:31:FF:E6:FB:F5:BB:84:05:F1:A2:A5:72:4E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       67A84E5B5FD84726C97E89E2AB115A0227ADAD24
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/eaf3f7a0-372f-4035-9b78-938c0837f285.roa
Signing time:             Tue 14 Feb 2023 00:00:00 +0000
ROA not before:           Tue 14 Feb 2023 00:00:00 +0000
ROA not after:            Fri 17 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:a8:4e:5b:5f:d8:47:26:c9:7e:89:e2:ab:11:5a:02:27:ad:ad:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 14 00:00:00 2023 GMT
            Not After : Feb 17 23:59:59 2023 GMT
        Subject: serialNumber=7cd3dcd7d6d2279b6b2015e942024b570edb20534ab86625f202c6102d6d3113, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:95:06:9f:32:5b:56:d4:ef:d6:92:46:61:e9:
                    ee:8f:56:14:fc:b4:fa:8a:91:61:38:31:18:26:55:
                    02:82:25:cc:6d:2e:ea:56:65:28:fd:ad:24:4d:70:
                    9f:4e:6e:3a:c8:04:f9:be:af:9f:f3:7c:5c:98:8d:
                    b9:ea:ae:a8:77:cd:97:77:d1:e5:01:de:2c:9b:12:
                    5b:fd:36:93:51:18:24:6f:93:92:58:50:f2:7d:d3:
                    b3:f5:6b:a8:90:78:51:89:db:3a:9e:c0:d4:4d:87:
                    8a:7b:da:f7:ff:8c:7e:12:a8:87:3a:04:e2:3d:6b:
                    9c:15:ac:a8:c1:b9:cb:3f:70:4b:08:2c:55:c1:21:
                    bd:fe:41:86:7e:db:07:79:20:5e:90:2b:a1:0c:cd:
                    9f:c9:3a:a2:b6:f4:9b:5e:c2:98:82:23:11:42:3d:
                    83:c6:2e:ee:d3:b8:1d:6e:75:23:d9:0b:13:5b:9f:
                    17:1d:d2:7a:30:e1:d1:fb:42:89:40:34:63:93:08:
                    90:28:a6:36:aa:bd:fd:54:b7:b5:e3:0c:a2:c1:5b:
                    4b:a5:e8:1d:70:19:c8:a8:f8:e6:11:5a:ca:f2:48:
                    9e:a0:fb:01:af:04:09:f1:ec:a1:5e:49:28:1c:d6:
                    0b:15:5d:97:4e:1f:4d:83:2d:3f:f4:eb:9d:2d:5e:
                    bd:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:E2:E7:61:37:97:6A:31:FF:E6:FB:F5:BB:84:05:F1:A2:A5:72:4E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/eaf3f7a0-372f-4035-9b78-938c0837f285.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:62:a8:cc:a1:28:36:e3:bc:c3:23:b4:a9:2e:58:99:19:1f:
         2b:27:13:59:74:d6:a5:2b:70:d9:ef:5b:6c:3b:77:a1:ba:c3:
         57:11:7b:64:99:52:ca:be:83:55:75:02:49:69:96:0f:6b:ff:
         6f:04:f7:c9:0c:8e:a5:db:4f:ae:81:a1:63:04:9a:a3:e1:7e:
         3b:78:0f:64:bf:90:57:8f:f0:ff:c4:d5:43:d3:2f:2a:70:91:
         6b:8a:f4:82:d0:71:26:46:9c:e5:4c:ac:3a:bf:54:74:36:8f:
         47:c2:25:4e:45:17:13:f6:c4:f1:c8:26:72:96:94:f6:93:d3:
         1a:a6:73:ae:5c:4c:48:5d:2d:9d:cc:29:28:40:55:26:b2:70:
         fe:3c:ba:f1:59:fa:2b:d0:c1:7a:48:ab:99:82:24:b1:cc:30:
         1e:bb:7f:41:2e:97:fc:84:a0:a4:f4:ad:ca:30:65:55:ea:32:
         c5:3e:0f:71:43:c1:ad:32:ab:40:41:b5:04:9d:23:77:4b:b2:
         ef:0a:15:8b:0f:34:be:f3:d9:80:92:89:b8:90:ee:5b:7d:09:
         d6:fc:0d:70:cb:b1:ae:1e:51:e2:1e:65:ef:a8:11:7c:46:3c:
         0e:94:b9:78:f0:e2:41:bb:12:ec:02:f6:8d:f6:1f:cc:68:66:
         23:dc:06:3b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZ6hOW1/YRybJfoniqxFaAietrSQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE0MDAwMDAwWhcNMjMwMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAN2NkM2RjZDdkNmQyMjc5YjZiMjAxNWU5NDIwMjRiNTcw
ZWRiMjA1MzRhYjg2NjI1ZjIwMmM2MTAyZDZkMzExMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANqVBp8yW1bU79aSRmHp7o9WFPy0+oqRYTgxGCZVAoIlzG0u6lZl
KP2tJE1wn05uOsgE+b6vn/N8XJiNuequqHfNl3fR5QHeLJsSW/02k1EYJG+TklhQ
8n3Ts/VrqJB4UYnbOp7A1E2Hinva9/+MfhKohzoE4j1rnBWsqMG5yz9wSwgsVcEh
vf5Bhn7bB3kgXpAroQzNn8k6orb0m17CmIIjEUI9g8Yu7tO4HW51I9kLE1ufFx3S
ejDh0ftCiUA0Y5MIkCimNqq9/VS3teMMosFbS6XoHXAZyKj45hFayvJInqD7Aa8E
CfHsoV5JKBzWCxVdl04fTYMtP/TrnS1evdECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRA4udhN5dqMf/m+/W7hAXxoqVyTjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZWFmM2Y3YTAtMzcyZi00MDM1LTliNzgtOTM4YzA4MzdmMjg1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEliqMyhKDbjvMMj
tKkuWJkZHysnE1l01qUrcNnvW2w7d6G6w1cRe2SZUsq+g1V1Aklplg9r/28E98kM
jqXbT66BoWMEmqPhfjt4D2S/kFeP8P/E1UPTLypwkWuK9ILQcSZGnOVMrDq/VHQ2
j0fCJU5FFxP2xPHIJnKWlPaT0xqmc65cTEhdLZ3MKShAVSaycP48uvFZ+ivQwXpI
q5mCJLHMMB67f0Eul/yEoKT0rcowZVXqMsU+D3FDwa0yq0BBtQSdI3dLsu8KFYsP
NL7z2YCSibiQ7lt9Cdb8DXDLsa4eUeIeZe+oEXxGPA6UuXjw4kG7EuwC9o32H8xo
ZiPcBjs=
-----END CERTIFICATE-----