Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/eca3ea2a-5335-4228-938f-21f8627f6295.roa
File:                     eca3ea2a-5335-4228-938f-21f8627f6295.roa (raw, json)
Hash identifier:          RKm1cGkHTF0PlEzeSxZyOrP/TazmuzTW/pZUkIQhVT0=
Subject key identifier:   4D:2A:3D:19:8D:E7:28:C1:C7:DD:F7:F2:DE:55:51:18:23:D5:90:12
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5A7B671C1EFB91AC2610B49DAE0ABEA3F254CF65
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/eca3ea2a-5335-4228-938f-21f8627f6295.roa
Signing time:             Tue 28 Mar 2023 00:00:00 +0000
ROA not before:           Tue 28 Mar 2023 00:00:00 +0000
ROA not after:            Fri 31 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:7b:67:1c:1e:fb:91:ac:26:10:b4:9d:ae:0a:be:a3:f2:54:cf:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 28 00:00:00 2023 GMT
            Not After : Mar 31 23:59:59 2023 GMT
        Subject: serialNumber=95df05d94814862fa7837129044b61c950c156b9561efe165246dee8a5bd18d9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f1:f9:d0:9d:64:0b:d2:cb:0c:ce:70:f6:41:
                    32:f1:c4:f7:ad:3d:51:8a:66:1c:5d:5b:29:5e:74:
                    3c:22:8b:9d:64:cf:85:3f:06:3c:56:e3:b0:23:de:
                    b2:3f:68:29:81:d8:90:90:84:c3:f8:1d:82:53:b5:
                    40:3a:e7:d5:e9:ca:4a:4f:e6:28:bf:87:83:af:63:
                    dd:4d:8f:ba:de:83:1d:9e:c2:9a:83:2c:0c:6c:68:
                    93:b3:6f:2f:06:88:43:8e:de:4c:6b:44:84:a1:6f:
                    41:9e:9e:ec:13:ba:5d:f2:22:af:15:b6:cf:65:00:
                    0c:e2:8a:b5:0c:ea:9b:fe:ca:95:66:0a:1e:03:ed:
                    79:c7:6a:a7:33:7d:0c:30:5e:76:4c:35:03:59:09:
                    33:20:a7:85:93:a4:53:8c:ca:80:92:1e:ea:3b:f5:
                    11:6e:d1:30:21:31:04:ab:84:3a:71:d2:1b:c6:ec:
                    ea:ab:f0:10:28:a2:fe:d5:69:fc:7d:e9:c3:95:0d:
                    86:c2:90:d6:10:d9:27:39:09:b8:2b:28:c6:f1:2b:
                    65:9f:28:2d:8d:eb:2b:cb:94:2d:29:10:5d:5f:55:
                    03:87:d1:76:e1:89:c5:21:12:ab:8b:24:87:40:cf:
                    2a:63:0e:a5:fa:e6:f0:9e:b1:d5:ce:91:b4:b1:01:
                    74:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:2A:3D:19:8D:E7:28:C1:C7:DD:F7:F2:DE:55:51:18:23:D5:90:12
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/eca3ea2a-5335-4228-938f-21f8627f6295.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:66:dc:4f:97:cb:47:1b:22:df:85:d7:65:f4:d1:9c:c8:19:
         4c:b5:9a:74:c0:32:05:71:43:2e:a1:e5:c4:af:06:3c:a8:2c:
         c2:e3:c7:ff:41:f0:4c:bc:db:6a:b0:f9:e3:b9:f0:06:bb:1c:
         76:05:0f:b1:75:48:89:c0:d3:58:2a:b3:54:1d:ef:d5:15:1f:
         38:18:20:b9:b1:b2:69:17:aa:22:76:5d:ae:ce:0e:ed:08:dc:
         bf:37:74:30:f3:48:8f:73:dc:db:a5:c3:03:c1:fc:a6:f3:b2:
         09:66:9d:51:bc:57:2d:98:79:c7:18:3e:95:86:22:7f:48:44:
         58:ba:93:fa:0e:df:c7:c4:e3:6f:fa:ba:83:25:88:e3:3e:db:
         5d:b1:83:f0:9b:d0:22:66:19:1d:64:66:11:54:30:3e:48:84:
         1f:1d:99:5d:ed:08:cd:18:d6:3b:97:50:fe:7a:07:b8:e5:12:
         4e:79:64:8c:c6:47:da:83:43:3a:85:8b:60:1a:c2:cb:7a:f2:
         56:93:6f:04:9c:31:05:5d:ee:aa:c7:84:84:97:a7:59:74:6c:
         b4:07:0c:13:b2:8a:8a:5e:20:0e:99:1d:59:ab:85:5e:80:42:
         48:04:50:31:e1:44:aa:66:6e:df:4e:43:46:63:cb:69:3b:d6:
         1e:d0:c7:29
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUWntnHB77kawmELSdrgq+o/JUz2UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI4MDAwMDAwWhcNMjMwMzMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTVkZjA1ZDk0ODE0ODYyZmE3ODM3MTI5MDQ0YjYxYzk1
MGMxNTZiOTU2MWVmZTE2NTI0NmRlZThhNWJkMThkOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALfx+dCdZAvSywzOcPZBMvHE9609UYpmHF1bKV50PCKLnWTPhT8G
PFbjsCPesj9oKYHYkJCEw/gdglO1QDrn1enKSk/mKL+Hg69j3U2Put6DHZ7CmoMs
DGxok7NvLwaIQ47eTGtEhKFvQZ6e7BO6XfIirxW2z2UADOKKtQzqm/7KlWYKHgPt
ecdqpzN9DDBedkw1A1kJMyCnhZOkU4zKgJIe6jv1EW7RMCExBKuEOnHSG8bs6qvw
ECii/tVp/H3pw5UNhsKQ1hDZJzkJuCsoxvErZZ8oLY3rK8uULSkQXV9VA4fRduGJ
xSESq4skh0DPKmMOpfrm8J6x1c6RtLEBdFUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRNKj0Zjecowcfd9/LeVVEYI9WQEjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZWNhM2VhMmEtNTMzNS00MjI4LTkzOGYtMjFmODYyN2Y2Mjk1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFdm3E+Xy0cbIt+F
12X00ZzIGUy1mnTAMgVxQy6h5cSvBjyoLMLjx/9B8Ey822qw+eO58Aa7HHYFD7F1
SInA01gqs1Qd79UVHzgYILmxsmkXqiJ2Xa7ODu0I3L83dDDzSI9z3NulwwPB/Kbz
sglmnVG8Vy2YeccYPpWGIn9IRFi6k/oO38fE42/6uoMliOM+212xg/Cb0CJmGR1k
ZhFUMD5IhB8dmV3tCM0Y1juXUP56B7jlEk55ZIzGR9qDQzqFi2Aawst68laTbwSc
MQVd7qrHhISXp1l0bLQHDBOyiopeIA6ZHVmrhV6AQkgEUDHhRKpmbt9OQ0Zjy2k7
1h7Qxyk=
-----END CERTIFICATE-----