Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f2d1450f-46b4-4840-a7ff-09884234eb1d.roa
File:                     f2d1450f-46b4-4840-a7ff-09884234eb1d.roa (raw, json)
Hash identifier:          0IwvK9CoBIWuV7Uly+hRq50RDOz17isAYDCIZ4GsL5o=
Subject key identifier:   CB:1F:F1:AA:FC:34:B2:27:B8:EF:7A:6C:41:AB:21:A0:52:44:91:58
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6C321BD0AF322BBFB28584935F11FF3622376AC6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f2d1450f-46b4-4840-a7ff-09884234eb1d.roa
Signing time:             Thu 16 Mar 2023 00:00:00 +0000
ROA not before:           Thu 16 Mar 2023 00:00:00 +0000
ROA not after:            Sun 19 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:32:1b:d0:af:32:2b:bf:b2:85:84:93:5f:11:ff:36:22:37:6a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 16 00:00:00 2023 GMT
            Not After : Mar 19 23:59:59 2023 GMT
        Subject: serialNumber=08f74f47f4c04d75fa44a4d310082d7b10243ad433ecfe6b91bd0aa08020c06e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fb:d2:8e:eb:64:70:a8:04:a3:e9:9e:fd:8a:
                    65:c4:e5:fc:04:63:45:06:13:09:b6:2e:0c:77:d1:
                    a0:1b:76:7e:fa:5f:69:60:ff:00:cb:15:b1:e8:4b:
                    2b:16:5f:59:bd:18:5b:a7:af:26:93:60:f6:ac:87:
                    11:24:7d:6a:9f:cc:ce:78:18:71:66:23:02:6a:4b:
                    a7:ad:45:e8:a0:54:64:29:9c:50:d4:97:24:69:3c:
                    0c:99:d5:19:48:80:f4:ee:61:e5:0e:f6:5e:ed:b7:
                    59:39:22:41:5e:45:db:ec:03:07:76:b1:60:ae:9b:
                    8c:89:46:8f:26:64:fa:69:f4:61:b3:7c:2a:c1:cf:
                    a2:3f:8a:aa:63:92:65:af:55:6a:32:d5:a6:b1:11:
                    ef:c9:d9:c2:6a:fe:c2:d1:0e:7b:60:b8:41:ca:6a:
                    7e:a5:f3:de:ad:14:94:c2:f8:73:ee:38:80:b3:e7:
                    4c:12:c9:3a:59:6f:38:85:94:a3:14:66:48:2b:55:
                    3a:84:ce:53:59:ca:f7:c8:07:3d:3b:43:c8:69:da:
                    70:51:9b:36:fb:fb:8c:47:49:41:95:4b:cd:28:b7:
                    13:b5:33:16:00:08:bb:bf:83:d6:14:97:35:82:04:
                    22:1c:bb:16:5f:ea:15:b8:d9:7a:24:93:4d:a2:21:
                    ca:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:1F:F1:AA:FC:34:B2:27:B8:EF:7A:6C:41:AB:21:A0:52:44:91:58
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f2d1450f-46b4-4840-a7ff-09884234eb1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:21:67:50:06:5f:60:62:a9:dd:74:50:c3:44:d3:89:3b:11:
         4c:99:93:0f:25:50:f6:b1:57:5e:79:a1:e1:7e:29:9a:e0:b7:
         11:d2:eb:8c:1c:ba:1d:1e:f5:a1:7b:6c:dd:34:34:16:fd:fe:
         c1:d7:a8:55:93:f3:cc:9f:00:dc:20:8a:ba:61:07:20:b4:0b:
         af:2f:00:04:7e:ea:e8:b3:24:83:90:f5:4b:6d:9d:e8:4d:59:
         b9:d4:5a:9f:b6:e5:bc:52:b8:39:c4:36:fb:98:6a:da:4b:92:
         c3:4c:78:69:a5:fe:0c:a9:fc:3a:e8:1c:da:3c:a9:de:be:0d:
         dd:33:5e:67:01:3f:85:35:5b:eb:11:ce:39:50:f7:1f:a6:e3:
         52:6e:53:0f:d1:be:df:ca:c0:ff:ef:03:5d:a7:93:a2:d9:5a:
         25:db:fb:cf:bd:16:27:4a:fd:1b:40:46:9a:7b:7b:97:1e:e4:
         3e:77:da:a6:af:68:38:64:d5:90:50:8a:1e:a9:ab:c2:80:3f:
         be:89:7a:15:c2:cd:86:09:3d:ea:3f:4f:4c:7d:15:a2:22:ae:
         d1:66:3a:cf:a5:4c:9f:b9:0b:d6:d6:45:51:47:db:19:e0:41:
         c7:f7:e5:52:82:4a:d2:8e:e3:71:c3:29:40:b5:69:72:73:6d:
         50:8a:f9:44
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbDIb0K8yK7+yhYSTXxH/NiI3asYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE2MDAwMDAwWhcNMjMwMzE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDhmNzRmNDdmNGMwNGQ3NWZhNDRhNGQzMTAwODJkN2Ix
MDI0M2FkNDMzZWNmZTZiOTFiZDBhYTA4MDIwYzA2ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKP70o7rZHCoBKPpnv2KZcTl/ARjRQYTCbYuDHfRoBt2fvpfaWD/
AMsVsehLKxZfWb0YW6evJpNg9qyHESR9ap/MzngYcWYjAmpLp61F6KBUZCmcUNSX
JGk8DJnVGUiA9O5h5Q72Xu23WTkiQV5F2+wDB3axYK6bjIlGjyZk+mn0YbN8KsHP
oj+KqmOSZa9VajLVprER78nZwmr+wtEOe2C4QcpqfqXz3q0UlML4c+44gLPnTBLJ
OllvOIWUoxRmSCtVOoTOU1nK98gHPTtDyGnacFGbNvv7jEdJQZVLzSi3E7UzFgAI
u7+D1hSXNYIEIhy7Fl/qFbjZeiSTTaIhys8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTLH/Gq/DSyJ7jvemxBqyGgUkSRWDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjJkMTQ1MGYtNDZiNC00ODQwLWE3ZmYtMDk4ODQyMzRlYjFkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJUhZ1AGX2Biqd10
UMNE04k7EUyZkw8lUPaxV155oeF+KZrgtxHS64wcuh0e9aF7bN00NBb9/sHXqFWT
88yfANwgirphByC0C68vAAR+6uizJIOQ9UttnehNWbnUWp+25bxSuDnENvuYatpL
ksNMeGml/gyp/DroHNo8qd6+Dd0zXmcBP4U1W+sRzjlQ9x+m41JuUw/Rvt/KwP/v
A12nk6LZWiXb+8+9FidK/RtARpp7e5ce5D532qavaDhk1ZBQih6pq8KAP76JehXC
zYYJPeo/T0x9FaIirtFmOs+lTJ+5C9bWRVFH2xngQcf35VKCStKO43HDKUC1aXJz
bVCK+UQ=
-----END CERTIFICATE-----