Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f35cd402-bcdd-4690-aac4-dce39500c074.roa
File:                     f35cd402-bcdd-4690-aac4-dce39500c074.roa (raw, json)
Hash identifier:          CSHXrk5fgKanf5zFnV0CWT0G8azpLK8CFxuMSMLZqQU=
Subject key identifier:   E6:48:F1:DB:44:72:CD:C1:01:A8:D9:22:BA:97:48:CE:B8:32:FD:09
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       361711D70BAA194E11BA24F39D2832B6E70A8158
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f35cd402-bcdd-4690-aac4-dce39500c074.roa
Signing time:             Sun 29 Jan 2023 00:00:00 +0000
ROA not before:           Sun 29 Jan 2023 00:00:00 +0000
ROA not after:            Wed 01 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:17:11:d7:0b:aa:19:4e:11:ba:24:f3:9d:28:32:b6:e7:0a:81:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 29 00:00:00 2023 GMT
            Not After : Feb  1 23:59:59 2023 GMT
        Subject: serialNumber=56637bc9ea134ea77c33ad6146bb9e4f3bbc2e4474cd4d9145baf5f02643559b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:70:07:43:b3:b8:4c:85:15:9a:19:c3:49:a9:
                    3e:94:f1:eb:1c:6d:47:7d:d2:3d:9b:e5:b3:c8:21:
                    ea:31:89:5b:97:0d:ad:4d:ea:ef:9b:99:8c:89:eb:
                    17:a4:cc:6e:cf:9f:b6:2a:4d:c1:42:79:1b:5b:83:
                    0a:79:ca:fc:88:f4:37:22:52:ba:47:73:30:f1:5a:
                    be:a7:93:7f:9e:9d:85:d5:e7:fd:30:54:1d:44:ce:
                    11:03:cf:e9:3f:66:38:8d:b8:d9:27:de:73:e9:0c:
                    55:db:d2:ae:7d:10:5a:66:46:6c:14:aa:eb:64:ac:
                    43:66:cc:86:ab:87:e8:09:80:c0:23:4e:bc:09:17:
                    37:79:db:7c:01:d8:c7:8e:2e:4d:92:dd:df:b1:38:
                    41:84:b3:b1:9b:fd:e9:10:20:a0:b5:c2:6c:5f:15:
                    22:e1:4d:56:f7:9a:87:ba:22:cc:33:d2:e4:7e:3f:
                    85:2f:16:1e:72:a9:9a:b0:34:0a:a9:e0:9e:3b:7c:
                    e8:aa:2f:56:ec:25:97:7a:31:91:92:01:4a:57:ec:
                    57:3c:9f:5e:0e:ce:c2:da:6c:22:29:1e:83:0a:63:
                    2e:d4:56:89:d5:c0:ac:d0:31:19:18:6f:cc:11:31:
                    b5:1c:2e:63:11:a2:b1:c4:8f:48:1a:d3:d7:68:40:
                    1d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:48:F1:DB:44:72:CD:C1:01:A8:D9:22:BA:97:48:CE:B8:32:FD:09
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f35cd402-bcdd-4690-aac4-dce39500c074.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:b7:a3:ef:61:63:70:64:a8:d6:ba:49:af:65:81:3a:ef:0a:
         36:0a:0b:78:9f:e6:df:94:cc:b3:68:ed:45:f3:46:b1:50:24:
         3c:a2:c9:a6:8d:a6:99:bc:e8:32:9f:93:d7:7a:fd:5e:4c:07:
         7a:ca:d2:a3:0c:1c:65:40:7d:e3:74:88:fa:80:71:61:6f:66:
         79:76:32:5e:e8:a6:b2:66:c0:ff:84:bb:13:80:3f:97:9c:5a:
         ae:fe:40:b4:37:dc:17:be:ad:e4:ec:77:f3:2f:69:a0:ca:bd:
         e1:81:0a:50:b1:48:f4:58:28:89:31:66:ac:57:26:29:1b:10:
         84:59:4c:f3:56:3e:7a:5f:a8:16:e7:c3:7c:46:0c:e0:35:c2:
         56:1b:1b:d2:38:c0:f3:59:1a:43:b1:a6:c5:3d:1b:6c:d5:e6:
         e8:87:3c:b8:b9:b4:fb:f5:a9:ff:f1:29:00:7b:a4:39:28:4d:
         65:12:e7:9d:b7:7f:49:ea:cd:6e:5d:1b:df:4f:98:36:69:be:
         05:dd:9a:ef:8c:b3:ab:f9:0d:ae:75:c5:23:bc:60:61:0d:4f:
         81:16:2b:cf:38:83:9a:9e:71:a9:9b:2d:c7:ab:c0:5d:7b:6f:
         7c:4e:60:bd:a7:49:71:05:a1:58:f5:b0:a7:c6:18:1f:04:7c:
         24:a8:5c:8f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNhcR1wuqGU4RuiTznSgytucKgVgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTI5MDAwMDAwWhcNMjMwMjAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANTY2MzdiYzllYTEzNGVhNzdjMzNhZDYxNDZiYjllNGYz
YmJjMmU0NDc0Y2Q0ZDkxNDViYWY1ZjAyNjQzNTU5YjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKlwB0OzuEyFFZoZw0mpPpTx6xxtR33SPZvls8gh6jGJW5cNrU3q
75uZjInrF6TMbs+ftipNwUJ5G1uDCnnK/Ij0NyJSukdzMPFavqeTf56dhdXn/TBU
HUTOEQPP6T9mOI242Sfec+kMVdvSrn0QWmZGbBSq62SsQ2bMhquH6AmAwCNOvAkX
N3nbfAHYx44uTZLd37E4QYSzsZv96RAgoLXCbF8VIuFNVveah7oizDPS5H4/hS8W
HnKpmrA0Cqngnjt86KovVuwll3oxkZIBSlfsVzyfXg7OwtpsIikegwpjLtRWidXA
rNAxGRhvzBExtRwuYxGiscSPSBrT12hAHYECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTmSPHbRHLNwQGo2SK6l0jOuDL9CTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjM1Y2Q0MDItYmNkZC00NjkwLWFhYzQtZGNlMzk1MDBjMDc0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEq3o+9hY3BkqNa6
Sa9lgTrvCjYKC3if5t+UzLNo7UXzRrFQJDyiyaaNppm86DKfk9d6/V5MB3rK0qMM
HGVAfeN0iPqAcWFvZnl2Ml7oprJmwP+EuxOAP5ecWq7+QLQ33Be+reTsd/MvaaDK
veGBClCxSPRYKIkxZqxXJikbEIRZTPNWPnpfqBbnw3xGDOA1wlYbG9I4wPNZGkOx
psU9G2zV5uiHPLi5tPv1qf/xKQB7pDkoTWUS5523f0nqzW5dG99PmDZpvgXdmu+M
s6v5Da51xSO8YGENT4EWK884g5qecambLcerwF17b3xOYL2nSXEFoVj1sKfGGB8E
fCSoXI8=
-----END CERTIFICATE-----