Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f4229f05-0047-4ae1-9f49-b7c60d336476.roa
File:                     f4229f05-0047-4ae1-9f49-b7c60d336476.roa (raw, json)
Hash identifier:          3bRDucMeDVoDRzj459h8r6OGJDcWkXUzJS1c8iqFtMs=
Subject key identifier:   87:C4:91:97:93:94:05:C7:94:83:F1:15:03:6D:13:36:61:B6:6B:85
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       16E4920A8F6792B91410AF5791BC12EEFC435951
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f4229f05-0047-4ae1-9f49-b7c60d336476.roa
Signing time:             Fri 07 Apr 2023 00:00:00 +0000
ROA not before:           Fri 07 Apr 2023 00:00:00 +0000
ROA not after:            Mon 10 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:e4:92:0a:8f:67:92:b9:14:10:af:57:91:bc:12:ee:fc:43:59:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  7 00:00:00 2023 GMT
            Not After : Apr 10 23:59:59 2023 GMT
        Subject: serialNumber=78047319ce582ce7158183caed48179013772d3a266ea4281f0965a660d3d8c6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:25:a7:52:ac:fe:05:e5:aa:d9:7a:34:1a:a6:
                    fe:9f:17:84:d0:68:97:f3:80:ea:cf:9a:56:e9:62:
                    4f:9b:f8:e4:e9:7c:90:39:db:06:2f:31:98:b1:b4:
                    24:40:3f:80:bd:30:0a:a2:d6:2b:03:c1:49:e2:ed:
                    39:2e:9b:2c:1e:dd:60:94:ef:c2:49:18:e4:56:5b:
                    69:fe:b6:12:32:03:06:b6:0d:25:a7:8e:b6:11:18:
                    43:68:5c:27:27:0e:e8:13:2f:9b:94:c4:09:78:8f:
                    94:82:59:d1:65:5c:75:74:66:58:d1:df:84:7e:97:
                    50:81:3b:88:bc:d4:79:b7:dd:ce:ec:67:88:42:6f:
                    de:a0:60:76:a1:aa:45:3f:9f:43:8d:81:73:7a:ec:
                    57:64:73:6c:b3:aa:4a:c6:df:4a:02:26:9b:55:9d:
                    65:ab:02:c1:84:c7:4d:58:1a:2e:81:a6:c6:7b:44:
                    23:4e:bc:85:e8:9b:11:4d:c1:de:a2:07:7c:c3:be:
                    f4:f4:84:6b:b9:2c:34:20:78:db:bc:48:5e:0c:2a:
                    da:5f:2e:71:29:3d:32:09:a0:f0:23:0c:26:6a:bd:
                    28:d6:c2:65:91:34:41:10:f4:9b:02:a6:48:40:2c:
                    0b:91:89:b2:42:3b:2d:34:d3:f3:a1:e4:87:e6:31:
                    37:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:C4:91:97:93:94:05:C7:94:83:F1:15:03:6D:13:36:61:B6:6B:85
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f4229f05-0047-4ae1-9f49-b7c60d336476.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:48:c4:8f:c4:3f:98:47:ed:72:36:4c:fa:63:e3:d0:41:03:
         fa:f6:e5:8a:92:c4:f3:31:d9:7e:2d:e4:c0:eb:52:54:0d:6f:
         1a:86:c8:f3:d4:fa:8b:d7:c3:ae:b3:19:ab:be:2c:e4:9e:aa:
         62:d3:36:64:2f:42:2b:67:b7:b0:66:24:0c:ce:56:eb:ca:bb:
         61:dc:ff:f4:6d:24:0f:e6:1c:e2:44:c2:55:1d:e8:a7:78:18:
         14:ce:18:7b:26:28:e7:a4:5e:b6:a9:bb:d3:ed:0f:d8:2b:d8:
         ec:59:7f:22:9d:6a:38:8f:0e:85:97:85:9b:4f:f7:85:16:5a:
         ed:c5:17:23:9b:97:bf:54:0b:a1:3f:7e:6e:83:83:bd:ad:b3:
         67:89:12:03:7c:29:5a:4a:25:88:56:cf:93:ea:98:2f:d7:d3:
         23:ba:77:13:14:64:42:7e:19:6b:ed:09:d2:9f:74:72:2c:0d:
         5d:b5:bb:6f:d7:ee:f5:9f:6a:f5:a3:41:40:0c:d2:fd:dc:3c:
         0e:26:59:f2:6e:6b:06:61:54:c8:7d:5f:39:c1:52:78:ad:92:
         b0:bf:0d:89:70:77:89:22:d2:ba:92:3b:69:c9:e4:69:31:7d:
         0d:c2:31:04:ca:e9:8a:da:70:30:66:a7:57:fb:32:45:51:9d:
         71:8d:59:fd
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUFuSSCo9nkrkUEK9XkbwS7vxDWVEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA3MDAwMDAwWhcNMjMwNDEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzgwNDczMTljZTU4MmNlNzE1ODE4M2NhZWQ0ODE3OTAx
Mzc3MmQzYTI2NmVhNDI4MWYwOTY1YTY2MGQzZDhjNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANAlp1Ks/gXlqtl6NBqm/p8XhNBol/OA6s+aVuliT5v45Ol8kDnb
Bi8xmLG0JEA/gL0wCqLWKwPBSeLtOS6bLB7dYJTvwkkY5FZbaf62EjIDBrYNJaeO
thEYQ2hcJycO6BMvm5TECXiPlIJZ0WVcdXRmWNHfhH6XUIE7iLzUebfdzuxniEJv
3qBgdqGqRT+fQ42Bc3rsV2RzbLOqSsbfSgImm1WdZasCwYTHTVgaLoGmxntEI068
heibEU3B3qIHfMO+9PSEa7ksNCB427xIXgwq2l8ucSk9Mgmg8CMMJmq9KNbCZZE0
QRD0mwKmSEAsC5GJskI7LTTT86Hkh+YxN/0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSHxJGXk5QFx5SD8RUDbRM2YbZrhTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjQyMjlmMDUtMDA0Ny00YWUxLTlmNDktYjdjNjBkMzM2NDc2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACRIxI/EP5hH7XI2
TPpj49BBA/r25YqSxPMx2X4t5MDrUlQNbxqGyPPU+ovXw66zGau+LOSeqmLTNmQv
Qitnt7BmJAzOVuvKu2Hc//RtJA/mHOJEwlUd6Kd4GBTOGHsmKOekXrapu9PtD9gr
2OxZfyKdajiPDoWXhZtP94UWWu3FFyObl79UC6E/fm6Dg72ts2eJEgN8KVpKJYhW
z5PqmC/X0yO6dxMUZEJ+GWvtCdKfdHIsDV21u2/X7vWfavWjQUAM0v3cPA4mWfJu
awZhVMh9XznBUnitkrC/DYlwd4ki0rqSO2nJ5GkxfQ3CMQTK6YracDBmp1f7MkVR
nXGNWf0=
-----END CERTIFICATE-----