Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f53c0181-b823-49e7-81f4-8d34679f7416.roa
File:                     f53c0181-b823-49e7-81f4-8d34679f7416.roa (raw, json)
Hash identifier:          nzdMcF7XYLdiZIVDN2L8zxJeuJW3YNjKoaxTT252EOU=
Subject key identifier:   0D:43:82:48:40:26:89:79:C3:58:3E:3E:F9:D4:68:00:25:23:A8:00
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0E365EE57251A7BD8C86B9CBD78EB1BBE056F61F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f53c0181-b823-49e7-81f4-8d34679f7416.roa
Signing time:             Sun 12 Mar 2023 00:00:00 +0000
ROA not before:           Sun 12 Mar 2023 00:00:00 +0000
ROA not after:            Wed 15 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:36:5e:e5:72:51:a7:bd:8c:86:b9:cb:d7:8e:b1:bb:e0:56:f6:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 12 00:00:00 2023 GMT
            Not After : Mar 15 23:59:59 2023 GMT
        Subject: serialNumber=f8fe131ca14921da16c7d92056ec8bccfe123ce5ba742ad3ad000f9b15fdc1b0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ac:63:2c:2c:39:fd:f5:6f:6a:a3:dd:ad:00:
                    43:16:83:5f:d6:0e:1c:d3:f2:2b:0c:8e:fc:3c:49:
                    fc:57:d5:4d:0d:43:61:df:ed:16:cb:73:0a:da:4c:
                    21:7c:2f:94:c2:61:25:a1:e8:ed:6b:90:fd:a0:ab:
                    79:5c:e3:07:d3:3f:5c:ce:37:1f:3b:01:cd:09:43:
                    25:70:de:14:c9:d0:a4:39:8f:1a:88:1a:4b:81:26:
                    0e:5d:b9:6b:4b:17:54:44:4f:33:ac:de:f7:fa:35:
                    c8:6e:55:a6:60:05:39:a7:93:a0:d9:63:c1:1d:2d:
                    be:d4:01:38:ac:44:dc:bf:c9:5a:12:d9:6b:8d:b0:
                    1b:24:33:c6:8a:51:69:e8:f1:88:33:c3:ff:9f:43:
                    96:39:81:25:7e:5e:d0:65:f5:cf:b7:e9:32:41:f8:
                    29:97:ff:aa:4c:ba:c8:4c:9b:88:27:e9:d5:d3:23:
                    24:88:bc:0f:ac:87:e6:2e:db:0e:37:4d:c1:e4:6a:
                    8a:ab:5f:7d:64:45:05:00:5f:be:4e:c1:3a:c4:56:
                    b3:7c:d0:be:cc:7b:1f:95:4f:56:f1:53:73:8a:6e:
                    58:8e:e4:09:1d:a5:b8:40:68:2d:20:8f:38:81:75:
                    d4:50:d8:29:10:f3:c0:2c:d5:3d:46:91:ce:e4:d3:
                    9b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:43:82:48:40:26:89:79:C3:58:3E:3E:F9:D4:68:00:25:23:A8:00
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f53c0181-b823-49e7-81f4-8d34679f7416.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:77:fc:01:c9:0c:99:bf:40:b0:15:65:f1:6a:e8:42:56:66:
         c8:d7:e4:07:8e:76:3e:e8:fe:bd:fd:b3:7b:33:1d:8a:b3:66:
         bb:84:3d:57:ce:30:7b:c6:b3:c8:47:6e:d7:ad:d6:af:5b:13:
         eb:56:00:de:b9:ed:64:46:32:95:bb:34:51:7f:10:8f:2b:75:
         74:eb:6d:51:37:36:8b:ff:3a:33:f6:71:d4:18:0b:8a:45:01:
         d5:a9:9d:39:d1:e7:c6:1f:26:ab:95:01:0a:06:68:dc:79:9b:
         33:a9:24:4b:cf:cc:e0:fd:f8:cd:1a:b4:6f:8c:c1:93:84:05:
         28:cd:4d:16:8b:fe:88:2e:21:61:c4:3e:78:7e:69:74:8a:1d:
         88:cc:ff:9a:dc:b2:1a:4b:f1:80:0b:35:f5:d7:d0:14:01:be:
         57:89:78:01:20:10:ff:d8:9d:96:fc:04:13:2f:08:80:fc:3c:
         ea:a3:e1:05:a4:d9:ff:8b:ff:44:89:c4:ee:d0:04:8c:55:55:
         20:8e:92:1c:3a:27:71:0f:0b:a0:96:77:52:b4:53:87:82:89:
         f6:95:13:e1:b0:ae:bd:12:aa:4a:72:a3:11:43:19:a0:db:20:
         63:aa:d0:a6:2b:3a:d1:a7:11:1c:5d:4e:e0:d9:9b:63:93:7d:
         57:fc:d3:e1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDjZe5XJRp72MhrnL146xu+BW9h8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEyMDAwMDAwWhcNMjMwMzE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjhmZTEzMWNhMTQ5MjFkYTE2YzdkOTIwNTZlYzhiY2Nm
ZTEyM2NlNWJhNzQyYWQzYWQwMDBmOWIxNWZkYzFiMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMqsYywsOf31b2qj3a0AQxaDX9YOHNPyKwyO/DxJ/FfVTQ1DYd/t
FstzCtpMIXwvlMJhJaHo7WuQ/aCreVzjB9M/XM43HzsBzQlDJXDeFMnQpDmPGoga
S4EmDl25a0sXVERPM6ze9/o1yG5VpmAFOaeToNljwR0tvtQBOKxE3L/JWhLZa42w
GyQzxopRaejxiDPD/59DljmBJX5e0GX1z7fpMkH4KZf/qky6yEybiCfp1dMjJIi8
D6yH5i7bDjdNweRqiqtffWRFBQBfvk7BOsRWs3zQvsx7H5VPVvFTc4puWI7kCR2l
uEBoLSCPOIF11FDYKRDzwCzVPUaRzuTTm9cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQNQ4JIQCaJecNYPj751GgAJSOoADAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjUzYzAxODEtYjgyMy00OWU3LTgxZjQtOGQzNDY3OWY3NDE2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEp3/AHJDJm/QLAV
ZfFq6EJWZsjX5AeOdj7o/r39s3szHYqzZruEPVfOMHvGs8hHbtet1q9bE+tWAN65
7WRGMpW7NFF/EI8rdXTrbVE3Nov/OjP2cdQYC4pFAdWpnTnR58YfJquVAQoGaNx5
mzOpJEvPzOD9+M0atG+MwZOEBSjNTRaL/oguIWHEPnh+aXSKHYjM/5rcshpL8YAL
NfXX0BQBvleJeAEgEP/YnZb8BBMvCID8POqj4QWk2f+L/0SJxO7QBIxVVSCOkhw6
J3EPC6CWd1K0U4eCifaVE+Gwrr0SqkpyoxFDGaDbIGOq0KYrOtGnERxdTuDZm2OT
fVf80+E=
-----END CERTIFICATE-----