Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f5cba551-0834-491e-b43a-53d51e049080.roa
File:                     f5cba551-0834-491e-b43a-53d51e049080.roa (raw, json)
Hash identifier:          VjCeVPO0gjqG0PMqqYe44DFFukoGUJO8H5T207u5z6M=
Subject key identifier:   F2:06:D8:37:68:ED:8A:8D:3B:0A:18:01:3E:18:52:AF:41:6D:A3:B4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       16210A5B839B47308C80514B9BF4E09F1EC2D7F1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f5cba551-0834-491e-b43a-53d51e049080.roa
Signing time:             Tue 14 Feb 2023 00:00:00 +0000
ROA not before:           Tue 14 Feb 2023 00:00:00 +0000
ROA not after:            Fri 17 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:21:0a:5b:83:9b:47:30:8c:80:51:4b:9b:f4:e0:9f:1e:c2:d7:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 14 00:00:00 2023 GMT
            Not After : Feb 17 23:59:59 2023 GMT
        Subject: serialNumber=bb687000591f31a0039802dc41edf3f44bda0612b40484e60e6e5bdba01d2ce4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:07:d7:a6:86:2f:e2:79:a0:78:83:1c:92:36:
                    36:97:8f:ea:cd:c3:65:c3:93:8c:b6:77:41:0e:dd:
                    d9:70:4c:39:16:ad:de:83:27:9a:c2:c5:70:05:86:
                    65:b1:08:73:e4:8f:1b:bd:c6:60:62:cc:d3:60:3b:
                    23:1a:55:95:8f:f0:99:0a:6d:86:f7:b0:b0:77:77:
                    67:ff:a3:e3:63:d5:5f:47:91:d9:d2:f2:94:b4:10:
                    89:af:1d:08:c9:6e:98:49:f9:65:85:22:42:eb:a7:
                    42:df:0d:36:5d:5d:5c:dd:47:e7:a4:8c:8c:bd:94:
                    f7:8e:cb:a4:10:eb:ba:a7:3c:64:1d:26:90:c7:0d:
                    0f:e3:a2:92:ce:7e:d0:6a:ba:d1:4b:5b:f3:d8:4c:
                    19:31:fe:e0:98:66:a5:65:42:4b:32:37:f0:ed:3e:
                    bf:63:8c:69:9c:90:29:b3:8e:67:58:da:cb:c1:8e:
                    8d:21:6f:fb:56:a9:c4:45:7b:d9:dc:ef:fb:f0:e7:
                    08:37:7c:f4:36:0e:b2:50:91:6c:2e:51:0d:6f:4c:
                    fd:e6:5d:68:0f:39:25:61:89:b7:44:22:02:6f:d4:
                    1a:e3:fd:12:38:e2:52:ee:b2:f0:45:33:49:2a:f3:
                    83:88:1b:a3:98:7e:67:17:0c:20:f1:c7:32:e4:58:
                    c9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:06:D8:37:68:ED:8A:8D:3B:0A:18:01:3E:18:52:AF:41:6D:A3:B4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f5cba551-0834-491e-b43a-53d51e049080.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:ea:6d:c8:88:9b:b9:cd:9b:4a:8c:b4:a4:7b:e3:b2:c4:bd:
         56:a4:3c:27:11:fd:14:62:f5:2c:fc:d6:7a:e5:0a:d6:98:94:
         7c:f1:be:22:4f:03:d6:55:2f:1a:fc:df:42:83:27:3c:14:62:
         d3:04:4c:b6:96:dc:31:f1:bc:0d:a9:04:43:95:17:78:47:a4:
         e7:f8:43:ba:f6:64:c2:cb:55:46:96:21:8a:dd:5f:b3:36:2c:
         95:4b:77:1c:6b:c8:e8:70:72:85:91:fc:a5:1b:06:60:38:e0:
         7f:e9:49:cf:49:89:f7:51:f1:68:19:a8:e2:68:8b:9b:6c:c9:
         06:94:3d:4b:d2:d2:0a:77:42:0e:56:56:ce:61:ab:f6:e7:6c:
         88:d8:ad:93:04:51:65:7a:fd:43:3a:ef:19:8b:94:dd:7b:12:
         4a:cc:7d:8f:f2:49:8f:61:e5:6f:a7:c5:5c:6b:29:1b:cc:a4:
         3d:e8:00:a7:95:0e:ee:ce:7f:d5:7d:39:92:6a:0c:69:24:9e:
         20:49:9a:a9:28:6e:a4:05:ba:78:6e:95:e6:54:83:85:f5:ca:
         aa:57:77:3f:2d:96:72:6d:92:ac:d8:4c:90:18:5c:0e:77:90:
         4f:dd:c1:7e:bd:48:fb:09:3f:02:69:61:1d:67:ea:5a:dc:31:
         2c:84:8c:ea
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUFiEKW4ObRzCMgFFLm/Tgnx7C1/EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE0MDAwMDAwWhcNMjMwMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmI2ODcwMDA1OTFmMzFhMDAzOTgwMmRjNDFlZGYzZjQ0
YmRhMDYxMmI0MDQ4NGU2MGU2ZTViZGJhMDFkMmNlNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKwH16aGL+J5oHiDHJI2NpeP6s3DZcOTjLZ3QQ7d2XBMORat3oMn
msLFcAWGZbEIc+SPG73GYGLM02A7IxpVlY/wmQpthvewsHd3Z/+j42PVX0eR2dLy
lLQQia8dCMlumEn5ZYUiQuunQt8NNl1dXN1H56SMjL2U947LpBDruqc8ZB0mkMcN
D+Oiks5+0Gq60Utb89hMGTH+4JhmpWVCSzI38O0+v2OMaZyQKbOOZ1jay8GOjSFv
+1apxEV72dzv+/DnCDd89DYOslCRbC5RDW9M/eZdaA85JWGJt0QiAm/UGuP9Ejji
Uu6y8EUzSSrzg4gbo5h+ZxcMIPHHMuRYydECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTyBtg3aO2KjTsKGAE+GFKvQW2jtDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjVjYmE1NTEtMDgzNC00OTFlLWI0M2EtNTNkNTFlMDQ5MDgwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAzqbciIm7nNm0qM
tKR747LEvVakPCcR/RRi9Sz81nrlCtaYlHzxviJPA9ZVLxr830KDJzwUYtMETLaW
3DHxvA2pBEOVF3hHpOf4Q7r2ZMLLVUaWIYrdX7M2LJVLdxxryOhwcoWR/KUbBmA4
4H/pSc9JifdR8WgZqOJoi5tsyQaUPUvS0gp3Qg5WVs5hq/bnbIjYrZMEUWV6/UM6
7xmLlN17EkrMfY/ySY9h5W+nxVxrKRvMpD3oAKeVDu7Of9V9OZJqDGkkniBJmqko
bqQFunhuleZUg4X1yqpXdz8tlnJtkqzYTJAYXA53kE/dwX69SPsJPwJpYR1n6lrc
MSyEjOo=
-----END CERTIFICATE-----