Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f8e6541a-411b-4729-88d5-62ad10dce097.roa
File:                     f8e6541a-411b-4729-88d5-62ad10dce097.roa (raw, json)
Hash identifier:          pMgvBLKRlQW6Px8c1aAmgTx28kFrqOPAJqlBn6nPz+c=
Subject key identifier:   57:5C:10:5A:0E:32:41:60:F7:95:B6:40:E8:32:4F:92:FD:38:C7:9E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       02EC128C57A47D7BE7ED84FAD1786BED9DC95AA6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f8e6541a-411b-4729-88d5-62ad10dce097.roa
Signing time:             Wed 22 Mar 2023 00:00:00 +0000
ROA not before:           Wed 22 Mar 2023 00:00:00 +0000
ROA not after:            Sat 25 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ec:12:8c:57:a4:7d:7b:e7:ed:84:fa:d1:78:6b:ed:9d:c9:5a:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 22 00:00:00 2023 GMT
            Not After : Mar 25 23:59:59 2023 GMT
        Subject: serialNumber=98a0b4cb76d12afa00d7d75d9bf285192d8cc5533849a53eb6eb65c4ac0af469, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c0:0a:de:31:cb:32:55:10:4b:89:a9:e5:09:
                    8b:1b:82:65:6e:dc:a4:a5:85:be:5c:13:7e:fb:e8:
                    77:c8:21:05:4e:49:87:41:b6:e8:d7:1e:20:5f:f7:
                    f8:5d:ee:85:82:82:a4:be:53:e6:7f:ca:9a:a8:ca:
                    69:5f:a9:bf:da:79:5b:3a:dc:5f:85:68:ca:28:6d:
                    45:b6:0b:39:b7:66:5f:af:a4:26:0d:73:88:e0:d6:
                    70:2d:d4:fc:bd:57:18:96:13:ce:4d:9d:00:0e:b4:
                    21:a6:b2:b3:78:a8:ab:e6:3b:bd:cf:38:77:44:17:
                    4a:98:26:6c:6d:e9:8f:19:8f:e9:b5:8a:f8:57:c9:
                    e6:e7:47:37:9f:60:fe:dc:1b:1d:87:8a:19:d9:ce:
                    76:16:a0:37:9c:92:12:27:c0:4a:cc:71:a2:68:f1:
                    dd:dc:b3:29:3c:9e:2a:d9:5d:16:80:6f:f8:79:c6:
                    39:22:d9:c1:6c:44:90:5d:db:73:ce:b8:61:72:d2:
                    a7:c4:a6:69:e9:a9:dd:12:18:94:91:ba:26:c2:46:
                    db:7e:fa:e7:b4:a5:50:12:a0:71:30:72:3b:95:95:
                    e5:84:ed:4d:d4:d6:ad:e8:54:0e:16:78:eb:f1:f5:
                    d8:5b:9d:b1:f7:4d:7a:04:15:94:b3:91:60:2b:d6:
                    b5:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:5C:10:5A:0E:32:41:60:F7:95:B6:40:E8:32:4F:92:FD:38:C7:9E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f8e6541a-411b-4729-88d5-62ad10dce097.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:30:0a:65:7d:70:90:d5:45:55:12:22:72:40:d6:58:83:cd:
         29:11:33:3a:e3:e1:d7:fe:9e:63:db:19:cd:48:e0:9e:6d:45:
         a3:f5:98:7d:f1:d1:77:79:9f:6b:f7:8c:50:ec:04:7c:72:9c:
         04:d1:fa:8d:0e:e6:a5:98:13:8c:39:cb:e1:6e:27:95:0b:05:
         bf:50:d4:f0:6b:14:65:4a:31:40:c9:e0:56:1c:e7:a2:5f:7e:
         d9:a4:5a:3a:5d:ca:81:67:dc:8c:2d:19:64:f4:c9:bf:1e:c9:
         8a:71:9b:eb:23:4b:36:c5:31:e3:ad:1d:38:1c:c5:45:33:71:
         66:c8:72:ef:e1:f8:d6:3f:4c:75:0b:34:94:ae:72:9c:13:dd:
         ef:94:75:37:87:c1:3b:db:95:dc:28:84:69:00:9d:8d:9a:3e:
         b5:f1:ac:aa:87:7e:fb:0b:65:81:d4:ef:87:7f:d7:2e:1c:37:
         c9:e7:2b:9b:04:79:8c:6a:0b:49:45:eb:14:05:95:2a:c1:e0:
         79:bb:d2:68:d5:2b:76:ee:b6:84:e3:ea:1c:28:13:33:80:7b:
         a1:d0:d2:85:fa:bc:7a:4c:b9:14:c6:44:e9:4a:b9:f6:2f:45:
         f4:34:60:fc:9e:02:d3:a5:bd:73:b5:cd:8e:de:a0:05:a9:cf:
         ba:42:35:47
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAuwSjFekfXvn7YT60Xhr7Z3JWqYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIyMDAwMDAwWhcNMjMwMzI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOThhMGI0Y2I3NmQxMmFmYTAwZDdkNzVkOWJmMjg1MTky
ZDhjYzU1MzM4NDlhNTNlYjZlYjY1YzRhYzBhZjQ2OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJfACt4xyzJVEEuJqeUJixuCZW7cpKWFvlwTfvvod8ghBU5Jh0G2
6NceIF/3+F3uhYKCpL5T5n/KmqjKaV+pv9p5WzrcX4VoyihtRbYLObdmX6+kJg1z
iODWcC3U/L1XGJYTzk2dAA60Iaays3ioq+Y7vc84d0QXSpgmbG3pjxmP6bWK+FfJ
5udHN59g/twbHYeKGdnOdhagN5ySEifASsxxomjx3dyzKTyeKtldFoBv+HnGOSLZ
wWxEkF3bc864YXLSp8Smaemp3RIYlJG6JsJG237657SlUBKgcTByO5WV5YTtTdTW
rehUDhZ46/H12FudsfdNegQVlLORYCvWtcUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRXXBBaDjJBYPeVtkDoMk+S/TjHnjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjhlNjU0MWEtNDExYi00NzI5LTg4ZDUtNjJhZDEwZGNlMDk3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABQwCmV9cJDVRVUS
InJA1liDzSkRMzrj4df+nmPbGc1I4J5tRaP1mH3x0Xd5n2v3jFDsBHxynATR+o0O
5qWYE4w5y+FuJ5ULBb9Q1PBrFGVKMUDJ4FYc56JfftmkWjpdyoFn3IwtGWT0yb8e
yYpxm+sjSzbFMeOtHTgcxUUzcWbIcu/h+NY/THULNJSucpwT3e+UdTeHwTvbldwo
hGkAnY2aPrXxrKqHfvsLZYHU74d/1y4cN8nnK5sEeYxqC0lF6xQFlSrB4Hm70mjV
K3butoTj6hwoEzOAe6HQ0oX6vHpMuRTGROlKufYvRfQ0YPyeAtOlvXO1zY7eoAWp
z7pCNUc=
-----END CERTIFICATE-----