Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0c00dce5-ebcb-49b1-97fa-ff14e83b39a4.roa
File:                     0c00dce5-ebcb-49b1-97fa-ff14e83b39a4.roa (raw, json)
Hash identifier:          57tljZ1R61WLE6f9pdVQiNHjBh4d8CnYIiz1jqYyTNA=
Subject key identifier:   22:55:31:3F:E1:24:56:F2:A2:C5:32:BF:3C:B7:05:50:D3:92:CB:16
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4B3A47DED908AE1DEFD0B3CB33DB62D0F7C47111
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0c00dce5-ebcb-49b1-97fa-ff14e83b39a4.roa
Signing time:             Tue 23 May 2023 00:00:00 +0000
ROA not before:           Tue 23 May 2023 00:00:00 +0000
ROA not after:            Fri 26 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:3a:47:de:d9:08:ae:1d:ef:d0:b3:cb:33:db:62:d0:f7:c4:71:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 23 00:00:00 2023 GMT
            Not After : May 26 23:59:59 2023 GMT
        Subject: serialNumber=4349108dd1746a6ac5c604156532976d37764131a7938312ed964391385f6475, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b7:05:0f:7e:2a:10:ec:0d:ed:82:5f:42:5e:
                    f3:50:82:09:c6:f2:62:9c:a1:05:94:3a:5e:99:56:
                    00:17:1d:b0:41:a8:5a:e6:e8:52:9e:b7:29:3b:c2:
                    44:20:57:98:ea:76:80:e1:88:0d:cb:98:93:fb:bf:
                    b1:96:82:d6:bf:0c:76:54:c9:ae:a0:49:b1:45:1b:
                    1e:45:9f:7d:12:32:f7:51:4e:c1:7c:42:c2:e9:09:
                    3b:04:c9:88:89:6f:b7:9c:94:bd:5e:bb:f7:d7:2d:
                    30:5a:b1:af:49:39:40:1b:95:1d:f6:30:dd:3c:42:
                    d9:fb:e9:05:66:27:72:ca:98:0c:86:6d:83:75:10:
                    d5:d4:52:db:fa:92:29:df:7b:e2:67:f1:d0:3f:7e:
                    78:52:95:31:22:47:52:34:4f:fe:c9:08:75:9a:2b:
                    76:8a:ba:f4:68:2a:08:74:66:0e:e7:2c:c5:25:94:
                    f6:00:8b:59:cb:80:c3:da:65:50:29:66:54:f3:28:
                    57:28:9f:34:c5:ad:86:2a:c4:63:2f:04:06:d9:5c:
                    b0:16:7e:4f:d5:bf:54:96:3a:26:ca:c5:49:32:52:
                    bf:b6:80:b7:f1:84:81:ad:f7:fb:d9:1c:9a:bf:eb:
                    d6:84:52:2f:b0:83:5e:7a:e4:97:e3:a0:02:ab:b3:
                    e7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:55:31:3F:E1:24:56:F2:A2:C5:32:BF:3C:B7:05:50:D3:92:CB:16
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0c00dce5-ebcb-49b1-97fa-ff14e83b39a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:31:5f:e7:17:c4:15:23:0e:e4:e1:1e:bd:57:7f:63:31:83:
         4d:7f:89:f3:78:26:f0:74:f0:41:84:0d:1e:b9:31:43:0c:bb:
         65:72:52:55:54:79:22:bf:33:ea:d9:a5:44:96:90:f1:ac:bf:
         f5:de:3e:2b:66:4c:7b:97:c3:0d:30:d7:b6:a2:53:15:79:c1:
         ec:6e:a0:69:16:93:7c:81:63:e3:65:06:b1:3d:61:a8:6c:03:
         7a:b9:9e:c9:e1:09:3c:16:4c:a5:19:5f:ea:0d:b2:7f:4e:6d:
         1b:b0:06:bd:83:6f:09:f3:cc:1e:43:f7:f8:ca:54:0f:df:32:
         72:d4:6a:bd:9d:04:0c:b4:ee:9c:09:ef:cd:5d:17:f8:11:ad:
         82:ad:33:c1:31:a7:c6:69:81:74:72:f3:be:d8:38:e3:a9:49:
         58:3f:53:42:a1:ad:cc:d9:79:fb:f6:a7:76:de:4f:f4:41:e6:
         bc:85:55:a2:84:67:1d:68:fb:0f:61:7b:27:3d:3e:7c:3c:54:
         42:1e:dc:83:49:4d:de:c0:7a:f1:44:08:75:ed:a4:da:87:b6:
         7d:14:c0:41:ad:d9:26:dc:45:3d:47:11:ab:c1:45:fe:57:21:
         f9:f8:80:ef:f6:8d:0d:3f:f4:3d:6b:13:7e:31:3d:e4:7c:c4:
         68:e7:42:5f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUSzpH3tkIrh3v0LPLM9ti0PfEcREwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIzMDAwMDAwWhcNMjMwNTI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDM0OTEwOGRkMTc0NmE2YWM1YzYwNDE1NjUzMjk3NmQz
Nzc2NDEzMWE3OTM4MzEyZWQ5NjQzOTEzODVmNjQ3NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJq3BQ9+KhDsDe2CX0Je81CCCcbyYpyhBZQ6XplWABcdsEGoWubo
Up63KTvCRCBXmOp2gOGIDcuYk/u/sZaC1r8MdlTJrqBJsUUbHkWffRIy91FOwXxC
wukJOwTJiIlvt5yUvV6799ctMFqxr0k5QBuVHfYw3TxC2fvpBWYncsqYDIZtg3UQ
1dRS2/qSKd974mfx0D9+eFKVMSJHUjRP/skIdZordoq69GgqCHRmDucsxSWU9gCL
WcuAw9plUClmVPMoVyifNMWthirEYy8EBtlcsBZ+T9W/VJY6JsrFSTJSv7aAt/GE
ga33+9kcmr/r1oRSL7CDXnrkl+OgAquz54sCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQiVTE/4SRW8qLFMr88twVQ05LLFjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMGMwMGRjZTUtZWJjYi00OWIxLTk3ZmEtZmYxNGU4M2IzOWE0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFgxX+cXxBUjDuTh
Hr1Xf2Mxg01/ifN4JvB08EGEDR65MUMMu2VyUlVUeSK/M+rZpUSWkPGsv/XePitm
THuXww0w17aiUxV5wexuoGkWk3yBY+NlBrE9YahsA3q5nsnhCTwWTKUZX+oNsn9O
bRuwBr2DbwnzzB5D9/jKVA/fMnLUar2dBAy07pwJ781dF/gRrYKtM8Exp8ZpgXRy
877YOOOpSVg/U0KhrczZefv2p3beT/RB5ryFVaKEZx1o+w9heyc9Pnw8VEIe3INJ
Td7AevFECHXtpNqHtn0UwEGt2SbcRT1HEavBRf5XIfn4gO/2jQ0/9D1rE34xPeR8
xGjnQl8=
-----END CERTIFICATE-----