Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c4f6b20-e751-4033-b81e-675724ce2a1d.roa
File:                     1c4f6b20-e751-4033-b81e-675724ce2a1d.roa (raw, json)
Hash identifier:          2jM+KoBqTGKjIff/dVCexSnSo6nDGJ2JD0Hs0qRpxLA=
Subject key identifier:   DB:83:DD:93:6C:79:2A:B8:39:A6:97:E4:84:58:DB:13:61:5A:1A:5B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       59BAE97F4CDA6DF10736D6420BDCCCEEB3E1D661
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c4f6b20-e751-4033-b81e-675724ce2a1d.roa
Signing time:             Fri 19 May 2023 00:00:00 +0000
ROA not before:           Fri 19 May 2023 00:00:00 +0000
ROA not after:            Mon 22 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:ba:e9:7f:4c:da:6d:f1:07:36:d6:42:0b:dc:cc:ee:b3:e1:d6:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 19 00:00:00 2023 GMT
            Not After : May 22 23:59:59 2023 GMT
        Subject: serialNumber=3d143b640b814f6ce7d0888d51c1b986bbe806c1031cf4db6fde54f007b515c1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:06:61:73:3c:d3:c8:dc:9a:85:82:11:ed:5f:
                    4e:75:6b:1f:2b:17:2c:91:3c:78:e5:ce:20:16:b7:
                    bc:65:13:84:da:4d:08:90:f2:8d:45:81:e5:a6:77:
                    56:82:52:13:73:93:18:62:fa:fb:60:e5:8e:38:24:
                    3b:76:23:2a:b5:06:99:a2:54:0f:f6:27:a0:cd:13:
                    e5:d3:3c:eb:86:02:fb:b9:3a:28:25:69:a0:0e:b0:
                    8f:95:7f:84:de:56:c3:95:01:48:c2:f9:b9:dc:db:
                    59:15:25:84:a7:62:d6:ee:34:ae:f0:88:76:22:14:
                    28:3a:10:23:a4:7c:e3:68:ad:d3:6d:fe:0f:7d:7c:
                    25:d7:12:ae:2d:4b:fb:28:dc:fd:55:48:83:32:d8:
                    32:e3:f9:63:93:dc:f0:ac:05:ba:75:d0:02:e3:49:
                    0b:f3:8e:77:d0:27:69:2e:7e:cc:97:08:b7:2c:88:
                    8b:ed:13:eb:11:36:fb:e9:41:81:09:37:4e:e3:d8:
                    00:6a:4a:ab:6d:b9:a3:66:66:66:31:7e:48:83:37:
                    56:f0:a2:e6:bb:f5:f9:25:00:8f:41:8d:4a:b5:aa:
                    4d:b1:ed:6e:26:b7:71:a3:a5:85:60:97:e3:ec:3b:
                    52:5f:87:b5:b4:63:d5:34:05:2b:8d:77:2d:d0:44:
                    05:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:83:DD:93:6C:79:2A:B8:39:A6:97:E4:84:58:DB:13:61:5A:1A:5B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c4f6b20-e751-4033-b81e-675724ce2a1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:52:29:17:5b:22:29:ef:6d:31:e0:52:49:01:53:c4:e0:ad:
         10:cb:93:38:cc:fa:51:63:0c:b7:11:b7:16:a5:16:e4:6b:54:
         48:b3:90:f5:34:52:d5:b8:c8:47:1b:44:29:e9:7d:a3:32:a9:
         97:b1:c4:ac:48:ef:dc:00:6b:1f:39:32:39:fa:81:29:a6:7c:
         20:40:a5:c0:60:1d:6f:df:86:ce:0e:02:1a:67:c2:e0:14:c4:
         3d:fb:35:db:15:cb:65:75:d6:ba:87:63:8d:10:54:6d:fa:ef:
         47:ff:a3:ff:1d:9f:fb:e4:ea:ae:e1:d5:b6:21:fa:6e:1d:79:
         29:bd:05:74:3a:2f:81:13:66:d6:df:2f:53:3e:4a:7c:be:96:
         df:23:08:26:54:42:a1:81:a8:1a:98:56:93:d3:41:33:ae:65:
         85:8b:28:3e:4b:b0:ec:18:2f:85:ca:7a:92:7d:2a:f0:96:09:
         d8:0a:d9:d1:c1:90:80:4f:e0:c6:ca:14:96:82:a1:99:c2:8f:
         86:e1:75:4c:ca:7c:ec:1d:35:98:cf:50:73:7d:c7:09:78:a1:
         40:62:5a:fb:7c:ab:74:ef:e8:ec:da:20:4e:82:56:5a:26:ee:
         05:1e:db:b7:cd:0b:b3:74:68:63:39:cb:50:04:6e:81:5b:af:
         c8:ca:13:59
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUWbrpf0zabfEHNtZCC9zM7rPh1mEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE5MDAwMDAwWhcNMjMwNTIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2QxNDNiNjQwYjgxNGY2Y2U3ZDA4ODhkNTFjMWI5ODZi
YmU4MDZjMTAzMWNmNGRiNmZkZTU0ZjAwN2I1MTVjMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMQGYXM808jcmoWCEe1fTnVrHysXLJE8eOXOIBa3vGUThNpNCJDy
jUWB5aZ3VoJSE3OTGGL6+2DljjgkO3YjKrUGmaJUD/YnoM0T5dM864YC+7k6KCVp
oA6wj5V/hN5Ww5UBSML5udzbWRUlhKdi1u40rvCIdiIUKDoQI6R842it023+D318
JdcSri1L+yjc/VVIgzLYMuP5Y5Pc8KwFunXQAuNJC/OOd9AnaS5+zJcItyyIi+0T
6xE2++lBgQk3TuPYAGpKq225o2ZmZjF+SIM3VvCi5rv1+SUAj0GNSrWqTbHtbia3
caOlhWCX4+w7Ul+HtbRj1TQFK413LdBEBb8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTbg92TbHkquDmml+SEWNsTYVoaWzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWM0ZjZiMjAtZTc1MS00MDMzLWI4MWUtNjc1NzI0Y2UyYTFkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHlSKRdbIinvbTHg
UkkBU8TgrRDLkzjM+lFjDLcRtxalFuRrVEizkPU0UtW4yEcbRCnpfaMyqZexxKxI
79wAax85Mjn6gSmmfCBApcBgHW/fhs4OAhpnwuAUxD37NdsVy2V11rqHY40QVG36
70f/o/8dn/vk6q7h1bYh+m4deSm9BXQ6L4ETZtbfL1M+Sny+lt8jCCZUQqGBqBqY
VpPTQTOuZYWLKD5LsOwYL4XKepJ9KvCWCdgK2dHBkIBP4MbKFJaCoZnCj4bhdUzK
fOwdNZjPUHN9xwl4oUBiWvt8q3Tv6OzaIE6CVlom7gUe27fNC7N0aGM5y1AEboFb
r8jKE1k=
-----END CERTIFICATE-----