Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2150a6b3-d915-428f-9e66-1e374df78641.roa
File:                     2150a6b3-d915-428f-9e66-1e374df78641.roa (raw, json)
Hash identifier:          32X4v1/nHhF3pu4v1KcrJ+C6renPpg/ErcGQ7jE2qdY=
Subject key identifier:   98:06:3B:36:DA:11:83:FC:AA:9A:D7:31:8E:93:05:5C:3C:F8:88:CB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6E86C9153A07F7C263FBD741E1D9F21323B05B13
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2150a6b3-d915-428f-9e66-1e374df78641.roa
Signing time:             Sun 21 May 2023 00:00:00 +0000
ROA not before:           Sun 21 May 2023 00:00:00 +0000
ROA not after:            Wed 24 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:86:c9:15:3a:07:f7:c2:63:fb:d7:41:e1:d9:f2:13:23:b0:5b:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 21 00:00:00 2023 GMT
            Not After : May 24 23:59:59 2023 GMT
        Subject: serialNumber=8949ce39c179ae7555cd0bd2e60b249b2e44264bbb6137d16cd36942e2fe4275, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:1e:51:f9:42:38:81:30:47:aa:fb:36:49:3e:
                    f9:bb:08:21:9e:71:91:f7:cd:59:a7:39:db:03:64:
                    2e:12:6c:9d:23:a3:3b:e2:72:ba:2b:cf:8f:6c:3f:
                    2d:04:26:93:4f:78:1b:41:e1:a2:d6:38:87:71:9d:
                    d2:66:45:69:d5:7f:74:b5:a3:14:5d:80:68:dc:ff:
                    95:13:48:e2:2b:9b:35:6e:d0:b7:b7:d7:ce:fc:1a:
                    82:15:74:27:7a:fc:1d:46:b3:79:87:6b:d8:87:98:
                    45:1a:55:d6:87:50:ea:b6:6d:6d:42:12:a7:a0:84:
                    41:5e:31:4d:74:49:8e:ff:b4:74:81:e6:db:2d:3c:
                    19:a2:dd:a2:8b:31:aa:f6:50:a2:32:69:0f:5c:32:
                    a9:e4:64:64:61:e2:53:ed:23:1d:b9:b0:79:65:1f:
                    44:e4:80:ba:6f:e1:b2:66:83:d5:35:c2:95:ed:99:
                    4c:94:ee:2c:4b:9d:a8:06:de:02:39:b7:bd:79:a8:
                    4d:e0:ba:27:16:f0:e1:a0:e5:8c:31:de:91:69:fb:
                    ae:ea:6f:38:c5:90:ec:d9:95:6c:ac:88:54:19:ae:
                    8b:08:c9:f7:2c:fe:93:aa:49:f9:e3:dd:d9:4b:9d:
                    b9:35:65:62:dc:c4:eb:3f:cd:05:b3:5d:3a:dd:b5:
                    45:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:06:3B:36:DA:11:83:FC:AA:9A:D7:31:8E:93:05:5C:3C:F8:88:CB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2150a6b3-d915-428f-9e66-1e374df78641.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ac:ba:50:3a:4c:67:9d:da:02:bc:5a:97:99:42:21:62:b1:
         b2:9d:d4:68:f3:a8:7f:bc:f6:e0:77:10:b9:15:55:60:f6:38:
         f7:84:a6:0a:ea:82:43:25:46:81:43:0b:e5:50:d6:d0:f9:42:
         61:c5:3a:fc:33:4e:cd:68:a2:d0:72:3c:45:70:cb:35:ae:d2:
         95:e8:f6:40:6b:05:ea:2d:22:a2:d4:dc:43:90:44:d4:2f:ef:
         d8:14:09:ee:3c:e3:48:69:23:63:3b:6d:58:95:26:bd:e8:8c:
         b3:4a:69:08:2a:ed:09:d1:74:32:14:14:ec:46:08:83:27:15:
         de:f7:2a:99:06:22:ab:ce:1f:39:27:d3:8c:fd:ba:ee:20:60:
         c8:51:b1:7a:50:0c:84:60:a4:3f:a7:33:d6:76:fc:14:86:f3:
         7b:b1:8c:93:24:01:28:b2:cd:31:45:91:0e:9f:ca:fd:39:73:
         e7:b0:e6:a2:93:af:a6:79:dc:1e:b9:e7:6c:32:b4:c8:21:49:
         ca:28:73:2f:af:5b:ce:50:98:44:a2:6e:2d:51:9e:1c:55:71:
         19:69:1c:ab:a2:e1:af:27:33:7b:ed:f4:b5:4e:c6:2d:ca:6a:
         18:cb:85:57:15:ca:b7:f9:5e:a3:2a:f4:b5:69:99:ec:cf:36:
         93:f8:fa:58
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbobJFToH98Jj+9dB4dnyEyOwWxMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIxMDAwMDAwWhcNMjMwNTI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODk0OWNlMzljMTc5YWU3NTU1Y2QwYmQyZTYwYjI0OWIy
ZTQ0MjY0YmJiNjEzN2QxNmNkMzY5NDJlMmZlNDI3NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM8eUflCOIEwR6r7Nkk++bsIIZ5xkffNWac52wNkLhJsnSOjO+Jy
uivPj2w/LQQmk094G0HhotY4h3Gd0mZFadV/dLWjFF2AaNz/lRNI4iubNW7Qt7fX
zvwaghV0J3r8HUazeYdr2IeYRRpV1odQ6rZtbUISp6CEQV4xTXRJjv+0dIHm2y08
GaLdoosxqvZQojJpD1wyqeRkZGHiU+0jHbmweWUfROSAum/hsmaD1TXCle2ZTJTu
LEudqAbeAjm3vXmoTeC6Jxbw4aDljDHekWn7rupvOMWQ7NmVbKyIVBmuiwjJ9yz+
k6pJ+ePd2UuduTVlYtzE6z/NBbNdOt21Rc8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSYBjs22hGD/Kqa1zGOkwVcPPiIyzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjE1MGE2YjMtZDkxNS00MjhmLTllNjYtMWUzNzRkZjc4NjQxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJisulA6TGed2gK8
WpeZQiFisbKd1GjzqH+89uB3ELkVVWD2OPeEpgrqgkMlRoFDC+VQ1tD5QmHFOvwz
Ts1ootByPEVwyzWu0pXo9kBrBeotIqLU3EOQRNQv79gUCe4840hpI2M7bViVJr3o
jLNKaQgq7QnRdDIUFOxGCIMnFd73KpkGIqvOHzkn04z9uu4gYMhRsXpQDIRgpD+n
M9Z2/BSG83uxjJMkASiyzTFFkQ6fyv05c+ew5qKTr6Z53B6552wytMghScoocy+v
W85QmESibi1RnhxVcRlpHKui4a8nM3vt9LVOxi3KahjLhVcVyrf5XqMq9LVpmezP
NpP4+lg=
-----END CERTIFICATE-----