Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2ed8ad40-c384-494d-b5d3-596fdd58871e.roa
File:                     2ed8ad40-c384-494d-b5d3-596fdd58871e.roa (raw, json)
Hash identifier:          f4351q1m99StPKhS6ywQnZOKhgFoudoutSXm56GE3NI=
Subject key identifier:   D0:05:0D:5C:34:A9:FE:29:BC:9A:7E:3E:20:7A:0A:E9:BE:0E:89:D9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       69CAC4C2747B4CAE9132870DBB3A75168BF682DC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2ed8ad40-c384-494d-b5d3-596fdd58871e.roa
Signing time:             Sun 21 May 2023 00:00:00 +0000
ROA not before:           Sun 21 May 2023 00:00:00 +0000
ROA not after:            Wed 24 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:ca:c4:c2:74:7b:4c:ae:91:32:87:0d:bb:3a:75:16:8b:f6:82:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 21 00:00:00 2023 GMT
            Not After : May 24 23:59:59 2023 GMT
        Subject: serialNumber=556d7a87f321a86855e7b87130076876e0cfbc15fffe2784b43095ab746b138b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ce:14:01:2f:f9:ba:74:cb:b6:8e:44:9b:40:
                    b3:5a:a9:a7:30:51:c2:69:47:a4:da:96:1e:4a:f2:
                    96:78:51:3b:81:a2:10:89:2f:e0:a4:1d:40:33:e0:
                    6f:dc:9b:ad:53:47:99:2b:0f:9f:99:ae:2f:fd:d6:
                    83:1e:b6:5e:c9:b7:5b:03:6f:3f:f5:b4:e4:21:11:
                    fb:23:61:ac:c9:79:3c:42:6c:c7:96:9a:f7:ea:05:
                    26:c1:82:e5:13:79:19:1f:b0:ac:6a:13:44:d3:80:
                    f9:44:89:ff:8b:11:57:bb:3c:1b:7b:f4:26:88:d4:
                    13:74:a8:78:1b:40:9d:9a:c4:83:32:46:13:3d:09:
                    27:07:eb:86:d7:10:d3:e7:18:b5:85:1f:39:db:df:
                    8b:f8:a8:73:52:4e:9b:85:ad:37:8d:90:10:53:97:
                    e2:31:7c:ce:27:47:06:f9:36:42:72:f0:bd:44:d8:
                    a4:f0:e1:d4:8b:74:de:b8:49:6e:bf:4a:6c:87:18:
                    55:80:e4:63:23:93:ba:9a:5d:9e:55:a2:69:e0:81:
                    c7:6f:a9:52:76:25:71:01:b3:f6:b6:01:c9:55:23:
                    47:db:ce:b5:43:85:11:9a:f2:34:01:76:7e:83:ad:
                    a0:72:92:f5:6f:9e:be:64:56:81:fc:57:cb:2a:cf:
                    6b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:05:0D:5C:34:A9:FE:29:BC:9A:7E:3E:20:7A:0A:E9:BE:0E:89:D9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2ed8ad40-c384-494d-b5d3-596fdd58871e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:17:3f:65:79:9a:b8:08:ed:07:5e:7a:bd:67:9b:5d:b5:dd:
         71:97:69:16:35:a9:fb:03:ca:f1:c0:c2:dc:22:00:ec:3a:c6:
         41:f7:52:08:13:12:00:80:a1:d3:2d:36:0f:d5:82:57:03:ba:
         74:6b:a6:0d:c8:8e:f3:f6:5c:99:8c:1f:f7:31:91:7c:d7:bf:
         f5:31:13:c0:1e:d5:bf:66:05:e6:97:4b:b7:31:f9:03:4c:35:
         9a:45:c3:8b:54:6a:28:26:56:6d:bf:6d:93:f4:9f:e7:d0:a1:
         31:f8:2e:29:52:c8:10:bc:3d:75:e1:77:c1:dc:9b:9b:45:65:
         ef:3c:cb:8e:c9:f6:3c:a2:d4:85:d8:ef:ba:f7:0b:e0:d3:10:
         d8:04:47:28:67:6f:0d:67:3c:91:ec:39:3d:06:dd:d9:87:7c:
         4e:e3:fe:3e:b3:19:26:67:d2:41:eb:b5:37:42:0b:aa:46:4b:
         89:50:6b:a7:1e:ed:10:7c:14:03:5d:38:bd:0b:da:bd:fe:44:
         1e:09:3e:a1:0e:7f:fc:d5:f7:8b:30:86:39:11:74:6c:95:54:
         2c:80:e5:2d:69:ac:28:49:ed:ac:d3:3f:b4:60:96:47:dd:70:
         00:0f:f4:78:fe:1e:eb:ba:52:53:65:2b:86:63:5d:74:7d:76:
         78:fc:ab:5e
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUacrEwnR7TK6RMocNuzp1Fov2gtwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIxMDAwMDAwWhcNMjMwNTI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTU2ZDdhODdmMzIxYTg2ODU1ZTdiODcxMzAwNzY4NzZl
MGNmYmMxNWZmZmUyNzg0YjQzMDk1YWI3NDZiMTM4YjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALLOFAEv+bp0y7aORJtAs1qppzBRwmlHpNqWHkrylnhRO4GiEIkv
4KQdQDPgb9ybrVNHmSsPn5muL/3Wgx62Xsm3WwNvP/W05CER+yNhrMl5PEJsx5aa
9+oFJsGC5RN5GR+wrGoTRNOA+USJ/4sRV7s8G3v0JojUE3SoeBtAnZrEgzJGEz0J
JwfrhtcQ0+cYtYUfOdvfi/ioc1JOm4WtN42QEFOX4jF8zidHBvk2QnLwvUTYpPDh
1It03rhJbr9KbIcYVYDkYyOTuppdnlWiaeCBx2+pUnYlcQGz9rYByVUjR9vOtUOF
EZryNAF2foOtoHKS9W+evmRWgfxXyyrPa5MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTQBQ1cNKn+Kbyafj4gegrpvg6J2TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMmVkOGFkNDAtYzM4NC00OTRkLWI1ZDMtNTk2ZmRkNTg4NzFlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAL8XP2V5mrgI7Qde
er1nm1213XGXaRY1qfsDyvHAwtwiAOw6xkH3UggTEgCAodMtNg/VglcDunRrpg3I
jvP2XJmMH/cxkXzXv/UxE8Ae1b9mBeaXS7cx+QNMNZpFw4tUaigmVm2/bZP0n+fQ
oTH4LilSyBC8PXXhd8Hcm5tFZe88y47J9jyi1IXY77r3C+DTENgERyhnbw1nPJHs
OT0G3dmHfE7j/j6zGSZn0kHrtTdCC6pGS4lQa6ce7RB8FANdOL0L2r3+RB4JPqEO
f/zV94swhjkRdGyVVCyA5S1prChJ7azTP7RglkfdcAAP9Hj+Huu6UlNlK4ZjXXR9
dnj8q14=
-----END CERTIFICATE-----