Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2ef2b90a-9790-47a6-93fa-00938503bb28.roa
File:                     2ef2b90a-9790-47a6-93fa-00938503bb28.roa (raw, json)
Hash identifier:          8kYeAA1WWObu0msUtPOStnNzE6h7xLXUzhs7H62kF+8=
Subject key identifier:   83:73:3C:B9:53:B5:20:5E:BE:AE:8C:5A:CA:B0:35:A1:42:89:3D:42
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6268E10AE5310C84CCF52C756ECD57C50B4C9FEA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2ef2b90a-9790-47a6-93fa-00938503bb28.roa
Signing time:             Wed 24 May 2023 00:00:00 +0000
ROA not before:           Wed 24 May 2023 00:00:00 +0000
ROA not after:            Sat 27 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:68:e1:0a:e5:31:0c:84:cc:f5:2c:75:6e:cd:57:c5:0b:4c:9f:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 24 00:00:00 2023 GMT
            Not After : May 27 23:59:59 2023 GMT
        Subject: serialNumber=fef813f67932e3dc9ac7798806f40f442e012dff21e2d85f0f825d2dba17cdb2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:4b:cf:aa:fa:2b:f7:9a:68:0b:bf:7f:82:32:
                    05:d5:d0:fb:2c:41:26:17:ff:62:dd:38:b7:c0:bf:
                    4f:87:32:37:ee:f9:07:42:80:6b:aa:99:07:c2:a2:
                    64:df:09:75:5a:00:6e:3c:53:4c:4e:36:4c:dd:ad:
                    fa:ad:7f:81:bf:34:c5:5e:18:fd:e4:3d:21:68:64:
                    a3:70:b6:f5:12:a7:2a:28:20:4e:e7:5e:4c:ac:b7:
                    6b:c3:7a:14:ae:2c:55:38:ed:ee:f4:eb:e1:29:a4:
                    d3:82:7a:45:3d:13:0c:b4:5f:7a:37:62:0a:b3:13:
                    c8:29:8e:44:7a:14:2d:07:8c:7f:77:39:33:7c:f9:
                    40:b0:3e:a0:e0:b9:a0:e0:a3:c3:e3:fe:cf:f6:cd:
                    a3:5a:46:19:ae:05:8f:f5:85:ec:d8:ee:e7:c0:32:
                    ae:6e:b8:4c:2a:40:cd:b2:13:06:76:f9:80:2c:fb:
                    49:ef:a5:f3:fb:a8:9f:07:9f:4b:62:77:65:8e:b7:
                    6a:20:30:3f:0a:a6:f5:4c:ab:c5:35:2f:5c:e5:c9:
                    29:a6:9b:4c:f5:ca:16:a1:b8:c1:93:94:4e:25:88:
                    98:ad:ae:39:05:49:c6:6d:4a:dd:c1:2d:5d:ef:e4:
                    08:a3:73:0f:88:3b:e2:2b:4b:e8:03:1d:45:6c:c3:
                    d4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:73:3C:B9:53:B5:20:5E:BE:AE:8C:5A:CA:B0:35:A1:42:89:3D:42
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2ef2b90a-9790-47a6-93fa-00938503bb28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:96:93:e9:ea:b4:c0:e0:e2:e6:b8:96:a7:54:1e:27:7b:80:
         15:b5:68:b3:47:30:65:23:df:03:b4:fa:a0:41:c4:6b:a1:7d:
         e7:b5:72:48:d9:6b:a0:33:b4:f1:d6:7e:c5:c8:86:03:8d:1f:
         91:54:36:c6:fd:d2:d1:0c:cb:bb:3f:f9:aa:7c:f6:f7:ad:66:
         cc:fb:d7:d0:7f:c8:b6:5e:22:af:b3:9d:9c:05:c0:02:76:a3:
         bb:e2:e9:f3:24:a5:37:cb:2c:b9:5f:5d:28:47:82:ca:e3:8a:
         20:35:23:40:61:3d:bf:c9:d5:bf:97:2d:05:91:92:f7:c5:32:
         30:1d:a3:e2:e5:b1:5d:ec:35:a3:3e:2b:65:ea:39:fb:58:0e:
         f6:30:0f:9f:16:cb:03:75:0b:e8:8b:b5:b8:82:3f:3c:94:ac:
         77:72:f7:b8:01:4c:b6:cc:7b:c1:84:bb:54:d9:83:0b:59:2f:
         9a:f6:af:10:88:b1:c3:6d:08:77:28:5e:e3:76:c0:56:0c:75:
         c6:c9:53:57:ac:8d:8c:d4:65:a6:f6:88:e1:d2:6e:02:5d:32:
         b2:9c:f0:2d:db:4b:10:3d:4a:49:b5:0d:aa:55:9b:c3:86:68:
         59:5b:93:a9:94:a8:a5:eb:1f:67:33:77:8e:1d:78:6b:be:39:
         21:66:6b:6d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYmjhCuUxDITM9Sx1bs1XxQtMn+owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI0MDAwMDAwWhcNMjMwNTI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmVmODEzZjY3OTMyZTNkYzlhYzc3OTg4MDZmNDBmNDQy
ZTAxMmRmZjIxZTJkODVmMGY4MjVkMmRiYTE3Y2RiMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJhLz6r6K/eaaAu/f4IyBdXQ+yxBJhf/Yt04t8C/T4cyN+75B0KA
a6qZB8KiZN8JdVoAbjxTTE42TN2t+q1/gb80xV4Y/eQ9IWhko3C29RKnKiggTude
TKy3a8N6FK4sVTjt7vTr4Smk04J6RT0TDLRfejdiCrMTyCmORHoULQeMf3c5M3z5
QLA+oOC5oOCjw+P+z/bNo1pGGa4Fj/WF7Nju58Ayrm64TCpAzbITBnb5gCz7Se+l
8/uonwefS2J3ZY63aiAwPwqm9UyrxTUvXOXJKaabTPXKFqG4wZOUTiWImK2uOQVJ
xm1K3cEtXe/kCKNzD4g74itL6AMdRWzD1FUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSDczy5U7UgXr6ujFrKsDWhQok9QjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMmVmMmI5MGEtOTc5MC00N2E2LTkzZmEtMDA5Mzg1MDNiYjI4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFWWk+nqtMDg4ua4
lqdUHid7gBW1aLNHMGUj3wO0+qBBxGuhfee1ckjZa6AztPHWfsXIhgONH5FUNsb9
0tEMy7s/+ap89vetZsz719B/yLZeIq+znZwFwAJ2o7vi6fMkpTfLLLlfXShHgsrj
iiA1I0BhPb/J1b+XLQWRkvfFMjAdo+LlsV3sNaM+K2XqOftYDvYwD58WywN1C+iL
tbiCPzyUrHdy97gBTLbMe8GEu1TZgwtZL5r2rxCIscNtCHcoXuN2wFYMdcbJU1es
jYzUZab2iOHSbgJdMrKc8C3bSxA9Skm1DapVm8OGaFlbk6mUqKXrH2czd44deGu+
OSFma20=
-----END CERTIFICATE-----