Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/39b66169-940a-4928-a551-36cd927ae59e.roa
File:                     39b66169-940a-4928-a551-36cd927ae59e.roa (raw, json)
Hash identifier:          a+brHB6/EtEXyTqAcDPQzBP/eVViehu8t+cHtKlcZXc=
Subject key identifier:   B7:92:A8:5D:34:D7:E9:AB:BF:00:FF:A8:A4:E5:8D:75:C6:DE:30:91
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2B38DF92EBE2D9297BCEC66C27744271AF9FA2A4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/39b66169-940a-4928-a551-36cd927ae59e.roa
Signing time:             Sat 13 May 2023 00:00:00 +0000
ROA not before:           Sat 13 May 2023 00:00:00 +0000
ROA not after:            Tue 16 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:38:df:92:eb:e2:d9:29:7b:ce:c6:6c:27:74:42:71:af:9f:a2:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 13 00:00:00 2023 GMT
            Not After : May 16 23:59:59 2023 GMT
        Subject: serialNumber=a034235b1c68960b97b3e73e4dd06f1e13d0cbaa575fc22b39a13659f6d3902e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7a:c8:ab:7e:e2:9d:df:43:d2:e7:75:0b:ad:
                    ec:6d:e9:75:f3:b7:61:93:82:14:6c:db:0a:9a:bf:
                    48:b1:a9:ac:4f:a0:19:f6:6c:ac:d2:b0:cb:33:df:
                    32:de:fe:3b:a9:e9:be:da:30:0a:f1:cc:61:66:58:
                    84:4f:35:27:5c:46:fd:dc:ee:85:f4:e0:08:4a:0c:
                    db:15:54:0f:09:ad:ce:28:02:25:e4:52:83:43:a2:
                    a6:b3:7e:be:cb:b8:4e:35:f1:7d:c2:66:c9:d9:55:
                    41:2e:96:f3:6a:f8:90:d3:57:b6:22:33:41:1c:07:
                    06:7b:e2:67:4d:c1:8b:2b:2f:fb:f3:e4:7b:4e:35:
                    bd:45:7f:4c:ad:ca:5b:a7:56:2c:df:f3:98:6a:63:
                    67:6a:b6:29:c5:35:4a:8d:95:af:89:c7:ed:32:8d:
                    33:75:a5:9e:7f:42:2e:55:36:29:00:7e:5b:df:bf:
                    35:35:69:72:d8:d5:07:09:18:98:a7:c2:ce:95:08:
                    01:4a:73:2a:af:4c:62:80:d4:9c:96:51:43:3a:30:
                    f5:37:ab:2e:51:6d:45:fa:1c:f9:68:22:f1:65:65:
                    bb:ab:fb:86:e4:3b:25:f6:de:fe:ac:46:47:c4:1d:
                    90:2f:b8:e6:cf:32:7a:df:eb:aa:3b:4e:17:5b:85:
                    2a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:92:A8:5D:34:D7:E9:AB:BF:00:FF:A8:A4:E5:8D:75:C6:DE:30:91
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/39b66169-940a-4928-a551-36cd927ae59e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:94:78:93:21:e0:f3:fd:16:b3:7e:5d:98:8e:74:21:97:b5:
         86:d7:d2:78:be:6d:60:ff:6e:76:dd:7f:19:74:e4:2e:d9:59:
         70:83:6a:a3:32:53:7f:0d:fc:6c:83:49:a2:72:9a:7a:28:fd:
         2c:e9:fd:91:11:32:10:0e:a1:3b:53:ad:78:ed:43:7d:14:84:
         03:bd:b1:77:3f:fe:d9:32:10:e2:90:1e:2d:1e:96:c2:d4:69:
         5e:98:19:8b:19:ee:e5:18:c3:5b:ca:8a:7c:9d:51:6e:b5:f9:
         d9:a5:05:f7:da:cb:89:6c:a6:f7:42:58:38:41:fa:bd:33:92:
         8d:ab:04:1e:8f:ab:53:af:b4:9c:59:cc:26:54:54:de:11:e6:
         a4:9b:24:ee:73:52:9e:12:15:58:d8:ed:ff:29:71:88:88:a9:
         8f:0f:9c:4f:09:74:d1:b1:d8:de:ec:a3:39:66:bf:e0:4c:ae:
         e3:83:f2:59:f3:64:93:6c:03:16:d0:a9:8a:28:9f:d6:46:ae:
         36:ff:fa:da:e0:b6:d6:53:89:16:48:27:26:6e:5e:2d:81:b1:
         b5:a8:52:be:a4:36:69:a5:32:2e:4d:d2:15:af:88:06:26:55:
         0a:6a:88:de:83:60:eb:3a:9c:08:fa:dc:44:15:32:d9:19:bd:
         69:df:ec:75
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKzjfkuvi2Sl7zsZsJ3RCca+foqQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTEzMDAwMDAwWhcNMjMwNTE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTAzNDIzNWIxYzY4OTYwYjk3YjNlNzNlNGRkMDZmMWUx
M2QwY2JhYTU3NWZjMjJiMzlhMTM2NTlmNmQzOTAyZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL16yKt+4p3fQ9LndQut7G3pdfO3YZOCFGzbCpq/SLGprE+gGfZs
rNKwyzPfMt7+O6npvtowCvHMYWZYhE81J1xG/dzuhfTgCEoM2xVUDwmtzigCJeRS
g0OiprN+vsu4TjXxfcJmydlVQS6W82r4kNNXtiIzQRwHBnviZ03Biysv+/Pke041
vUV/TK3KW6dWLN/zmGpjZ2q2KcU1So2Vr4nH7TKNM3Wlnn9CLlU2KQB+W9+/NTVp
ctjVBwkYmKfCzpUIAUpzKq9MYoDUnJZRQzow9TerLlFtRfoc+Wgi8WVlu6v7huQ7
Jfbe/qxGR8QdkC+45s8yet/rqjtOF1uFKrsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS3kqhdNNfpq78A/6ik5Y11xt4wkTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzliNjYxNjktOTQwYS00OTI4LWE1NTEtMzZjZDkyN2FlNTllLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALCUeJMh4PP9FrN+
XZiOdCGXtYbX0ni+bWD/bnbdfxl05C7ZWXCDaqMyU38N/GyDSaJymnoo/Szp/ZER
MhAOoTtTrXjtQ30UhAO9sXc//tkyEOKQHi0elsLUaV6YGYsZ7uUYw1vKinydUW61
+dmlBffay4lspvdCWDhB+r0zko2rBB6Pq1OvtJxZzCZUVN4R5qSbJO5zUp4SFVjY
7f8pcYiIqY8PnE8JdNGx2N7sozlmv+BMruOD8lnzZJNsAxbQqYoon9ZGrjb/+trg
ttZTiRZIJyZuXi2BsbWoUr6kNmmlMi5N0hWviAYmVQpqiN6DYOs6nAj63EQVMtkZ
vWnf7HU=
-----END CERTIFICATE-----