Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3fa7b188-2c71-438f-a012-04e15dbed886.roa
File:                     3fa7b188-2c71-438f-a012-04e15dbed886.roa (raw, json)
Hash identifier:          dPi9iSk852q9bTv26LK4mazFipFCjEu49lyLKmk12Oo=
Subject key identifier:   BA:C4:0B:0E:DA:67:AB:8E:1D:C9:7E:4D:33:9A:6C:BC:D4:1A:52:C9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       57134B9F380F1B42CC250581132B441109ABC65A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3fa7b188-2c71-438f-a012-04e15dbed886.roa
Signing time:             Tue 16 May 2023 00:00:00 +0000
ROA not before:           Tue 16 May 2023 00:00:00 +0000
ROA not after:            Fri 19 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:13:4b:9f:38:0f:1b:42:cc:25:05:81:13:2b:44:11:09:ab:c6:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 16 00:00:00 2023 GMT
            Not After : May 19 23:59:59 2023 GMT
        Subject: serialNumber=5752a7e0a156d317952f129e1ea4fe33ffb7bcd6f811105267b8065246882724, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:25:62:66:7b:d3:15:90:81:17:a7:4b:7c:77:
                    0f:4f:74:a3:3f:8e:a0:04:40:c5:13:5c:fe:24:ae:
                    45:01:1e:86:77:32:82:e5:0d:9b:fa:84:0d:05:5c:
                    69:f6:e8:bc:c7:a2:be:09:5e:d8:b7:cb:b9:50:29:
                    da:d2:8a:82:60:d5:ea:24:9c:de:53:b2:06:c1:35:
                    34:52:aa:19:5d:98:58:d5:6a:57:06:ee:39:57:e3:
                    22:50:e4:dd:b3:34:22:1c:20:c5:25:3e:7a:5d:36:
                    38:87:40:36:14:e3:5b:9b:c8:45:82:39:45:73:e2:
                    89:f0:20:41:22:82:1e:ab:88:0e:5a:f2:18:31:39:
                    48:b5:d2:05:3a:aa:f3:9f:df:c9:60:1d:de:c2:fb:
                    af:11:62:fe:38:eb:b1:94:98:54:c4:24:c3:0e:42:
                    9b:2a:50:e6:00:f3:ee:dc:7e:85:6d:ab:d0:68:e0:
                    bc:ae:a9:97:f9:2b:f4:a0:2f:60:63:9f:ce:6f:14:
                    74:68:86:0f:2f:a1:f7:11:22:58:51:63:3a:a1:1b:
                    af:26:1a:56:4e:83:0d:41:51:7a:f3:91:5a:d6:0f:
                    f3:d9:11:1b:a4:66:90:86:13:26:e7:0d:08:24:a8:
                    4a:bf:0b:7e:2e:0f:cb:f1:7a:32:00:b3:45:24:78:
                    29:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:C4:0B:0E:DA:67:AB:8E:1D:C9:7E:4D:33:9A:6C:BC:D4:1A:52:C9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3fa7b188-2c71-438f-a012-04e15dbed886.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d0:96:a1:0c:a5:d8:22:88:0a:c8:a6:5c:01:b6:18:13:8a:
         32:20:4e:be:ce:95:70:a7:ec:dc:e5:f0:f8:00:e8:59:47:a8:
         47:c7:27:b4:da:5f:f2:75:e6:c1:91:12:fa:98:5f:af:20:79:
         88:91:1a:90:23:05:3b:6c:9f:f1:59:5e:d9:11:4b:74:e6:07:
         3c:1e:cc:a8:8d:e7:ce:d3:5a:d9:de:ce:80:1d:76:d6:ae:54:
         90:c2:6b:ae:55:7c:6f:24:52:19:17:00:fe:d2:d9:15:e5:67:
         84:e3:ad:cd:1b:00:3d:3d:99:5a:68:b2:36:4c:8b:7a:cb:75:
         46:cf:60:07:cf:bf:cf:43:ea:d2:52:67:55:89:38:15:17:4a:
         30:fb:37:76:c2:0a:e8:01:b7:8a:3c:32:8c:17:d6:07:b7:a1:
         27:bd:d9:ae:fb:99:80:d4:79:39:4e:eb:76:74:55:c1:52:e7:
         84:0f:65:fd:39:9e:85:cb:bf:39:c1:df:4a:f0:5d:64:6d:96:
         00:8f:4c:0d:a6:10:12:7f:78:35:16:9a:8d:81:d3:f1:c3:19:
         33:5c:b2:13:8b:d5:48:38:d6:0a:f2:18:0b:6a:5f:d3:b3:bb:
         db:e6:c1:25:e8:0d:f9:f1:02:7b:30:6b:df:6c:6e:85:14:a4:
         a3:46:0f:18
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVxNLnzgPG0LMJQWBEytEEQmrxlowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE2MDAwMDAwWhcNMjMwNTE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTc1MmE3ZTBhMTU2ZDMxNzk1MmYxMjllMWVhNGZlMzNm
ZmI3YmNkNmY4MTExMDUyNjdiODA2NTI0Njg4MjcyNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ8lYmZ70xWQgRenS3x3D090oz+OoARAxRNc/iSuRQEehncyguUN
m/qEDQVcafbovMeivgle2LfLuVAp2tKKgmDV6iSc3lOyBsE1NFKqGV2YWNVqVwbu
OVfjIlDk3bM0IhwgxSU+el02OIdANhTjW5vIRYI5RXPiifAgQSKCHquIDlryGDE5
SLXSBTqq85/fyWAd3sL7rxFi/jjrsZSYVMQkww5CmypQ5gDz7tx+hW2r0GjgvK6p
l/kr9KAvYGOfzm8UdGiGDy+h9xEiWFFjOqEbryYaVk6DDUFRevORWtYP89kRG6Rm
kIYTJucNCCSoSr8Lfi4Py/F6MgCzRSR4KcsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS6xAsO2merjh3Jfk0zmmy81BpSyTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2ZhN2IxODgtMmM3MS00MzhmLWEwMTItMDRlMTVkYmVkODg2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADDQlqEMpdgiiArI
plwBthgTijIgTr7OlXCn7Nzl8PgA6FlHqEfHJ7TaX/J15sGREvqYX68geYiRGpAj
BTtsn/FZXtkRS3TmBzwezKiN587TWtnezoAddtauVJDCa65VfG8kUhkXAP7S2RXl
Z4Tjrc0bAD09mVposjZMi3rLdUbPYAfPv89D6tJSZ1WJOBUXSjD7N3bCCugBt4o8
MowX1ge3oSe92a77mYDUeTlO63Z0VcFS54QPZf05noXLvznB30rwXWRtlgCPTA2m
EBJ/eDUWmo2B0/HDGTNcshOL1Ug41gryGAtqX9Ozu9vmwSXoDfnxAnswa99sboUU
pKNGDxg=
-----END CERTIFICATE-----