Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41cf5dd2-b916-4386-be76-794d5f3dd853.roa
File:                     41cf5dd2-b916-4386-be76-794d5f3dd853.roa (raw, json)
Hash identifier:          nGNH5ItRaph0u6HAhf36eo/LYgB3TyQHLPaDDTPPdZk=
Subject key identifier:   2D:DD:74:5F:C6:9D:0E:EC:A1:67:B0:CC:E5:5D:AF:19:FF:52:7E:ED
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1B0A2AC5C55926AEEF7C5AA1B14BB40F711FA3B5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41cf5dd2-b916-4386-be76-794d5f3dd853.roa
Signing time:             Wed 31 May 2023 00:00:00 +0000
ROA not before:           Wed 31 May 2023 00:00:00 +0000
ROA not after:            Sat 03 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:0a:2a:c5:c5:59:26:ae:ef:7c:5a:a1:b1:4b:b4:0f:71:1f:a3:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 31 00:00:00 2023 GMT
            Not After : Jun  3 23:59:59 2023 GMT
        Subject: serialNumber=8a9fdc1f0b02ab61890f2514aaa1e811b0ffb77636d88b2c0ea1c93f363c502d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:00:cf:63:e6:c3:88:b0:5b:00:25:dd:cd:92:
                    d7:3c:74:fa:58:8b:ab:52:de:c9:51:a5:fc:0a:44:
                    5a:a2:52:9e:e2:f3:17:8f:b2:ac:95:bb:59:d4:a0:
                    6f:57:d0:25:68:b9:d9:03:cf:ce:b7:c6:56:59:f9:
                    1d:fd:5d:d9:90:a3:72:0f:c4:b3:fd:81:78:20:07:
                    05:f6:4f:d1:29:23:1a:e8:53:79:b2:20:d5:8d:2e:
                    77:5c:13:77:0c:c5:ca:f2:16:36:30:c2:10:40:2d:
                    12:3d:26:1f:18:a9:a6:00:36:3c:b1:f2:72:f8:41:
                    71:68:4c:e3:67:f4:e7:0f:74:26:19:0b:cb:34:94:
                    c9:35:3b:87:e2:1b:69:10:3f:08:81:e6:97:5d:f0:
                    cf:cd:41:5a:48:6f:d5:68:e5:c3:51:20:f2:bd:7d:
                    ec:9d:cb:e8:b1:e4:74:e9:c8:af:64:4d:0a:f5:2e:
                    38:f2:45:3a:f3:aa:47:09:e5:62:4a:4b:9f:20:6b:
                    48:3a:c5:eb:cf:46:14:76:81:20:ad:c6:23:cd:59:
                    e6:72:2c:37:5b:c6:3d:7d:51:f5:ee:15:b6:96:88:
                    12:e2:b5:eb:98:19:b6:c9:6d:69:cc:f0:d9:43:71:
                    5f:a0:cd:bd:82:c7:b8:2b:48:42:5a:5a:cf:29:41:
                    bc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:DD:74:5F:C6:9D:0E:EC:A1:67:B0:CC:E5:5D:AF:19:FF:52:7E:ED
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41cf5dd2-b916-4386-be76-794d5f3dd853.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:46:d3:73:0e:50:c4:10:98:07:46:88:48:a9:41:24:00:44:
         b8:28:07:38:7c:17:3b:41:40:73:84:6c:34:21:df:03:bd:22:
         1e:10:d7:44:03:89:af:e1:30:7e:23:93:1e:b9:87:eb:19:8d:
         8c:0f:0b:b1:82:15:e5:f1:83:a4:d3:54:0a:4e:71:c4:54:82:
         36:a3:29:1c:b1:59:d7:95:9e:e1:68:c0:56:5e:81:a2:c5:29:
         7c:69:d7:15:91:72:bc:19:b6:60:2b:94:cd:92:65:e1:29:03:
         63:93:55:82:c5:2e:e7:10:ff:1b:b2:38:02:48:fa:2e:8d:fd:
         90:df:2a:ff:81:66:69:99:74:b2:cc:b2:f1:39:94:38:ce:53:
         25:21:b6:9a:00:77:5b:91:da:cb:30:c7:98:de:88:80:9e:fc:
         02:c6:32:b3:7f:dc:5e:50:7a:1b:d7:42:4c:66:a4:f3:f5:e4:
         6d:0a:bc:a3:68:1f:4b:e5:45:2a:12:50:84:8a:ab:72:ee:73:
         a4:d2:e5:15:c8:3b:a2:a7:68:0a:7c:ab:5c:6d:2d:cd:df:eb:
         76:ea:07:89:c0:92:5e:f8:5b:41:49:43:5a:3d:92:18:33:af:
         de:f9:07:3a:d3:a8:90:1d:4c:f6:54:18:c8:38:a2:7b:e6:bd:
         30:e7:36:39
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGwoqxcVZJq7vfFqhsUu0D3Efo7UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTMxMDAwMDAwWhcNMjMwNjAzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOGE5ZmRjMWYwYjAyYWI2MTg5MGYyNTE0YWFhMWU4MTFi
MGZmYjc3NjM2ZDg4YjJjMGVhMWM5M2YzNjNjNTAyZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMwAz2Pmw4iwWwAl3c2S1zx0+liLq1LeyVGl/ApEWqJSnuLzF4+y
rJW7WdSgb1fQJWi52QPPzrfGVln5Hf1d2ZCjcg/Es/2BeCAHBfZP0SkjGuhTebIg
1Y0ud1wTdwzFyvIWNjDCEEAtEj0mHxippgA2PLHycvhBcWhM42f05w90JhkLyzSU
yTU7h+IbaRA/CIHml13wz81BWkhv1Wjlw1Eg8r197J3L6LHkdOnIr2RNCvUuOPJF
OvOqRwnlYkpLnyBrSDrF689GFHaBIK3GI81Z5nIsN1vGPX1R9e4VtpaIEuK165gZ
tsltaczw2UNxX6DNvYLHuCtIQlpazylBvC8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQt3XRfxp0O7KFnsMzlXa8Z/1J+7TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDFjZjVkZDItYjkxNi00Mzg2LWJlNzYtNzk0ZDVmM2RkODUzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ5G03MOUMQQmAdG
iEipQSQARLgoBzh8FztBQHOEbDQh3wO9Ih4Q10QDia/hMH4jkx65h+sZjYwPC7GC
FeXxg6TTVApOccRUgjajKRyxWdeVnuFowFZegaLFKXxp1xWRcrwZtmArlM2SZeEp
A2OTVYLFLucQ/xuyOAJI+i6N/ZDfKv+BZmmZdLLMsvE5lDjOUyUhtpoAd1uR2ssw
x5jeiICe/ALGMrN/3F5QehvXQkxmpPP15G0KvKNoH0vlRSoSUISKq3Luc6TS5RXI
O6KnaAp8q1xtLc3f63bqB4nAkl74W0FJQ1o9khgzr975BzrTqJAdTPZUGMg4onvm
vTDnNjk=
-----END CERTIFICATE-----