Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/432e6104-f752-4c46-84da-fe718399e419.roa
File:                     432e6104-f752-4c46-84da-fe718399e419.roa (raw, json)
Hash identifier:          LnCWnfen7VBqJPal1oEQbp8pMW3us6IC7QDFrgp5aVw=
Subject key identifier:   B2:FF:CB:BA:D2:F9:05:81:29:2C:9B:89:53:5F:65:55:D5:FF:C8:40
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5BB356FEEDD30E72ACEE414FE51FBDAF1E9F2E82
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/432e6104-f752-4c46-84da-fe718399e419.roa
Signing time:             Sat 20 May 2023 00:00:00 +0000
ROA not before:           Sat 20 May 2023 00:00:00 +0000
ROA not after:            Tue 23 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:b3:56:fe:ed:d3:0e:72:ac:ee:41:4f:e5:1f:bd:af:1e:9f:2e:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 20 00:00:00 2023 GMT
            Not After : May 23 23:59:59 2023 GMT
        Subject: serialNumber=8ccc57bc202f5ea660489cfe2e9dee662a65d233bf2c9a9539796ba180d6da76, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7b:f6:2a:12:cc:bd:4e:10:45:40:8e:6c:5f:
                    2d:84:23:33:ae:d8:af:f9:e0:23:91:ad:4f:82:3f:
                    da:df:bc:e5:01:05:b6:1c:d8:ae:dd:22:29:79:03:
                    13:15:0d:fa:bf:d6:19:35:07:35:04:83:86:98:c3:
                    fa:95:12:0e:a7:4d:47:02:a1:50:42:bf:14:18:bf:
                    a0:c5:ed:c1:44:cd:af:6a:53:7e:d9:94:cc:9e:5e:
                    4a:09:47:b8:43:d9:bc:de:76:06:b1:ce:8b:0c:75:
                    0e:ec:b5:55:97:ad:fe:10:1d:bb:c1:00:e9:cd:5a:
                    3f:7d:4f:e6:a2:61:6b:c4:3d:f6:22:92:8f:6a:b3:
                    35:d8:f3:83:8a:7c:67:68:cc:8d:ab:7f:e0:61:4a:
                    89:1e:75:00:65:dd:24:14:b5:8e:19:6c:93:d7:48:
                    30:46:b9:c6:c3:85:dc:32:fa:fd:51:61:ac:ac:c0:
                    7a:24:51:97:db:81:d1:c3:63:d0:9a:20:eb:0a:ef:
                    54:28:6a:e6:04:0f:d2:f4:99:98:b9:68:62:54:1b:
                    a6:90:e9:03:f1:c4:ef:00:8d:70:4a:c6:26:12:35:
                    69:c3:17:87:5f:cd:d4:02:ea:0f:db:97:0e:cd:6b:
                    5d:4a:8e:d8:99:58:6a:d4:b3:65:d0:00:d3:00:11:
                    c5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:FF:CB:BA:D2:F9:05:81:29:2C:9B:89:53:5F:65:55:D5:FF:C8:40
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/432e6104-f752-4c46-84da-fe718399e419.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:b1:f5:70:dc:f8:73:2e:94:11:aa:5b:49:3c:92:dc:53:08:
         d3:d5:25:1e:ed:12:40:9c:f4:6b:3e:bc:26:19:15:7b:b1:86:
         0d:39:79:9a:c2:4a:3a:dd:8b:63:b5:19:57:6c:d5:ef:34:a0:
         86:2e:dd:7a:55:20:b6:f8:e5:d1:29:eb:b8:a9:55:85:61:68:
         de:71:75:71:7c:87:80:fe:bc:36:24:27:0e:d7:68:bc:5e:a8:
         54:d4:0b:2c:5e:eb:39:80:6a:0b:61:f0:1f:19:36:dc:a8:f0:
         f7:64:4d:00:e8:c0:c6:10:9b:1d:21:ef:3a:2a:ec:31:73:8d:
         3d:3b:11:a1:f7:65:4f:10:fc:1a:b6:25:cf:59:07:93:31:1e:
         60:df:ec:d4:97:70:2d:64:61:af:85:ac:8b:17:12:d4:a4:68:
         b3:39:d5:ec:4d:82:78:72:5a:4d:66:bb:34:0a:cb:17:35:51:
         58:88:8c:7b:33:69:57:3c:19:b7:dd:50:4d:81:94:e0:05:f5:
         ec:b4:be:be:a0:04:b2:e1:64:ce:75:52:2e:e4:b6:41:e3:51:
         cd:6b:31:dd:6c:3f:31:1f:6c:0b:2e:63:fa:1f:eb:3e:7a:f8:
         61:9f:e3:c9:25:0c:ad:89:10:e6:52:a2:fc:15:bd:b3:84:82:
         88:8c:95:48
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUW7NW/u3TDnKs7kFP5R+9rx6fLoIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIwMDAwMDAwWhcNMjMwNTIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOGNjYzU3YmMyMDJmNWVhNjYwNDg5Y2ZlMmU5ZGVlNjYy
YTY1ZDIzM2JmMmM5YTk1Mzk3OTZiYTE4MGQ2ZGE3NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKh79ioSzL1OEEVAjmxfLYQjM67Yr/ngI5GtT4I/2t+85QEFthzY
rt0iKXkDExUN+r/WGTUHNQSDhpjD+pUSDqdNRwKhUEK/FBi/oMXtwUTNr2pTftmU
zJ5eSglHuEPZvN52BrHOiwx1Duy1VZet/hAdu8EA6c1aP31P5qJha8Q99iKSj2qz
Ndjzg4p8Z2jMjat/4GFKiR51AGXdJBS1jhlsk9dIMEa5xsOF3DL6/VFhrKzAeiRR
l9uB0cNj0Jog6wrvVChq5gQP0vSZmLloYlQbppDpA/HE7wCNcErGJhI1acMXh1/N
1ALqD9uXDs1rXUqO2JlYatSzZdAA0wARxVkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSy/8u60vkFgSksm4lTX2VV1f/IQDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDMyZTYxMDQtZjc1Mi00YzQ2LTg0ZGEtZmU3MTgzOTllNDE5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAACx9XDc+HMulBGq
W0k8ktxTCNPVJR7tEkCc9Gs+vCYZFXuxhg05eZrCSjrdi2O1GVds1e80oIYu3XpV
ILb45dEp67ipVYVhaN5xdXF8h4D+vDYkJw7XaLxeqFTUCyxe6zmAagth8B8ZNtyo
8PdkTQDowMYQmx0h7zoq7DFzjT07EaH3ZU8Q/Bq2Jc9ZB5MxHmDf7NSXcC1kYa+F
rIsXEtSkaLM51exNgnhyWk1muzQKyxc1UViIjHszaVc8GbfdUE2BlOAF9ey0vr6g
BLLhZM51Ui7ktkHjUc1rMd1sPzEfbAsuY/of6z56+GGf48klDK2JEOZSovwVvbOE
goiMlUg=
-----END CERTIFICATE-----