Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/43a8c452-5606-4888-9235-c1aff6011a3b.roa
File:                     43a8c452-5606-4888-9235-c1aff6011a3b.roa (raw, json)
Hash identifier:          UNfzkNndXAxb1TxymA4kDgBX1CWBOd3zOTFy9UmgqJ0=
Subject key identifier:   D3:B9:99:BA:6A:0B:AC:34:89:1E:76:68:66:11:24:8B:66:E0:18:64
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0F17C6F33772508BC3FFBF017680F518B300A280
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/43a8c452-5606-4888-9235-c1aff6011a3b.roa
Signing time:             Fri 26 May 2023 00:00:00 +0000
ROA not before:           Fri 26 May 2023 00:00:00 +0000
ROA not after:            Mon 29 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:17:c6:f3:37:72:50:8b:c3:ff:bf:01:76:80:f5:18:b3:00:a2:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 26 00:00:00 2023 GMT
            Not After : May 29 23:59:59 2023 GMT
        Subject: serialNumber=783a56373907968c7fd4576024c84d5d97a3d6327be64efd10e6abf6cd408d2e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:0a:41:15:0d:aa:b5:49:ed:21:2a:b5:a5:15:
                    5e:2a:06:c7:e2:e2:6d:84:39:7d:29:65:20:2a:37:
                    c1:eb:23:4e:3b:d9:ce:e3:e2:7a:61:7b:9d:36:50:
                    97:9e:55:cb:42:fa:79:e4:8b:e2:b0:a6:7e:04:b3:
                    61:3b:7f:0e:8b:4d:f5:b2:43:59:e4:7d:6b:3f:50:
                    6b:01:eb:38:64:fd:41:ec:4e:dc:e5:ad:7a:5c:1d:
                    26:41:e5:81:fe:10:0b:b5:cd:5e:0e:4e:f3:b5:40:
                    a8:c6:94:bd:96:c9:c3:ed:89:aa:63:67:72:93:6d:
                    44:19:a4:e9:3f:53:3b:42:6a:d2:f2:b5:23:9e:71:
                    f1:5a:bc:02:02:b9:dc:a0:ea:29:7b:91:51:f3:d3:
                    a6:f3:c3:12:38:d5:0e:ea:4e:0b:d3:61:e5:b8:e3:
                    42:2b:b3:4e:7b:48:c9:2a:bc:b3:14:93:d5:d8:ef:
                    f0:fa:66:db:48:b0:01:25:12:60:b6:a4:8c:52:f9:
                    4b:4f:44:e1:fd:4d:ad:de:d4:3a:a6:ab:0e:f1:c0:
                    20:e0:c9:7f:4e:33:4f:07:fe:64:9e:e8:07:27:ea:
                    49:81:a9:93:c5:95:b3:e2:76:85:79:e4:3c:97:9d:
                    60:ab:f6:d9:cf:10:ce:69:20:c8:b8:f4:e4:32:64:
                    df:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B9:99:BA:6A:0B:AC:34:89:1E:76:68:66:11:24:8B:66:E0:18:64
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/43a8c452-5606-4888-9235-c1aff6011a3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:ea:8f:c5:f1:51:0f:70:a5:01:54:6d:6d:2e:9e:f4:cf:97:
         9e:fc:81:67:35:ae:d7:14:26:30:8f:d4:3b:21:a9:54:2c:55:
         15:51:3b:ff:f9:8e:3a:1d:82:22:5f:f6:1d:fc:d6:60:b6:62:
         29:7e:1f:4c:7a:2a:70:5d:63:47:bb:7e:9b:05:6d:c5:32:94:
         f3:8b:ae:c7:69:3c:13:ef:4d:77:53:6a:9b:d3:38:63:1a:d9:
         e9:bd:c5:ce:dd:54:41:aa:60:3b:9e:cc:f8:d2:9b:7a:f9:c2:
         7e:d4:07:48:27:3e:d7:87:82:bc:fa:ba:1e:de:2a:e2:4a:92:
         9a:2d:91:db:62:fa:d7:de:26:af:5d:bd:c3:76:c7:99:27:11:
         b6:e1:29:99:30:a0:3e:e5:2e:11:c2:ca:43:5e:0a:32:1d:26:
         ac:c3:09:cc:5a:16:2c:99:ad:80:e9:83:8c:c3:62:11:73:07:
         fb:81:90:ee:f8:75:03:97:f9:c3:15:cb:c3:ba:07:c5:76:c2:
         05:e6:e0:13:5d:89:a4:72:f3:34:5b:b5:ef:15:98:af:83:fe:
         b9:95:82:7c:04:36:b9:28:46:83:a2:6b:e1:b1:ab:19:7f:12:
         18:f6:43:62:f3:4d:89:df:aa:51:73:63:22:9f:81:57:76:f7:
         4a:5c:83:c6
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDxfG8zdyUIvD/78BdoD1GLMAooAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI2MDAwMDAwWhcNMjMwNTI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzgzYTU2MzczOTA3OTY4YzdmZDQ1NzYwMjRjODRkNWQ5
N2EzZDYzMjdiZTY0ZWZkMTBlNmFiZjZjZDQwOGQyZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN0KQRUNqrVJ7SEqtaUVXioGx+LibYQ5fSllICo3wesjTjvZzuPi
emF7nTZQl55Vy0L6eeSL4rCmfgSzYTt/DotN9bJDWeR9az9QawHrOGT9QexO3OWt
elwdJkHlgf4QC7XNXg5O87VAqMaUvZbJw+2JqmNncpNtRBmk6T9TO0Jq0vK1I55x
8Vq8AgK53KDqKXuRUfPTpvPDEjjVDupOC9Nh5bjjQiuzTntIySq8sxST1djv8Ppm
20iwASUSYLakjFL5S09E4f1Nrd7UOqarDvHAIODJf04zTwf+ZJ7oByfqSYGpk8WV
s+J2hXnkPJedYKv22c8QzmkgyLj05DJk39MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTTuZm6agusNIkedmhmESSLZuAYZDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDNhOGM0NTItNTYwNi00ODg4LTkyMzUtYzFhZmY2MDExYTNiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHbqj8XxUQ9wpQFU
bW0unvTPl578gWc1rtcUJjCP1DshqVQsVRVRO//5jjodgiJf9h381mC2Yil+H0x6
KnBdY0e7fpsFbcUylPOLrsdpPBPvTXdTapvTOGMa2em9xc7dVEGqYDuezPjSm3r5
wn7UB0gnPteHgrz6uh7eKuJKkpotkdti+tfeJq9dvcN2x5knEbbhKZkwoD7lLhHC
ykNeCjIdJqzDCcxaFiyZrYDpg4zDYhFzB/uBkO74dQOX+cMVy8O6B8V2wgXm4BNd
iaRy8zRbte8VmK+D/rmVgnwENrkoRoOia+Gxqxl/Ehj2Q2LzTYnfqlFzYyKfgVd2
90pcg8Y=
-----END CERTIFICATE-----