Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/51b3e07c-d677-4d78-9144-a9d7be89bd09.roa
File:                     51b3e07c-d677-4d78-9144-a9d7be89bd09.roa (raw, json)
Hash identifier:          Xn+aGI7QjqQk5NaPKxxtng0JTYvcWtroypDuERvOFbk=
Subject key identifier:   88:57:94:7D:5A:3C:62:68:EE:A8:34:B7:21:17:94:1D:13:97:79:18
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       20338D14F4850F2644D78F790FB2E095EE87124E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/51b3e07c-d677-4d78-9144-a9d7be89bd09.roa
Signing time:             Fri 12 May 2023 00:00:00 +0000
ROA not before:           Fri 12 May 2023 00:00:00 +0000
ROA not after:            Mon 15 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:33:8d:14:f4:85:0f:26:44:d7:8f:79:0f:b2:e0:95:ee:87:12:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 12 00:00:00 2023 GMT
            Not After : May 15 23:59:59 2023 GMT
        Subject: serialNumber=d41d52deabe2e87976f3808c53ac0f4a3fa6c318341bac649a35f69ed221d043, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:46:ba:39:6e:33:ee:07:9e:72:31:dc:44:3a:
                    91:81:08:60:45:ff:14:56:85:fc:66:6f:fc:36:34:
                    51:f8:bc:50:7f:8b:ea:d2:56:38:e1:5e:a3:69:01:
                    6c:1a:6f:b2:6a:9e:2c:d8:b5:0e:80:2b:81:f1:ec:
                    b9:da:48:e2:f4:b7:99:5d:84:46:de:0d:12:28:c7:
                    dc:ad:21:a9:a1:04:3e:80:f4:e9:a4:dc:10:61:ff:
                    fe:40:da:0e:2f:9f:9c:e6:7f:5c:77:f4:f8:84:83:
                    fd:42:62:41:a7:4b:25:a1:50:12:d9:f3:c3:af:52:
                    4a:3d:14:73:0c:5c:6a:b0:bc:7b:f5:97:a5:b5:1c:
                    80:5f:ba:38:c1:8d:86:88:6a:2e:07:66:31:88:3e:
                    21:a1:0c:45:b4:52:45:e9:f3:9e:ef:a1:c1:2c:ce:
                    ca:33:d9:cc:26:31:05:be:9a:7a:08:e2:9f:7b:eb:
                    de:bb:b3:55:10:45:b8:ab:8c:b1:52:27:0e:7d:55:
                    a2:de:bb:af:6b:d2:bd:e8:fc:dc:82:e5:6f:8b:b1:
                    cb:dc:7b:2b:e5:e1:68:f1:e3:de:cd:66:80:f4:a0:
                    8c:08:d2:c1:3e:5b:b4:bb:e5:5f:c0:e6:32:43:c4:
                    14:b2:f3:4f:99:d1:3b:27:03:d7:2e:2e:1d:f0:b8:
                    8e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:57:94:7D:5A:3C:62:68:EE:A8:34:B7:21:17:94:1D:13:97:79:18
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/51b3e07c-d677-4d78-9144-a9d7be89bd09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:55:dc:a8:ed:73:2f:2f:de:24:50:37:cc:aa:af:61:29:ac:
         61:7d:28:e6:f7:4b:7f:d5:6c:f4:75:9b:90:0c:8d:42:2f:af:
         ca:ec:ea:10:94:99:40:57:e4:f4:e9:03:b8:41:72:54:c0:3a:
         69:06:5c:cf:42:92:f8:b2:73:20:d3:f6:cb:e8:ab:40:c9:f5:
         ce:43:55:cb:48:e1:42:f1:aa:5f:f3:80:c1:5d:de:1c:4d:67:
         5e:b8:61:04:b7:df:b0:56:50:bc:ed:16:cd:8f:04:cd:31:97:
         f9:02:05:0a:a9:b2:44:18:c0:3d:c7:c3:c7:34:74:8a:12:42:
         c6:f4:5f:72:6e:fb:e1:e5:8b:45:ef:f8:c0:03:04:90:4d:91:
         8d:82:b9:3b:9d:cf:5f:9e:c8:1d:e6:2f:80:cf:89:df:3a:17:
         9b:f9:5d:a9:cc:4d:37:d4:72:68:a4:22:2b:ee:23:f0:a1:3f:
         a8:ed:61:e7:65:19:e3:69:ae:87:ff:bc:8f:51:0a:aa:c5:8f:
         0a:53:48:21:2d:c1:bc:44:ea:c6:a6:56:a7:7d:92:d9:21:80:
         43:a7:8e:26:b2:ce:16:14:4a:92:40:0d:ab:ab:49:aa:32:96:
         8f:e2:a9:b7:1a:46:91:0a:95:eb:8d:49:12:1e:5a:a4:51:d7:
         e9:8f:d0:83
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIDONFPSFDyZE1495D7Lgle6HEk4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTEyMDAwMDAwWhcNMjMwNTE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDQxZDUyZGVhYmUyZTg3OTc2ZjM4MDhjNTNhYzBmNGEz
ZmE2YzMxODM0MWJhYzY0OWEzNWY2OWVkMjIxZDA0MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALFGujluM+4HnnIx3EQ6kYEIYEX/FFaF/GZv/DY0Ufi8UH+L6tJW
OOFeo2kBbBpvsmqeLNi1DoArgfHsudpI4vS3mV2ERt4NEijH3K0hqaEEPoD06aTc
EGH//kDaDi+fnOZ/XHf0+ISD/UJiQadLJaFQEtnzw69SSj0UcwxcarC8e/WXpbUc
gF+6OMGNhohqLgdmMYg+IaEMRbRSRenznu+hwSzOyjPZzCYxBb6aegjin3vr3ruz
VRBFuKuMsVInDn1Vot67r2vSvej83ILlb4uxy9x7K+XhaPHj3s1mgPSgjAjSwT5b
tLvlX8DmMkPEFLLzT5nROycD1y4uHfC4jkMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSIV5R9WjxiaO6oNLchF5QdE5d5GDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTFiM2UwN2MtZDY3Ny00ZDc4LTkxNDQtYTlkN2JlODliZDA5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGJV3Kjtcy8v3iRQ
N8yqr2EprGF9KOb3S3/VbPR1m5AMjUIvr8rs6hCUmUBX5PTpA7hBclTAOmkGXM9C
kviycyDT9svoq0DJ9c5DVctI4ULxql/zgMFd3hxNZ164YQS337BWULztFs2PBM0x
l/kCBQqpskQYwD3Hw8c0dIoSQsb0X3Ju++Hli0Xv+MADBJBNkY2CuTudz1+eyB3m
L4DPid86F5v5XanMTTfUcmikIivuI/ChP6jtYedlGeNprof/vI9RCqrFjwpTSCEt
wbxE6samVqd9ktkhgEOnjiayzhYUSpJADaurSaoylo/iqbcaRpEKleuNSRIeWqRR
1+mP0IM=
-----END CERTIFICATE-----