Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/54140fed-ecb0-4b3c-beca-b6d4b40da3af.roa
File:                     54140fed-ecb0-4b3c-beca-b6d4b40da3af.roa (raw, json)
Hash identifier:          E7DU/M9cdZPpykt2Aw3ywOsnjwozMAjcqQWRRNprEio=
Subject key identifier:   5C:EB:00:86:80:65:39:B7:0C:51:19:85:3E:2A:C7:30:C8:CA:41:EC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5CAA8AAB7881EB8B1A1F9D95E0B81747F5DB4C17
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/54140fed-ecb0-4b3c-beca-b6d4b40da3af.roa
Signing time:             Sun 21 May 2023 00:00:00 +0000
ROA not before:           Sun 21 May 2023 00:00:00 +0000
ROA not after:            Wed 24 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:aa:8a:ab:78:81:eb:8b:1a:1f:9d:95:e0:b8:17:47:f5:db:4c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 21 00:00:00 2023 GMT
            Not After : May 24 23:59:59 2023 GMT
        Subject: serialNumber=652bff921aed0999fda17083aede28d4ca855ffb02025c868f7d4151fc564eb2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:da:d9:d9:eb:cf:8e:ea:52:cc:15:6e:2b:16:
                    2e:66:ca:2e:6b:16:6b:1b:0c:f4:42:be:d4:30:50:
                    a4:61:9f:65:e1:72:8e:56:91:1e:a3:17:d5:75:ab:
                    f9:66:f6:4e:a8:4d:20:1d:f4:0e:ee:f3:9e:04:69:
                    b4:b0:ae:69:5b:35:88:8e:d4:1e:be:f9:49:54:34:
                    57:71:b0:3d:e3:63:ba:e3:bd:fa:40:e0:d0:08:dd:
                    98:33:36:fb:df:b2:0c:41:b2:c0:b1:e8:ec:e7:e9:
                    f6:cb:7a:34:2f:2b:1a:0b:d1:93:13:db:b4:3d:fb:
                    e9:a4:43:3d:c5:f5:81:89:11:0a:b4:a2:43:42:0c:
                    ed:a9:9d:e9:3e:98:77:00:f6:41:ca:a2:fc:22:20:
                    42:9a:c1:4a:92:32:9d:5d:83:be:cf:12:bb:2f:db:
                    a3:b0:5d:66:6c:ec:03:52:f1:28:2f:ea:e4:47:15:
                    85:ba:86:60:e6:7a:ba:60:f9:aa:b1:ff:b4:ad:a8:
                    fb:9b:4a:28:b7:8b:6d:00:0f:ca:c2:d0:7e:19:57:
                    ee:35:67:f1:38:72:b6:b4:f9:98:9f:ee:87:9c:ae:
                    c3:78:75:1e:1e:b7:ed:b2:0a:5e:8b:25:83:2a:ed:
                    8d:b6:64:f1:6a:f0:23:3f:b9:e1:4d:b7:e3:23:a8:
                    d2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:EB:00:86:80:65:39:B7:0C:51:19:85:3E:2A:C7:30:C8:CA:41:EC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/54140fed-ecb0-4b3c-beca-b6d4b40da3af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:7d:51:ef:e8:c9:58:69:93:4a:ee:c8:3d:76:d3:9e:84:78:
         88:5e:c4:21:46:73:71:7e:e1:5e:d2:31:c6:c2:2e:f3:7f:5f:
         25:bc:e7:73:92:df:6c:51:2d:3b:24:bd:80:fe:64:66:86:37:
         c5:79:9c:91:ee:10:9d:39:ae:ba:69:fb:81:a8:98:a4:00:60:
         2a:83:da:ba:2b:fd:c1:13:22:65:37:7e:74:6e:1d:1f:10:ad:
         a7:97:20:ea:73:e2:57:8e:b3:44:09:8f:1f:37:80:58:eb:b6:
         12:51:bd:cd:b6:52:82:35:3f:71:03:da:ee:07:8b:40:7e:fb:
         f5:2c:6d:51:0c:a3:e3:84:a6:64:e5:19:59:f8:b9:94:bf:bf:
         db:b8:b6:10:42:c3:89:3f:00:f8:0a:85:46:f7:e4:c2:88:c9:
         4b:df:7e:d0:7b:6c:ad:ce:d9:73:8f:b9:5b:0a:f4:58:80:ca:
         36:df:8c:7e:ef:9a:1b:a3:0f:c3:6a:97:c0:81:e7:84:bd:3c:
         d1:66:ef:bd:b9:36:80:09:b5:15:87:4d:e0:e0:85:f2:66:97:
         94:ad:7a:2d:ca:9e:fb:56:b6:0c:3a:80:52:ff:3c:59:02:23:
         ff:15:02:57:b8:09:86:61:04:d9:e0:16:d6:4b:d6:7d:ed:cd:
         c1:e1:81:63
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUXKqKq3iB64saH52V4LgXR/XbTBcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIxMDAwMDAwWhcNMjMwNTI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjUyYmZmOTIxYWVkMDk5OWZkYTE3MDgzYWVkZTI4ZDRj
YTg1NWZmYjAyMDI1Yzg2OGY3ZDQxNTFmYzU2NGViMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN/a2dnrz47qUswVbisWLmbKLmsWaxsM9EK+1DBQpGGfZeFyjlaR
HqMX1XWr+Wb2TqhNIB30Du7zngRptLCuaVs1iI7UHr75SVQ0V3GwPeNjuuO9+kDg
0AjdmDM2+9+yDEGywLHo7Ofp9st6NC8rGgvRkxPbtD376aRDPcX1gYkRCrSiQ0IM
7amd6T6YdwD2Qcqi/CIgQprBSpIynV2Dvs8Suy/bo7BdZmzsA1LxKC/q5EcVhbqG
YOZ6umD5qrH/tK2o+5tKKLeLbQAPysLQfhlX7jVn8ThytrT5mJ/uh5yuw3h1Hh63
7bIKXoslgyrtjbZk8WrwIz+54U234yOo0gUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRc6wCGgGU5twxRGYU+KscwyMpB7DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTQxNDBmZWQtZWNiMC00YjNjLWJlY2EtYjZkNGI0MGRhM2FmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHZ9Ue/oyVhpk0ru
yD12056EeIhexCFGc3F+4V7SMcbCLvN/XyW853OS32xRLTskvYD+ZGaGN8V5nJHu
EJ05rrpp+4GomKQAYCqD2ror/cETImU3fnRuHR8QraeXIOpz4leOs0QJjx83gFjr
thJRvc22UoI1P3ED2u4Hi0B++/UsbVEMo+OEpmTlGVn4uZS/v9u4thBCw4k/APgK
hUb35MKIyUvfftB7bK3O2XOPuVsK9FiAyjbfjH7vmhujD8Nql8CB54S9PNFm7725
NoAJtRWHTeDghfJml5Stei3KnvtWtgw6gFL/PFkCI/8VAle4CYZhBNngFtZL1n3t
zcHhgWM=
-----END CERTIFICATE-----