Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55e6f255-b3fd-479f-a9d0-dc4aa55978b5.roa
File:                     55e6f255-b3fd-479f-a9d0-dc4aa55978b5.roa (raw, json)
Hash identifier:          J3fSXvSP/XU2HjGfgknqIRyJtVH+YenH2TF8r7yS7R0=
Subject key identifier:   5B:27:8C:1D:CF:3B:FA:E4:5A:B2:F9:1E:4A:18:D8:55:73:F0:43:28
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1DC95370A51DDCE7394D66F066A5E6AC45EDF21A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55e6f255-b3fd-479f-a9d0-dc4aa55978b5.roa
Signing time:             Mon 15 May 2023 00:00:00 +0000
ROA not before:           Mon 15 May 2023 00:00:00 +0000
ROA not after:            Thu 18 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:c9:53:70:a5:1d:dc:e7:39:4d:66:f0:66:a5:e6:ac:45:ed:f2:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 15 00:00:00 2023 GMT
            Not After : May 18 23:59:59 2023 GMT
        Subject: serialNumber=8d347ea28ac9f191603e004fa5e6add0275117e762fc5485affa6f1782dd3c1c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:49:eb:22:3b:c3:0d:b3:38:0a:84:1b:c7:d2:
                    53:ac:d9:39:9f:50:6e:f0:99:6a:09:ed:24:dc:e2:
                    03:47:bf:40:36:d6:a6:68:87:9f:5e:61:da:8a:8a:
                    be:b7:6d:36:40:04:40:5b:21:49:32:90:c2:d5:c7:
                    b3:43:83:f8:ae:ac:dd:1e:87:80:b8:33:0b:d1:80:
                    67:81:92:dc:1d:06:b3:e5:05:e9:0a:ff:4c:59:66:
                    b0:84:38:72:a2:94:fb:bc:4e:17:51:95:b0:1b:06:
                    05:98:d7:da:d2:a0:b6:4b:16:30:14:b3:62:57:90:
                    f4:b0:de:74:d8:a9:ad:fa:7d:8d:71:4c:29:a8:8a:
                    26:61:a0:7f:70:9a:7f:eb:dc:13:69:d9:9f:d5:31:
                    84:ba:29:5c:83:cd:15:56:06:26:d1:e9:e3:9c:aa:
                    23:29:c6:50:18:19:7a:79:e7:ea:72:38:69:22:f3:
                    c2:56:1d:62:37:c5:a1:8e:00:77:22:49:d3:a0:81:
                    71:38:ad:de:34:07:f8:a1:fd:20:1c:7e:a0:e0:8d:
                    e4:36:2f:19:c7:9c:7b:7a:c1:ba:9d:85:7d:34:9a:
                    05:4e:ec:62:20:74:69:52:c2:a4:90:1b:06:9d:89:
                    d4:b3:a7:50:43:3a:d1:81:66:7f:0b:4d:b4:1c:9c:
                    90:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:27:8C:1D:CF:3B:FA:E4:5A:B2:F9:1E:4A:18:D8:55:73:F0:43:28
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55e6f255-b3fd-479f-a9d0-dc4aa55978b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:17:eb:51:58:16:52:85:e9:ed:46:6d:b1:46:b8:36:3f:2d:
         35:9e:f1:e9:16:ed:b1:8d:ef:1d:82:6b:9e:f2:f9:3c:64:0c:
         c7:f1:eb:21:ce:02:95:7a:b3:ea:f0:87:14:68:e2:01:d5:65:
         a2:df:bb:63:a9:11:b8:6f:56:bf:8d:72:08:28:32:7e:00:d9:
         d7:2c:9b:2d:1b:6f:e5:98:9f:33:54:ee:13:bf:74:4f:87:65:
         38:f0:7b:54:7e:ce:91:e1:92:10:b4:c4:95:8f:f5:04:68:32:
         0e:03:b9:04:c2:6f:43:8e:fa:09:29:8f:fa:e9:50:d7:31:75:
         69:ca:91:dd:c0:bc:fb:62:61:e8:83:88:86:35:66:c1:83:06:
         ec:2c:46:17:00:e5:5a:b9:3a:bc:dc:3a:a2:b5:6c:ac:a1:0d:
         4b:2c:b3:0f:b1:87:84:05:3e:fb:e7:3b:45:ef:f2:e4:ce:c6:
         93:40:ab:6d:8a:d1:db:6c:cc:be:5f:6e:5d:25:22:77:36:fb:
         d2:5a:a8:8d:43:3e:1e:77:e2:db:9e:1c:8e:6e:65:9f:a4:f0:
         3b:93:8a:69:94:2e:6b:4b:1e:2f:44:80:f9:ff:3e:ff:e8:e6:
         7f:45:68:a7:e0:7f:bc:74:14:ab:01:47:4c:d8:40:41:8a:eb:
         05:4d:01:8f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHclTcKUd3Oc5TWbwZqXmrEXt8howDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE1MDAwMDAwWhcNMjMwNTE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOGQzNDdlYTI4YWM5ZjE5MTYwM2UwMDRmYTVlNmFkZDAy
NzUxMTdlNzYyZmM1NDg1YWZmYTZmMTc4MmRkM2MxYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL9J6yI7ww2zOAqEG8fSU6zZOZ9QbvCZagntJNziA0e/QDbWpmiH
n15h2oqKvrdtNkAEQFshSTKQwtXHs0OD+K6s3R6HgLgzC9GAZ4GS3B0Gs+UF6Qr/
TFlmsIQ4cqKU+7xOF1GVsBsGBZjX2tKgtksWMBSzYleQ9LDedNiprfp9jXFMKaiK
JmGgf3Caf+vcE2nZn9UxhLopXIPNFVYGJtHp45yqIynGUBgZennn6nI4aSLzwlYd
YjfFoY4AdyJJ06CBcTit3jQH+KH9IBx+oOCN5DYvGcece3rBup2FfTSaBU7sYiB0
aVLCpJAbBp2J1LOnUEM60YFmfwtNtByckHsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRbJ4wdzzv65Fqy+R5KGNhVc/BDKDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTVlNmYyNTUtYjNmZC00NzlmLWE5ZDAtZGM0YWE1NTk3OGI1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH4X61FYFlKF6e1G
bbFGuDY/LTWe8ekW7bGN7x2Ca57y+TxkDMfx6yHOApV6s+rwhxRo4gHVZaLfu2Op
EbhvVr+NcggoMn4A2dcsmy0bb+WYnzNU7hO/dE+HZTjwe1R+zpHhkhC0xJWP9QRo
Mg4DuQTCb0OO+gkpj/rpUNcxdWnKkd3AvPtiYeiDiIY1ZsGDBuwsRhcA5Vq5Orzc
OqK1bKyhDUsssw+xh4QFPvvnO0Xv8uTOxpNAq22K0dtszL5fbl0lInc2+9JaqI1D
Ph534tueHI5uZZ+k8DuTimmULmtLHi9EgPn/Pv/o5n9FaKfgf7x0FKsBR0zYQEGK
6wVNAY8=
-----END CERTIFICATE-----