Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/57752ef9-7aa9-4123-9571-5065d30fa750.roa
File:                     57752ef9-7aa9-4123-9571-5065d30fa750.roa (raw, json)
Hash identifier:          T6qgeY5POLtkqkpLHSHcIx+OpPMTCNqszgDYGZLNnWk=
Subject key identifier:   51:57:90:77:E4:BD:CE:4C:F6:B9:F9:95:6A:4B:CD:B4:AB:40:0A:BF
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       47911F75D4D3634A40B2CE3862EAA54EBAB6ECFD
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/57752ef9-7aa9-4123-9571-5065d30fa750.roa
Signing time:             Wed 31 May 2023 00:00:00 +0000
ROA not before:           Wed 31 May 2023 00:00:00 +0000
ROA not after:            Sat 03 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:91:1f:75:d4:d3:63:4a:40:b2:ce:38:62:ea:a5:4e:ba:b6:ec:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 31 00:00:00 2023 GMT
            Not After : Jun  3 23:59:59 2023 GMT
        Subject: serialNumber=bf020618d8ad533a513602ab7d88063bb2f0fd7909753f81e6fbe1b1eff52491, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e5:90:32:13:eb:34:5c:05:ab:a3:39:03:2a:
                    8d:ad:89:c8:80:21:38:40:79:83:23:37:e7:4a:2e:
                    7f:89:0f:ae:f4:74:25:8d:11:71:4a:41:1e:d6:2f:
                    9b:54:7f:a2:e8:e5:51:9e:b7:9e:46:8b:77:37:af:
                    94:82:98:b7:99:30:a3:71:72:fd:f1:2a:c5:5c:2c:
                    67:d4:84:1e:b0:a0:9a:e9:67:75:46:68:6f:35:aa:
                    3b:ee:e7:6c:a7:a6:79:0d:95:62:b4:0c:02:52:2e:
                    e4:b3:a1:d1:7f:26:e5:6f:ed:8b:04:19:35:15:c3:
                    e4:e7:cf:df:d1:b4:8a:44:21:be:c7:bd:1b:ed:c8:
                    43:9f:39:c3:05:53:ec:74:07:30:94:80:54:0a:b9:
                    5a:25:bd:d8:67:7e:89:c1:53:4c:62:cc:c9:80:35:
                    cc:4e:e9:b8:f6:89:e1:86:90:70:84:62:c2:86:3a:
                    21:12:39:ce:a6:8a:55:97:c3:1e:32:67:53:1a:a5:
                    b7:9f:f7:b6:65:88:35:2f:c3:1c:77:25:62:88:fb:
                    7b:f7:77:ee:05:b8:be:65:b9:85:35:00:ad:c9:4a:
                    5e:38:81:d4:39:96:2c:76:13:91:ec:69:cd:ad:44:
                    f0:c5:7d:5e:3b:8c:cb:67:95:74:4c:f0:7d:f8:a4:
                    a5:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:57:90:77:E4:BD:CE:4C:F6:B9:F9:95:6A:4B:CD:B4:AB:40:0A:BF
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/57752ef9-7aa9-4123-9571-5065d30fa750.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:ab:b5:5b:12:89:2f:6e:d4:99:14:33:ed:68:63:9c:0e:bf:
         75:9d:5f:82:5f:d2:56:ee:f4:f1:ef:42:29:de:7f:10:dc:a4:
         cb:e2:84:fd:09:f1:cc:a6:7a:aa:a1:19:d1:bf:70:66:eb:52:
         c3:e2:c7:25:fb:d4:b9:7e:47:28:f3:fa:dd:ea:f4:0f:b5:56:
         d0:1b:f1:0d:8c:26:65:a5:bd:11:3c:bf:15:59:29:ac:d9:22:
         9e:3e:f8:db:e8:85:d9:37:73:0d:b0:05:64:6b:7c:bb:f6:fd:
         be:a5:9a:1f:8b:67:c2:1a:f7:e9:ff:cc:56:26:fd:36:7d:16:
         ba:3a:f8:58:2f:4b:35:05:dc:98:c9:bb:f4:a5:f8:85:9a:15:
         9f:9b:57:46:13:9d:65:db:a8:b7:5a:b4:4a:84:63:99:1a:44:
         8c:90:d3:10:6f:87:8a:fe:3e:db:e6:88:7c:0a:35:23:1c:fc:
         3d:b1:b9:ca:5a:1d:2b:ad:cb:46:6f:62:45:18:7d:27:0f:ea:
         2a:d9:f2:99:54:ce:c5:ca:d3:d1:70:d5:be:a1:f5:30:8e:5a:
         2f:47:66:d1:8a:b2:be:f4:01:e8:af:1a:ee:9e:fd:3d:f2:e4:
         2d:9e:82:89:2f:22:39:9e:70:10:d9:56:11:d1:3a:c4:7c:5b:
         fa:41:25:70
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUR5EfddTTY0pAss44YuqlTrq27P0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTMxMDAwMDAwWhcNMjMwNjAzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmYwMjA2MThkOGFkNTMzYTUxMzYwMmFiN2Q4ODA2M2Ji
MmYwZmQ3OTA5NzUzZjgxZTZmYmUxYjFlZmY1MjQ5MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMXlkDIT6zRcBaujOQMqja2JyIAhOEB5gyM350ouf4kPrvR0JY0R
cUpBHtYvm1R/oujlUZ63nkaLdzevlIKYt5kwo3Fy/fEqxVwsZ9SEHrCgmulndUZo
bzWqO+7nbKemeQ2VYrQMAlIu5LOh0X8m5W/tiwQZNRXD5OfP39G0ikQhvse9G+3I
Q585wwVT7HQHMJSAVAq5WiW92Gd+icFTTGLMyYA1zE7puPaJ4YaQcIRiwoY6IRI5
zqaKVZfDHjJnUxqlt5/3tmWINS/DHHclYoj7e/d37gW4vmW5hTUArclKXjiB1DmW
LHYTkexpza1E8MV9XjuMy2eVdEzwffikpS8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRRV5B35L3OTPa5+ZVqS820q0AKvzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTc3NTJlZjktN2FhOS00MTIzLTk1NzEtNTA2NWQzMGZhNzUwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALqrtVsSiS9u1JkU
M+1oY5wOv3WdX4Jf0lbu9PHvQinefxDcpMvihP0J8cymeqqhGdG/cGbrUsPixyX7
1Ll+Ryjz+t3q9A+1VtAb8Q2MJmWlvRE8vxVZKazZIp4++Nvohdk3cw2wBWRrfLv2
/b6lmh+LZ8Ia9+n/zFYm/TZ9Fro6+FgvSzUF3JjJu/Sl+IWaFZ+bV0YTnWXbqLda
tEqEY5kaRIyQ0xBvh4r+PtvmiHwKNSMc/D2xucpaHSuty0ZvYkUYfScP6irZ8plU
zsXK09Fw1b6h9TCOWi9HZtGKsr70AeivGu6e/T3y5C2egokvIjmecBDZVhHROsR8
W/pBJXA=
-----END CERTIFICATE-----