Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/618f1ce1-3d47-4669-8759-3d13b20f33f1.roa
File:                     618f1ce1-3d47-4669-8759-3d13b20f33f1.roa (raw, json)
Hash identifier:          JK/xpJ5y7M4broDw30Cgdkocgnj84tm7KeGveKemMWM=
Subject key identifier:   30:46:88:8A:29:C1:CA:BC:5F:8D:66:D4:74:BE:B7:F5:BE:CF:51:14
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       11CFBD7565159FCDD3AEE1006F4D7525C8F65C14
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/618f1ce1-3d47-4669-8759-3d13b20f33f1.roa
Signing time:             Fri 19 May 2023 00:00:00 +0000
ROA not before:           Fri 19 May 2023 00:00:00 +0000
ROA not after:            Mon 22 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:cf:bd:75:65:15:9f:cd:d3:ae:e1:00:6f:4d:75:25:c8:f6:5c:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 19 00:00:00 2023 GMT
            Not After : May 22 23:59:59 2023 GMT
        Subject: serialNumber=f18fc9f41b7b5b4f7bb79f77cc76014a4c8a7dc1fab639326ae068ac44abdafa, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ff:01:1d:ac:15:15:29:43:14:fc:10:e7:7d:
                    86:6d:fc:ff:60:aa:8e:d4:5b:bd:2c:83:97:fe:bf:
                    19:51:4f:c6:87:d3:9c:bf:af:b5:d1:38:7d:18:1e:
                    4c:97:0e:d8:0c:46:b7:e5:3a:22:48:6c:63:73:23:
                    cd:29:1c:78:41:c1:bf:e6:1a:01:2b:11:15:47:fe:
                    6e:98:a0:15:66:ba:89:82:19:58:af:32:1d:39:dd:
                    be:ed:fe:aa:53:29:54:32:6d:0d:5b:ed:82:41:fa:
                    ed:03:32:3f:eb:f6:61:23:64:75:0e:33:29:60:21:
                    97:fa:96:37:25:7d:3b:f1:2d:a2:51:8f:ae:18:3e:
                    43:e5:ef:7d:a2:72:27:6d:75:ad:66:89:7c:5d:7f:
                    d2:94:62:b6:1c:39:9d:7e:de:7a:d9:b5:70:01:32:
                    5d:b9:88:4f:42:fc:85:2d:5e:29:df:1a:10:d0:50:
                    dd:6c:10:49:28:9d:90:a9:49:d8:21:0a:6a:53:59:
                    6a:ff:65:2d:24:b0:2d:fd:f6:3b:8f:d0:b9:64:cf:
                    34:d1:5a:bd:9f:b3:67:b2:13:85:0d:3b:10:f3:81:
                    d8:fa:1c:21:fb:e4:ce:7e:e0:ac:96:a5:1e:10:78:
                    d1:84:10:3a:64:ed:58:3d:18:72:2b:e3:a0:fb:cb:
                    a4:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:46:88:8A:29:C1:CA:BC:5F:8D:66:D4:74:BE:B7:F5:BE:CF:51:14
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/618f1ce1-3d47-4669-8759-3d13b20f33f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:a9:92:c0:db:98:8d:c6:b5:7c:1e:f1:79:f7:1a:07:4e:07:
         2f:ac:8c:37:70:c2:04:a5:73:32:2a:84:4e:4a:dd:f4:bf:34:
         c2:55:c2:43:4b:cc:cb:0f:d5:33:e0:a3:1f:da:45:d8:33:f0:
         1f:c7:70:e2:02:77:a4:41:53:72:f8:86:b5:4b:d4:75:9f:5b:
         8e:ef:65:72:96:67:99:6e:95:7c:b5:2f:fc:bc:61:58:22:c0:
         de:a8:0f:8c:74:d2:18:7d:e6:d1:79:a4:c3:96:15:a8:2f:e4:
         b0:cb:06:bd:ab:1a:ce:8c:17:1f:0b:0f:f2:3b:5f:37:e5:4b:
         50:93:27:5e:f2:eb:21:27:d3:49:4a:51:a6:59:aa:1c:17:5a:
         c9:f3:4c:35:0e:2c:45:fa:46:03:1d:7e:22:52:5c:fb:f7:a0:
         9d:d2:3c:01:66:ac:c8:9a:e4:cb:02:43:e0:a9:23:df:54:04:
         61:ed:0c:d6:36:b1:26:70:68:2e:fa:ab:64:3d:ad:10:94:61:
         41:5b:8f:44:ac:92:87:3a:11:1c:99:aa:14:c2:08:3b:3b:d4:
         54:61:32:50:7d:4f:ad:41:0b:76:3a:ad:13:11:35:4b:48:ab:
         ce:ef:9d:42:1d:da:1c:52:2e:dc:d2:0e:e2:e3:d6:a3:de:11:
         30:3a:e0:f6
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEc+9dWUVn83TruEAb011Jcj2XBQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE5MDAwMDAwWhcNMjMwNTIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjE4ZmM5ZjQxYjdiNWI0ZjdiYjc5Zjc3Y2M3NjAxNGE0
YzhhN2RjMWZhYjYzOTMyNmFlMDY4YWM0NGFiZGFmYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMn/AR2sFRUpQxT8EOd9hm38/2CqjtRbvSyDl/6/GVFPxofTnL+v
tdE4fRgeTJcO2AxGt+U6IkhsY3MjzSkceEHBv+YaASsRFUf+bpigFWa6iYIZWK8y
HTndvu3+qlMpVDJtDVvtgkH67QMyP+v2YSNkdQ4zKWAhl/qWNyV9O/EtolGPrhg+
Q+XvfaJyJ211rWaJfF1/0pRithw5nX7eetm1cAEyXbmIT0L8hS1eKd8aENBQ3WwQ
SSidkKlJ2CEKalNZav9lLSSwLf32O4/QuWTPNNFavZ+zZ7IThQ07EPOB2PocIfvk
zn7grJalHhB40YQQOmTtWD0YcivjoPvLpJ8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQwRoiKKcHKvF+NZtR0vrf1vs9RFDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjE4ZjFjZTEtM2Q0Ny00NjY5LTg3NTktM2QxM2IyMGYzM2YxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMGpksDbmI3GtXwe
8Xn3GgdOBy+sjDdwwgSlczIqhE5K3fS/NMJVwkNLzMsP1TPgox/aRdgz8B/HcOIC
d6RBU3L4hrVL1HWfW47vZXKWZ5lulXy1L/y8YVgiwN6oD4x00hh95tF5pMOWFagv
5LDLBr2rGs6MFx8LD/I7XzflS1CTJ17y6yEn00lKUaZZqhwXWsnzTDUOLEX6RgMd
fiJSXPv3oJ3SPAFmrMia5MsCQ+CpI99UBGHtDNY2sSZwaC76q2Q9rRCUYUFbj0Ss
koc6ERyZqhTCCDs71FRhMlB9T61BC3Y6rRMRNUtIq87vnUId2hxSLtzSDuLj1qPe
ETA64PY=
-----END CERTIFICATE-----