Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/632f5e3f-a871-44fa-8f30-0385588a6a31.roa
File:                     632f5e3f-a871-44fa-8f30-0385588a6a31.roa (raw, json)
Hash identifier:          XEqlPkW3ofoSAv3eWC5WXxnO00PE3g04ocuLHOSzqTo=
Subject key identifier:   BD:3B:F8:26:A5:7C:2B:62:07:38:9F:46:42:C5:92:BF:CD:A5:46:78
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5011F20D3DD40BF606F655A888A694A0A6C0A020
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/632f5e3f-a871-44fa-8f30-0385588a6a31.roa
Signing time:             Sat 27 May 2023 00:00:00 +0000
ROA not before:           Sat 27 May 2023 00:00:00 +0000
ROA not after:            Tue 30 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:11:f2:0d:3d:d4:0b:f6:06:f6:55:a8:88:a6:94:a0:a6:c0:a0:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 27 00:00:00 2023 GMT
            Not After : May 30 23:59:59 2023 GMT
        Subject: serialNumber=aac1c87d6971c2ca9b2cf165b0bb23b2ab5f8a7deed91e525135cc2967204ec6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:f0:1e:21:b2:52:1a:65:8f:0f:7a:77:c8:81:
                    c1:52:8f:70:d5:78:dd:c5:8c:24:b1:63:25:a8:55:
                    6a:ff:48:3b:e4:17:3d:0f:bb:f2:09:b5:04:f0:d9:
                    69:87:28:23:9c:01:c1:6e:1a:e2:47:51:d8:a4:64:
                    f9:53:a3:3b:67:c6:5d:b1:0b:b1:17:b0:9b:b7:63:
                    15:42:91:88:1d:b0:0a:12:14:1f:f7:00:52:ff:af:
                    f2:17:4e:49:d0:4e:f4:68:6e:eb:e6:ab:f2:19:86:
                    b0:cf:8d:b5:59:9a:d3:e9:96:13:62:53:34:33:e3:
                    dc:14:b7:c2:c2:0f:b0:ae:5d:cc:59:8a:79:d9:e2:
                    a4:16:e3:d4:84:dd:a2:f1:13:ab:1f:3a:e8:28:a7:
                    90:41:94:84:27:40:7d:d4:36:32:02:33:a2:2a:7d:
                    03:b3:13:f0:8d:5d:5f:53:a1:10:a8:42:7a:b0:65:
                    f1:21:e1:b8:37:d2:01:26:ba:14:8f:e4:34:68:86:
                    8b:71:1f:2a:35:11:63:9d:70:1e:0d:e3:ca:b5:3f:
                    31:76:ad:5f:82:a3:f5:1b:36:e3:45:8a:13:6f:45:
                    51:07:4a:e4:f9:e7:c0:00:9d:85:b5:d1:14:3e:9c:
                    3e:95:3c:d5:0e:d4:d0:2f:d8:b4:41:ee:79:ac:9e:
                    08:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:3B:F8:26:A5:7C:2B:62:07:38:9F:46:42:C5:92:BF:CD:A5:46:78
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/632f5e3f-a871-44fa-8f30-0385588a6a31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:ee:36:0c:25:4e:dd:34:9d:84:e2:5b:22:59:60:30:58:1b:
         8a:9d:58:d5:0d:52:05:57:77:87:e0:1f:a4:0d:7b:ca:18:36:
         ee:76:1e:5f:da:b6:55:72:f0:3a:1d:b3:10:7c:6f:48:da:d3:
         30:81:5c:b6:d5:c8:3f:50:47:f3:09:d8:05:8a:2d:d4:43:66:
         16:a6:12:e4:e5:a2:3c:61:49:4b:2c:e9:36:c1:31:bb:9c:08:
         2f:1f:bd:62:df:b3:5d:ae:cb:db:59:ea:21:ca:53:09:04:5d:
         b5:26:a8:55:27:a3:70:c7:f3:14:a4:d8:3a:86:26:ed:89:04:
         30:f0:9d:0e:9f:dd:da:bb:2e:24:95:69:5a:60:d9:76:66:bc:
         22:26:27:59:0e:d9:c8:4e:97:b0:d8:2d:d1:de:b7:cf:7b:cd:
         5d:39:8b:d2:f5:67:f6:34:97:03:04:37:17:a5:db:cf:b2:7d:
         97:78:3e:5a:a1:af:a6:6e:f0:42:4a:64:cd:29:3a:91:87:83:
         85:50:77:4b:51:e1:db:5a:76:db:36:94:73:f7:af:4f:bb:2a:
         97:93:36:97:29:61:29:2e:f5:68:88:96:c7:d6:ff:1a:10:63:
         26:65:61:62:59:38:0a:4b:ab:8e:15:db:73:0f:27:eb:d3:2f:
         f6:4b:a7:28
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUBHyDT3UC/YG9lWoiKaUoKbAoCAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI3MDAwMDAwWhcNMjMwNTMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWFjMWM4N2Q2OTcxYzJjYTliMmNmMTY1YjBiYjIzYjJh
YjVmOGE3ZGVlZDkxZTUyNTEzNWNjMjk2NzIwNGVjNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOjwHiGyUhpljw96d8iBwVKPcNV43cWMJLFjJahVav9IO+QXPQ+7
8gm1BPDZaYcoI5wBwW4a4kdR2KRk+VOjO2fGXbELsRewm7djFUKRiB2wChIUH/cA
Uv+v8hdOSdBO9Ghu6+ar8hmGsM+NtVma0+mWE2JTNDPj3BS3wsIPsK5dzFmKedni
pBbj1ITdovETqx866CinkEGUhCdAfdQ2MgIzoip9A7MT8I1dX1OhEKhCerBl8SHh
uDfSASa6FI/kNGiGi3EfKjURY51wHg3jyrU/MXatX4Kj9Rs240WKE29FUQdK5Pnn
wACdhbXRFD6cPpU81Q7U0C/YtEHueayeCF0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS9O/gmpXwrYgc4n0ZCxZK/zaVGeDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjMyZjVlM2YtYTg3MS00NGZhLThmMzAtMDM4NTU4OGE2YTMxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALTuNgwlTt00nYTi
WyJZYDBYG4qdWNUNUgVXd4fgH6QNe8oYNu52Hl/atlVy8DodsxB8b0ja0zCBXLbV
yD9QR/MJ2AWKLdRDZhamEuTlojxhSUss6TbBMbucCC8fvWLfs12uy9tZ6iHKUwkE
XbUmqFUno3DH8xSk2DqGJu2JBDDwnQ6f3dq7LiSVaVpg2XZmvCImJ1kO2chOl7DY
LdHet897zV05i9L1Z/Y0lwMENxel28+yfZd4Plqhr6Zu8EJKZM0pOpGHg4VQd0tR
4dtadts2lHP3r0+7KpeTNpcpYSku9WiIlsfW/xoQYyZlYWJZOApLq44V23MPJ+vT
L/ZLpyg=
-----END CERTIFICATE-----