Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/67efe719-9076-4c7e-b1be-6b95428299b3.roa
File:                     67efe719-9076-4c7e-b1be-6b95428299b3.roa (raw, json)
Hash identifier:          jnLHgUbHp/302DWcFvy3hcOPcFxjtxUGZR9bTPB/cUc=
Subject key identifier:   36:9B:D1:E5:12:DB:08:75:9E:B6:6B:56:32:54:BA:86:36:A4:A4:65
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5F04051078BEA03D4DC5AAA5B7C5C502039FA8DE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/67efe719-9076-4c7e-b1be-6b95428299b3.roa
Signing time:             Sun 21 May 2023 00:00:00 +0000
ROA not before:           Sun 21 May 2023 00:00:00 +0000
ROA not after:            Wed 24 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:04:05:10:78:be:a0:3d:4d:c5:aa:a5:b7:c5:c5:02:03:9f:a8:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 21 00:00:00 2023 GMT
            Not After : May 24 23:59:59 2023 GMT
        Subject: serialNumber=aa0afc2473b42f6084847582281e6d8ee77b389727ea3c9a3ebd0f0ff96b5b55, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:72:49:8c:be:b6:6f:a2:b1:b0:ee:01:e4:0f:
                    ab:c5:6b:00:5f:11:5d:c0:16:5d:63:59:3f:2a:06:
                    b8:18:dd:71:c7:31:84:4e:72:5f:8c:25:c5:fb:a1:
                    5a:9b:bd:e6:0c:49:62:3b:da:8c:43:f5:a2:14:50:
                    69:f8:06:99:e6:65:34:8d:c8:8d:ae:9b:44:c8:ff:
                    78:51:47:6c:b7:fa:dd:cf:aa:ab:59:8a:2c:41:4c:
                    79:16:a6:06:d4:b4:df:3b:21:f9:79:20:6d:61:1d:
                    02:4c:94:cb:95:6b:8b:27:30:52:1f:b9:c8:3f:88:
                    c1:cc:f5:55:bc:7e:dd:0d:ce:3b:ee:27:49:60:9b:
                    00:c8:8b:5f:c2:b7:5b:23:9d:73:ef:ea:7e:02:5b:
                    fb:74:f9:f9:53:fb:96:29:66:4e:d3:7c:b0:b6:72:
                    97:0d:78:9d:c7:d3:96:ab:eb:46:2e:70:aa:ef:06:
                    73:0a:3b:bb:79:67:b3:9a:c9:8c:44:a8:d2:28:21:
                    55:24:1d:fc:49:8a:9e:5c:33:50:ee:d6:f7:8a:23:
                    88:23:62:47:58:76:02:35:ff:26:93:ee:70:f6:43:
                    b7:08:9f:6c:e0:5d:5b:c6:94:bb:d7:4c:ed:a1:89:
                    ad:78:f3:07:a7:65:d2:d5:22:84:6b:8b:5c:77:58:
                    4c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:9B:D1:E5:12:DB:08:75:9E:B6:6B:56:32:54:BA:86:36:A4:A4:65
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/67efe719-9076-4c7e-b1be-6b95428299b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:4e:c1:65:3a:35:ea:a2:c6:1f:fc:63:f4:a3:3d:6a:0c:26:
         02:6e:55:82:6e:db:54:af:20:c1:20:f1:e7:87:f6:8f:28:68:
         07:ef:c6:c4:3b:31:c7:f2:6b:cb:12:36:ba:33:f6:0f:c5:e4:
         40:a0:15:7c:bf:44:6e:60:89:4d:63:a1:63:fc:a6:63:11:0c:
         9f:31:17:9e:a7:72:c9:21:51:d6:21:2d:c9:dd:d2:2e:a8:a8:
         1b:14:4f:45:94:0a:57:31:07:93:43:59:56:b3:a0:4a:1a:9d:
         2d:7a:87:64:c1:1e:6e:ad:2e:83:e9:64:60:9b:9f:a2:a8:81:
         8d:55:5a:4b:22:f6:47:95:db:b0:59:e5:ba:c5:30:8d:2b:5c:
         44:33:51:7e:08:0e:ac:1c:ac:15:e1:02:48:a7:78:b2:0d:3a:
         a7:8d:80:96:de:3c:e4:75:ba:db:2b:7b:19:77:38:4c:bd:f3:
         f7:ff:07:8e:f4:f0:36:3d:60:04:c7:68:3d:59:6d:8b:ed:dc:
         47:3b:2e:fd:a9:78:d4:e7:06:bd:54:ed:ad:f8:02:37:ef:3c:
         22:6e:a4:8a:9f:18:e0:44:38:4d:59:f8:40:18:8b:4c:07:ea:
         77:2f:6e:df:c0:3a:0b:3c:b5:e5:97:07:13:49:af:d9:84:38:
         3f:d0:6b:35
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUXwQFEHi+oD1Nxaqlt8XFAgOfqN4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIxMDAwMDAwWhcNMjMwNTI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWEwYWZjMjQ3M2I0MmY2MDg0ODQ3NTgyMjgxZTZkOGVl
NzdiMzg5NzI3ZWEzYzlhM2ViZDBmMGZmOTZiNWI1NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIhySYy+tm+isbDuAeQPq8VrAF8RXcAWXWNZPyoGuBjdcccxhE5y
X4wlxfuhWpu95gxJYjvajEP1ohRQafgGmeZlNI3Ija6bRMj/eFFHbLf63c+qq1mK
LEFMeRamBtS03zsh+XkgbWEdAkyUy5VriycwUh+5yD+Iwcz1Vbx+3Q3OO+4nSWCb
AMiLX8K3WyOdc+/qfgJb+3T5+VP7lilmTtN8sLZylw14ncfTlqvrRi5wqu8Gcwo7
u3lns5rJjESo0ighVSQd/EmKnlwzUO7W94ojiCNiR1h2AjX/JpPucPZDtwifbOBd
W8aUu9dM7aGJrXjzB6dl0tUihGuLXHdYTMsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ2m9HlEtsIdZ62a1YyVLqGNqSkZTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjdlZmU3MTktOTA3Ni00YzdlLWIxYmUtNmI5NTQyODI5OWIzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHFOwWU6Neqixh/8
Y/SjPWoMJgJuVYJu21SvIMEg8eeH9o8oaAfvxsQ7Mcfya8sSNroz9g/F5ECgFXy/
RG5giU1joWP8pmMRDJ8xF56ncskhUdYhLcnd0i6oqBsUT0WUClcxB5NDWVazoEoa
nS16h2TBHm6tLoPpZGCbn6KogY1VWksi9keV27BZ5brFMI0rXEQzUX4IDqwcrBXh
AkineLINOqeNgJbePOR1utsrexl3OEy98/f/B4708DY9YATHaD1ZbYvt3Ec7Lv2p
eNTnBr1U7a34AjfvPCJupIqfGOBEOE1Z+EAYi0wH6ncvbt/AOgs8teWXBxNJr9mE
OD/QazU=
-----END CERTIFICATE-----