Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73738da0-0d21-4022-b7c9-6773394fdd74.roa
File:                     73738da0-0d21-4022-b7c9-6773394fdd74.roa (raw, json)
Hash identifier:          YgsJdnGT17iBeO2k8ABf9LoyjBnO89kr6fdEEQ9OPns=
Subject key identifier:   A9:41:A5:6B:6B:8F:B8:FC:51:9A:03:A8:C8:8F:BB:24:4A:E1:E3:0F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0D2EEA147E14514BAF2C72077A01948C8E7373FD
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73738da0-0d21-4022-b7c9-6773394fdd74.roa
Signing time:             Tue 23 May 2023 00:00:00 +0000
ROA not before:           Tue 23 May 2023 00:00:00 +0000
ROA not after:            Fri 26 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:2e:ea:14:7e:14:51:4b:af:2c:72:07:7a:01:94:8c:8e:73:73:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 23 00:00:00 2023 GMT
            Not After : May 26 23:59:59 2023 GMT
        Subject: serialNumber=5bf0a57d28155f50ce668b47c44f10729be1e20bc8d6205607a8c5063e75979d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f6:7e:e5:2f:46:fb:a7:77:77:e4:6a:6f:85:
                    60:d6:22:eb:0b:1a:f8:d2:37:1e:ae:81:cd:d2:cb:
                    6a:63:32:19:4f:08:60:1e:a2:5c:cc:52:63:a7:08:
                    ec:f8:e5:cd:98:57:fe:0e:8c:c3:ae:2f:62:2d:02:
                    cf:26:06:6d:a6:4e:e9:96:e1:1c:c7:90:0b:f3:64:
                    6c:f3:a7:1b:d4:c2:2c:68:e8:9e:43:27:ae:1e:16:
                    4e:5e:4b:c2:8b:85:56:26:fc:9a:fc:ab:fa:db:92:
                    5f:3f:d6:c1:11:f9:8a:f3:75:1f:f4:31:9f:46:e3:
                    e0:59:f2:2e:6f:85:22:b6:09:7f:d3:03:e0:85:12:
                    eb:b5:f6:af:7a:f1:04:61:57:78:7b:3e:a0:aa:db:
                    f5:65:80:84:d8:f4:4d:d7:54:db:bc:83:42:3d:87:
                    27:3a:f5:14:ac:36:50:e6:dc:84:a5:a2:5c:a3:c3:
                    50:b6:0b:50:aa:a2:79:42:cc:b7:42:b8:92:73:cc:
                    04:70:64:63:58:dc:39:35:37:58:7b:34:36:9d:c6:
                    76:1c:e2:be:1b:ed:3b:fa:ec:2a:58:9e:02:24:7c:
                    a6:60:37:9c:70:92:93:c1:b8:57:78:70:4d:a8:ca:
                    fb:71:99:94:b7:52:35:d4:23:58:2d:e4:fa:6f:ee:
                    90:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:41:A5:6B:6B:8F:B8:FC:51:9A:03:A8:C8:8F:BB:24:4A:E1:E3:0F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73738da0-0d21-4022-b7c9-6773394fdd74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:d3:76:e1:e2:9a:bd:26:66:5b:c7:9e:5d:a3:64:9e:ab:b1:
         7a:37:ca:d5:3c:77:89:f4:48:69:c6:dd:21:df:26:0d:2c:76:
         1d:4b:b1:23:cf:38:38:48:16:ae:d2:3a:89:dc:47:45:7c:95:
         7c:b2:f9:70:ac:83:1c:41:ee:6b:79:8f:74:6e:b7:4a:92:27:
         d6:b3:f3:bd:eb:55:eb:c1:71:d4:f7:ac:43:e7:8d:cf:26:c2:
         63:f4:a0:5b:10:67:d5:0e:f2:0e:ca:08:93:8a:aa:65:15:6e:
         c3:a1:a0:b7:ec:32:0a:6e:87:44:5e:34:49:ae:b3:25:2a:83:
         07:2e:49:ff:7c:c5:f5:f8:3a:b9:20:74:3f:26:eb:0c:89:2d:
         44:94:0e:5f:9f:49:90:f7:af:36:3b:3b:11:38:33:72:f2:3c:
         cb:69:3e:27:24:67:44:f8:f3:8d:b2:c1:7a:6f:bd:88:bd:3d:
         a7:0b:6a:0a:bf:36:66:c3:aa:8c:cc:94:19:1d:ac:e6:43:ad:
         91:64:97:e7:97:85:83:a7:ea:ab:eb:32:69:a8:ed:49:d0:3f:
         89:1f:6e:ee:af:cb:fd:d2:cc:a7:b4:f8:0d:09:01:50:8c:aa:
         24:b5:ba:c3:41:c3:f4:e9:6e:d3:d2:b1:38:e9:91:63:1b:68:
         40:d3:00:57
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDS7qFH4UUUuvLHIHegGUjI5zc/0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIzMDAwMDAwWhcNMjMwNTI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANWJmMGE1N2QyODE1NWY1MGNlNjY4YjQ3YzQ0ZjEwNzI5
YmUxZTIwYmM4ZDYyMDU2MDdhOGM1MDYzZTc1OTc5ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJT2fuUvRvund3fkam+FYNYi6wsa+NI3Hq6BzdLLamMyGU8IYB6i
XMxSY6cI7PjlzZhX/g6Mw64vYi0CzyYGbaZO6ZbhHMeQC/NkbPOnG9TCLGjonkMn
rh4WTl5LwouFVib8mvyr+tuSXz/WwRH5ivN1H/Qxn0bj4FnyLm+FIrYJf9MD4IUS
67X2r3rxBGFXeHs+oKrb9WWAhNj0TddU27yDQj2HJzr1FKw2UObchKWiXKPDULYL
UKqieULMt0K4knPMBHBkY1jcOTU3WHs0Np3GdhzivhvtO/rsKlieAiR8pmA3nHCS
k8G4V3hwTajK+3GZlLdSNdQjWC3k+m/ukHcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSpQaVra4+4/FGaA6jIj7skSuHjDzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzM3MzhkYTAtMGQyMS00MDIyLWI3YzktNjc3MzM5NGZkZDc0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALfTduHimr0mZlvH
nl2jZJ6rsXo3ytU8d4n0SGnG3SHfJg0sdh1LsSPPODhIFq7SOoncR0V8lXyy+XCs
gxxB7mt5j3Rut0qSJ9az873rVevBcdT3rEPnjc8mwmP0oFsQZ9UO8g7KCJOKqmUV
bsOhoLfsMgpuh0ReNEmusyUqgwcuSf98xfX4OrkgdD8m6wyJLUSUDl+fSZD3rzY7
OxE4M3LyPMtpPickZ0T4842ywXpvvYi9PacLagq/NmbDqozMlBkdrOZDrZFkl+eX
hYOn6qvrMmmo7UnQP4kfbu6vy/3SzKe0+A0JAVCMqiS1usNBw/TpbtPSsTjpkWMb
aEDTAFc=
-----END CERTIFICATE-----