Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7edcc063-22a2-470f-8abd-abf5f36c7785.roa
File:                     7edcc063-22a2-470f-8abd-abf5f36c7785.roa (raw, json)
Hash identifier:          +1deqAwo8O8heKR/IZJr20jk+iNLxWS7uZAuIe2l2RQ=
Subject key identifier:   63:D5:C8:11:07:AA:9C:A2:D9:81:E0:08:F6:BF:66:76:A9:24:35:5F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       05F3F988436E46E888CD045F8BA72CDF651DA822
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7edcc063-22a2-470f-8abd-abf5f36c7785.roa
Signing time:             Tue 02 May 2023 00:00:00 +0000
ROA not before:           Tue 02 May 2023 00:00:00 +0000
ROA not after:            Fri 05 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:f3:f9:88:43:6e:46:e8:88:cd:04:5f:8b:a7:2c:df:65:1d:a8:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May  2 00:00:00 2023 GMT
            Not After : May  5 23:59:59 2023 GMT
        Subject: serialNumber=33b7889cfd7dbc621da1fe40317299d0dd9362839017b461912f992dd4a976e1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:24:e3:52:3f:eb:df:b3:11:74:71:ad:86:b2:
                    c2:70:48:00:0d:c1:21:fd:ac:1d:60:d5:c4:ac:11:
                    4d:3e:0e:b3:60:5f:07:5c:92:d2:a2:44:bb:8c:ba:
                    35:b8:ca:3b:28:67:53:8c:ad:2c:b7:46:71:ed:4d:
                    00:ef:e9:00:bd:3b:d4:c7:15:32:40:a9:a3:e5:fd:
                    1d:4e:a8:7c:91:d9:81:57:d5:c1:03:de:8b:16:26:
                    8a:c6:ab:07:d0:c4:d5:31:8c:52:56:e7:96:1d:30:
                    a5:15:aa:04:96:dc:98:90:6d:99:f9:35:9f:cf:b5:
                    be:71:be:30:b0:31:00:91:5d:ed:50:77:e4:22:c8:
                    4d:3a:aa:70:ab:b4:41:83:c8:de:de:76:b9:80:d3:
                    08:9b:2d:9f:7e:34:5c:ea:34:90:80:ab:e7:65:8f:
                    f6:f7:17:c2:c0:43:da:89:0a:2e:03:fe:be:0a:07:
                    b9:4e:31:44:53:81:53:81:5d:1f:50:93:c8:4a:dd:
                    0f:d8:4d:07:c4:f0:1c:12:99:7e:57:8f:90:bd:0c:
                    ec:a2:4e:f5:0b:4b:05:f3:27:b0:f3:1e:22:56:7a:
                    f0:78:a7:74:3a:4c:b6:a3:08:42:6f:49:15:fe:b0:
                    9f:26:a3:38:c1:25:c8:05:01:2b:cb:7e:76:cf:15:
                    67:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D5:C8:11:07:AA:9C:A2:D9:81:E0:08:F6:BF:66:76:A9:24:35:5F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7edcc063-22a2-470f-8abd-abf5f36c7785.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:66:75:d6:7e:5e:bd:95:ed:4b:eb:63:29:65:ab:e4:ea:77:
         0e:cb:06:72:5b:a7:1e:72:04:35:91:39:ee:99:e4:97:c1:2b:
         09:65:13:9d:77:48:91:5a:07:8a:90:58:48:c5:4e:87:01:93:
         a9:a7:98:a4:98:0f:9d:fe:0f:98:c7:ef:59:7a:94:88:87:ac:
         15:4d:65:31:b9:fb:79:cb:e5:c6:16:65:3f:85:28:9f:81:3e:
         d0:db:87:12:9e:4c:7e:44:5e:03:fc:26:02:e1:18:1c:f7:cb:
         68:3e:4c:d0:76:b1:f4:0c:c4:91:44:cf:43:e7:5a:a8:a2:7e:
         9a:91:70:e1:fb:c5:56:78:8a:0f:a0:4a:42:bf:6f:20:d2:08:
         17:02:45:10:44:43:28:cf:f0:06:96:eb:fb:a4:f5:81:21:cc:
         7b:08:e1:85:95:70:3f:ec:40:8f:f7:4d:77:6c:30:4c:f0:fc:
         d9:e9:e9:b7:dc:89:01:69:aa:99:55:8a:21:23:18:60:e7:4c:
         3b:49:64:cc:9f:c6:e8:2c:a7:63:a9:45:e9:d4:11:ee:1c:a5:
         e4:38:04:e2:30:16:2f:7a:79:03:58:31:fa:7f:44:c3:72:7e:
         09:0c:fe:03:07:9f:76:bb:c6:48:d2:19:f5:e0:93:b2:24:53:
         f2:62:17:8a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBfP5iENuRuiIzQRfi6cs32UdqCIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTAyMDAwMDAwWhcNMjMwNTA1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzNiNzg4OWNmZDdkYmM2MjFkYTFmZTQwMzE3Mjk5ZDBk
ZDkzNjI4MzkwMTdiNDYxOTEyZjk5MmRkNGE5NzZlMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKMk41I/69+zEXRxrYaywnBIAA3BIf2sHWDVxKwRTT4Os2BfB1yS
0qJEu4y6NbjKOyhnU4ytLLdGce1NAO/pAL071McVMkCpo+X9HU6ofJHZgVfVwQPe
ixYmisarB9DE1TGMUlbnlh0wpRWqBJbcmJBtmfk1n8+1vnG+MLAxAJFd7VB35CLI
TTqqcKu0QYPI3t52uYDTCJstn340XOo0kICr52WP9vcXwsBD2okKLgP+vgoHuU4x
RFOBU4FdH1CTyErdD9hNB8TwHBKZflePkL0M7KJO9QtLBfMnsPMeIlZ68HindDpM
tqMIQm9JFf6wnyajOMElyAUBK8t+ds8VZ5UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRj1cgRB6qcotmB4Aj2v2Z2qSQ1XzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2VkY2MwNjMtMjJhMi00NzBmLThhYmQtYWJmNWYzNmM3Nzg1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIFmddZ+Xr2V7Uvr
Yyllq+Tqdw7LBnJbpx5yBDWROe6Z5JfBKwllE513SJFaB4qQWEjFTocBk6mnmKSY
D53+D5jH71l6lIiHrBVNZTG5+3nL5cYWZT+FKJ+BPtDbhxKeTH5EXgP8JgLhGBz3
y2g+TNB2sfQMxJFEz0PnWqiifpqRcOH7xVZ4ig+gSkK/byDSCBcCRRBEQyjP8AaW
6/uk9YEhzHsI4YWVcD/sQI/3TXdsMEzw/Nnp6bfciQFpqplViiEjGGDnTDtJZMyf
xugsp2OpRenUEe4cpeQ4BOIwFi96eQNYMfp/RMNyfgkM/gMHn3a7xkjSGfXgk7Ik
U/JiF4o=
-----END CERTIFICATE-----