Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/880ea828-78ac-42af-8105-77346868c69f.roa
File:                     880ea828-78ac-42af-8105-77346868c69f.roa (raw, json)
Hash identifier:          EYDzTt7Yf/bGDhpwZnJ8G4AMzK5N3ksq8cxkHF9oFxA=
Subject key identifier:   A9:65:F5:92:54:46:36:14:6A:56:E3:DD:9A:AF:5E:7E:D5:EE:C7:EE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       54520A957701AFDBB630A5508E61A63255F8D68B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/880ea828-78ac-42af-8105-77346868c69f.roa
Signing time:             Wed 24 May 2023 00:00:00 +0000
ROA not before:           Wed 24 May 2023 00:00:00 +0000
ROA not after:            Sat 27 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:52:0a:95:77:01:af:db:b6:30:a5:50:8e:61:a6:32:55:f8:d6:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 24 00:00:00 2023 GMT
            Not After : May 27 23:59:59 2023 GMT
        Subject: serialNumber=a626d1e892d9924974f690092e528e01827e3ae5d65ba3375d5d052526c503bc, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e9:80:9d:23:be:93:24:e8:21:df:4c:6e:18:
                    2a:e5:7d:df:51:12:31:a9:6b:52:23:5e:05:ce:a8:
                    27:99:d1:ef:58:95:49:c6:bd:ce:d1:2e:0a:c9:d5:
                    fd:46:08:98:19:db:a2:fa:35:ec:92:76:9c:55:a4:
                    19:56:38:49:29:78:db:c3:0e:a7:43:82:3b:62:51:
                    8b:30:7f:e0:75:82:95:a0:db:41:d7:cf:cd:fb:df:
                    cd:c4:e8:3d:b6:87:00:3a:ad:cd:39:43:88:f1:7b:
                    8c:bc:c6:34:9b:0b:e6:e9:cc:06:cb:e5:c7:9b:26:
                    66:59:70:9d:61:64:51:f0:10:fa:91:48:53:eb:f7:
                    e6:63:4b:8e:30:c1:1a:a2:3e:84:f8:6f:90:4a:17:
                    57:f4:1b:d9:eb:0c:64:9c:00:d4:f9:92:86:a8:2b:
                    37:8d:11:07:0d:f0:dd:fe:1e:1d:e0:d5:23:97:cc:
                    b1:3e:d9:da:90:05:54:cd:be:92:48:64:76:c7:2d:
                    d8:2c:11:65:61:1a:df:76:c7:8e:b7:61:82:af:4b:
                    c9:1a:df:ef:d0:36:f6:d7:f4:e4:41:57:22:82:45:
                    3e:b0:e0:c5:d0:67:28:2e:d9:fe:ee:19:78:8e:c3:
                    54:7e:43:64:6e:aa:dc:ac:1c:70:30:ac:cf:fa:74:
                    a2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:65:F5:92:54:46:36:14:6A:56:E3:DD:9A:AF:5E:7E:D5:EE:C7:EE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/880ea828-78ac-42af-8105-77346868c69f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:38:c7:b2:c8:88:14:9a:a4:d7:6f:64:3f:b7:d0:b1:18:2b:
         fe:33:fe:8c:7b:c4:0d:24:de:53:4c:0f:4b:00:e1:34:e6:95:
         b6:91:70:cb:09:68:71:bf:b8:f2:76:d9:12:4d:f0:cd:a2:4a:
         e1:f2:06:3b:72:cd:2f:92:ae:88:13:f9:98:9e:e5:a0:e1:ef:
         30:2b:70:57:24:ae:99:d6:73:67:21:de:90:bf:65:92:af:ab:
         9c:31:6b:d2:56:51:86:a9:c3:23:5e:16:6b:0d:c9:78:ae:46:
         f2:dc:17:3a:ed:31:e1:1e:e8:be:ea:70:43:eb:75:39:2a:80:
         a8:0f:a7:9a:2c:93:73:b4:fa:15:42:76:30:d8:a3:77:51:37:
         86:3d:d0:f3:00:06:d5:8c:05:ee:40:91:af:1c:5d:da:08:b9:
         fc:51:85:ed:38:9a:a5:20:54:f3:4b:8e:a3:cd:3f:9e:27:54:
         dc:4e:2c:5d:97:b7:54:be:38:34:bc:f4:2d:f3:6f:69:d4:7e:
         96:60:5e:fd:48:97:30:41:60:ea:e7:15:90:d7:49:60:3a:d7:
         4a:2e:cb:c1:23:22:75:2d:fb:57:69:ab:8f:de:6c:22:65:22:
         e5:c1:b8:90:63:85:54:29:bf:25:13:5e:4a:31:d8:1a:9d:f2:
         6e:b5:b0:e5
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVFIKlXcBr9u2MKVQjmGmMlX41oswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI0MDAwMDAwWhcNMjMwNTI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTYyNmQxZTg5MmQ5OTI0OTc0ZjY5MDA5MmU1MjhlMDE4
MjdlM2FlNWQ2NWJhMzM3NWQ1ZDA1MjUyNmM1MDNiYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALvpgJ0jvpMk6CHfTG4YKuV931ESMalrUiNeBc6oJ5nR71iVSca9
ztEuCsnV/UYImBnbovo17JJ2nFWkGVY4SSl428MOp0OCO2JRizB/4HWClaDbQdfP
zfvfzcToPbaHADqtzTlDiPF7jLzGNJsL5unMBsvlx5smZllwnWFkUfAQ+pFIU+v3
5mNLjjDBGqI+hPhvkEoXV/Qb2esMZJwA1PmShqgrN40RBw3w3f4eHeDVI5fMsT7Z
2pAFVM2+kkhkdsct2CwRZWEa33bHjrdhgq9LyRrf79A29tf05EFXIoJFPrDgxdBn
KC7Z/u4ZeI7DVH5DZG6q3KwccDCsz/p0oocCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSpZfWSVEY2FGpW492ar15+1e7H7jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODgwZWE4MjgtNzhhYy00MmFmLTgxMDUtNzczNDY4NjhjNjlmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFU4x7LIiBSapNdv
ZD+30LEYK/4z/ox7xA0k3lNMD0sA4TTmlbaRcMsJaHG/uPJ22RJN8M2iSuHyBjty
zS+SrogT+Zie5aDh7zArcFckrpnWc2ch3pC/ZZKvq5wxa9JWUYapwyNeFmsNyXiu
RvLcFzrtMeEe6L7qcEPrdTkqgKgPp5osk3O0+hVCdjDYo3dRN4Y90PMABtWMBe5A
ka8cXdoIufxRhe04mqUgVPNLjqPNP54nVNxOLF2Xt1S+ODS89C3zb2nUfpZgXv1I
lzBBYOrnFZDXSWA610ouy8EjInUt+1dpq4/ebCJlIuXBuJBjhVQpvyUTXkox2Bqd
8m61sOU=
-----END CERTIFICATE-----