Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8db30a3f-44a4-4f9a-aaae-1d7ceda7ba2f.roa
File:                     8db30a3f-44a4-4f9a-aaae-1d7ceda7ba2f.roa (raw, json)
Hash identifier:          NDgeYviXowGcpfyJjtXKej1ltMAgHCX/kODxwN/XrNY=
Subject key identifier:   77:B8:7C:1E:74:2E:0E:2A:0A:5F:61:05:AC:57:99:6A:64:A1:35:9D
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2EE9810F3F3D5A1583900091D04473EBCAD37EF3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8db30a3f-44a4-4f9a-aaae-1d7ceda7ba2f.roa
Signing time:             Sat 20 May 2023 00:00:00 +0000
ROA not before:           Sat 20 May 2023 00:00:00 +0000
ROA not after:            Tue 23 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:e9:81:0f:3f:3d:5a:15:83:90:00:91:d0:44:73:eb:ca:d3:7e:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 20 00:00:00 2023 GMT
            Not After : May 23 23:59:59 2023 GMT
        Subject: serialNumber=e1541208b74319862c6877e7c34e6688c193452adc24a233e38c6c9ed29ff5c6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:97:9e:9c:74:42:26:8e:9e:5e:71:a5:c6:de:
                    68:94:87:48:b9:61:61:fd:4f:39:cb:f6:08:14:7a:
                    39:e1:7b:a3:c5:ce:ad:26:b1:b7:be:06:df:00:b7:
                    d0:f8:30:fa:32:2a:6f:a3:f4:b3:1d:bd:4b:93:9b:
                    9b:66:46:0a:52:30:3d:35:fb:63:cb:51:04:fc:b1:
                    43:18:29:0b:56:69:c3:9f:e1:d6:77:fc:94:3d:87:
                    a8:72:68:ae:0d:2e:d4:02:bf:6a:b3:8a:1b:4f:ba:
                    4f:53:6d:ce:78:bd:af:cf:3b:27:8f:d5:39:ff:c1:
                    6c:80:bc:c3:08:50:1b:58:76:8a:8a:a1:aa:3b:3d:
                    2b:a7:f7:63:05:dc:d2:11:cf:e8:03:9a:0c:0b:41:
                    31:18:1e:28:81:8b:34:08:0e:d5:be:f7:0e:93:c6:
                    fa:7d:c9:4c:74:36:2b:20:b5:51:9d:0c:4d:97:62:
                    43:2c:8f:f4:20:32:1f:42:3d:44:10:e3:54:33:15:
                    3a:57:0f:4d:ff:10:13:eb:ad:66:76:76:98:fd:5a:
                    c1:e9:2f:4d:27:9f:2a:1d:28:1f:6c:cc:22:a1:45:
                    9b:26:ae:83:42:df:49:4a:01:be:5b:e9:37:af:14:
                    df:fa:d9:68:76:8f:52:49:48:ef:30:b7:09:e4:75:
                    dc:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:B8:7C:1E:74:2E:0E:2A:0A:5F:61:05:AC:57:99:6A:64:A1:35:9D
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8db30a3f-44a4-4f9a-aaae-1d7ceda7ba2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:5b:1d:77:8d:f1:30:d0:80:bc:06:29:4e:f7:79:3a:eb:5a:
         95:d1:7d:c9:85:73:66:55:ce:c7:2b:4c:41:85:c1:4a:b6:7a:
         81:55:ff:6c:ab:69:72:69:03:0e:87:9c:4d:e8:0e:72:2c:6a:
         22:73:35:a0:38:6e:e7:35:5c:d9:84:da:99:ac:11:53:b1:05:
         0d:1c:f7:c6:57:05:bf:70:56:60:c6:e8:d8:5e:b3:c4:29:3e:
         84:61:6a:db:e7:64:d3:a0:74:39:a3:85:c0:3a:cd:5e:39:1d:
         fc:2a:6b:91:8d:55:c8:cc:0f:3c:61:e8:de:d1:22:eb:9b:bc:
         cb:c8:d0:cd:2e:d9:2a:7f:f5:17:1e:51:9f:bc:f3:d4:0a:d9:
         5a:91:b1:d5:3a:4b:c1:87:e6:4e:25:70:b4:bd:8c:ac:38:0e:
         c5:f5:df:14:2e:38:4e:cd:d7:9e:b9:ed:08:5d:4f:16:b4:f5:
         a1:c1:1f:a6:db:2e:d4:82:09:7c:cb:4e:c3:3f:5e:49:b4:3d:
         be:23:87:18:fe:f9:85:eb:c9:04:c8:1e:5c:4e:5a:b0:60:a1:
         1d:bf:29:57:80:23:58:17:ef:97:a5:1a:d8:cc:f5:bf:4f:f1:
         6e:60:4e:56:5c:11:02:12:b1:cc:29:60:e4:b1:d9:29:a3:92:
         67:49:43:28
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULumBDz89WhWDkACR0ERz68rTfvMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIwMDAwMDAwWhcNMjMwNTIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTE1NDEyMDhiNzQzMTk4NjJjNjg3N2U3YzM0ZTY2ODhj
MTkzNDUyYWRjMjRhMjMzZTM4YzZjOWVkMjlmZjVjNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALGXnpx0QiaOnl5xpcbeaJSHSLlhYf1POcv2CBR6OeF7o8XOrSax
t74G3wC30Pgw+jIqb6P0sx29S5Obm2ZGClIwPTX7Y8tRBPyxQxgpC1Zpw5/h1nf8
lD2HqHJorg0u1AK/arOKG0+6T1Ntzni9r887J4/VOf/BbIC8wwhQG1h2ioqhqjs9
K6f3YwXc0hHP6AOaDAtBMRgeKIGLNAgO1b73DpPG+n3JTHQ2KyC1UZ0MTZdiQyyP
9CAyH0I9RBDjVDMVOlcPTf8QE+utZnZ2mP1awekvTSefKh0oH2zMIqFFmyaug0Lf
SUoBvlvpN68U3/rZaHaPUklI7zC3CeR13B0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR3uHwedC4OKgpfYQWsV5lqZKE1nTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGRiMzBhM2YtNDRhNC00ZjlhLWFhYWUtMWQ3Y2VkYTdiYTJmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFBbHXeN8TDQgLwG
KU73eTrrWpXRfcmFc2ZVzscrTEGFwUq2eoFV/2yraXJpAw6HnE3oDnIsaiJzNaA4
buc1XNmE2pmsEVOxBQ0c98ZXBb9wVmDG6Nhes8QpPoRhatvnZNOgdDmjhcA6zV45
Hfwqa5GNVcjMDzxh6N7RIuubvMvI0M0u2Sp/9RceUZ+889QK2VqRsdU6S8GH5k4l
cLS9jKw4DsX13xQuOE7N15657QhdTxa09aHBH6bbLtSCCXzLTsM/Xkm0Pb4jhxj+
+YXryQTIHlxOWrBgoR2/KVeAI1gX75elGtjM9b9P8W5gTlZcEQISscwpYOSx2Smj
kmdJQyg=
-----END CERTIFICATE-----