Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/957691aa-53fb-4203-aab7-4ea7edd31ba0.roa
File:                     957691aa-53fb-4203-aab7-4ea7edd31ba0.roa (raw, json)
Hash identifier:          akhi/Q0kppVnh+Z30pGYTfoQR/BpfCpy4OWBU8ZvM08=
Subject key identifier:   07:F0:2F:1E:F4:EB:03:53:39:ED:0B:9E:8A:C9:E6:D0:99:35:9E:36
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2200B07326F3882D61958B2BC2FC5292816C9A43
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/957691aa-53fb-4203-aab7-4ea7edd31ba0.roa
Signing time:             Wed 24 May 2023 00:00:00 +0000
ROA not before:           Wed 24 May 2023 00:00:00 +0000
ROA not after:            Sat 27 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:00:b0:73:26:f3:88:2d:61:95:8b:2b:c2:fc:52:92:81:6c:9a:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 24 00:00:00 2023 GMT
            Not After : May 27 23:59:59 2023 GMT
        Subject: serialNumber=2a7932de3b14a7ecf8c13771ea2dc29855965549d251176cbc451f8ec38d26e8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:66:64:91:26:e9:f2:95:34:58:d1:17:d9:6f:
                    7e:7c:a5:1a:ea:f9:49:e8:ed:24:e8:8c:89:87:c6:
                    a6:37:77:25:7f:64:d5:85:99:37:9d:2b:81:00:4b:
                    b7:57:11:aa:07:1f:6f:4a:ef:8a:69:ee:a6:02:bc:
                    1c:ae:ed:18:da:fb:ae:da:78:7f:b8:de:3f:4e:c8:
                    58:47:95:53:ed:f7:ab:00:b6:24:77:2b:64:8b:72:
                    f9:10:6a:51:61:57:38:10:84:6a:7a:95:eb:6b:63:
                    e1:d6:c6:2e:20:13:f9:10:9a:43:9d:df:7e:26:27:
                    e1:5e:78:24:51:8b:06:bd:1e:57:f7:a4:c4:68:1d:
                    54:cf:42:28:d9:16:b6:7d:d7:f7:68:7b:fb:f6:90:
                    83:5d:55:10:86:8e:b2:89:ef:84:ff:b6:b6:38:f2:
                    2e:6f:4f:60:7a:f3:87:cb:d1:18:7c:02:2b:3f:06:
                    c0:5d:f3:22:d3:76:70:71:5c:9a:c3:e9:7c:eb:a7:
                    ac:a7:b2:ce:c7:15:be:75:b2:ea:15:e4:35:b9:00:
                    e7:41:bc:0e:8f:3d:61:b5:98:51:b7:e0:aa:73:86:
                    90:75:0b:8c:26:c3:7b:21:ee:e9:7c:d0:45:65:72:
                    93:d1:da:e6:bb:46:d2:33:91:4d:5e:d4:9e:bf:51:
                    bf:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:F0:2F:1E:F4:EB:03:53:39:ED:0B:9E:8A:C9:E6:D0:99:35:9E:36
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/957691aa-53fb-4203-aab7-4ea7edd31ba0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:33:92:ff:f7:91:74:bb:57:24:e6:e0:ea:ab:cd:67:cd:9d:
         ef:cf:bc:fc:53:49:2a:d8:dc:46:0c:93:fe:71:78:92:21:2a:
         99:15:7e:db:da:e3:a3:51:8b:13:36:65:d5:19:72:12:86:c2:
         cb:c2:10:0e:87:a4:93:30:36:b8:00:af:ad:8f:61:cd:b9:bd:
         25:ea:26:bb:1b:eb:97:e3:96:8a:9e:2c:41:e9:99:28:79:ce:
         7d:8e:ff:05:47:ae:cd:30:8c:84:32:32:fd:4f:de:ca:ea:7d:
         63:1a:84:65:f1:7e:d0:3a:ad:16:cc:0f:38:dc:0a:39:e4:57:
         29:30:11:6b:94:59:4c:a0:33:2d:4c:f6:7f:4e:74:be:69:63:
         bf:5a:fe:c4:66:b2:03:f7:bd:02:eb:06:61:b2:da:3a:86:24:
         6e:11:37:34:4d:dc:0d:81:ba:15:ea:53:61:a8:f7:ec:ff:76:
         72:69:2c:9d:2e:2c:da:56:88:81:39:f3:69:b4:61:b1:00:6f:
         91:01:4e:ec:ba:30:ee:e3:24:c3:b6:61:9e:d3:2f:76:0f:2f:
         7d:76:04:46:d8:b3:62:b5:68:a7:51:b8:f8:19:44:02:5e:4b:
         a8:13:bd:a8:75:88:a6:25:cd:b0:21:71:e2:b8:65:36:82:c9:
         8a:65:14:22
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIgCwcybziC1hlYsrwvxSkoFsmkMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI0MDAwMDAwWhcNMjMwNTI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmE3OTMyZGUzYjE0YTdlY2Y4YzEzNzcxZWEyZGMyOTg1
NTk2NTU0OWQyNTExNzZjYmM0NTFmOGVjMzhkMjZlODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOhmZJEm6fKVNFjRF9lvfnylGur5SejtJOiMiYfGpjd3JX9k1YWZ
N50rgQBLt1cRqgcfb0rvimnupgK8HK7tGNr7rtp4f7jeP07IWEeVU+33qwC2JHcr
ZIty+RBqUWFXOBCEanqV62tj4dbGLiAT+RCaQ53ffiYn4V54JFGLBr0eV/ekxGgd
VM9CKNkWtn3X92h7+/aQg11VEIaOsonvhP+2tjjyLm9PYHrzh8vRGHwCKz8GwF3z
ItN2cHFcmsPpfOunrKeyzscVvnWy6hXkNbkA50G8Do89YbWYUbfgqnOGkHULjCbD
eyHu6XzQRWVyk9Ha5rtG0jORTV7Unr9Rv8ECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQH8C8e9OsDUzntC56KyebQmTWeNjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTU3NjkxYWEtNTNmYi00MjAzLWFhYjctNGVhN2VkZDMxYmEwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIQzkv/3kXS7VyTm
4OqrzWfNne/PvPxTSSrY3EYMk/5xeJIhKpkVftva46NRixM2ZdUZchKGwsvCEA6H
pJMwNrgAr62PYc25vSXqJrsb65fjloqeLEHpmSh5zn2O/wVHrs0wjIQyMv1P3srq
fWMahGXxftA6rRbMDzjcCjnkVykwEWuUWUygMy1M9n9OdL5pY79a/sRmsgP3vQLr
BmGy2jqGJG4RNzRN3A2BuhXqU2Go9+z/dnJpLJ0uLNpWiIE582m0YbEAb5EBTuy6
MO7jJMO2YZ7TL3YPL312BEbYs2K1aKdRuPgZRAJeS6gTvah1iKYlzbAhceK4ZTaC
yYplFCI=
-----END CERTIFICATE-----