Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/96491e51-d777-441d-a70a-e306527eb669.roa
File:                     96491e51-d777-441d-a70a-e306527eb669.roa (raw, json)
Hash identifier:          ccDxiVv32CL7FKMxeyLFExOfqQkic7MfSqdHuJBiw0E=
Subject key identifier:   2C:DE:DB:FD:C3:71:9E:80:37:2F:FA:A1:AC:A4:9F:72:A8:78:36:58
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2A7DBB8B01988200BA912851533A055A1FDCB296
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/96491e51-d777-441d-a70a-e306527eb669.roa
Signing time:             Sat 27 May 2023 00:00:00 +0000
ROA not before:           Sat 27 May 2023 00:00:00 +0000
ROA not after:            Tue 30 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:7d:bb:8b:01:98:82:00:ba:91:28:51:53:3a:05:5a:1f:dc:b2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 27 00:00:00 2023 GMT
            Not After : May 30 23:59:59 2023 GMT
        Subject: serialNumber=e94aac87caa3894a3fe02e95ea643b295dafdd1c1f071e62a02a768abd0dcd31, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4d:03:fa:8d:73:75:df:da:7e:22:dc:6c:83:
                    48:3e:60:83:c3:0c:af:8f:8d:32:29:33:7d:e6:75:
                    22:a8:b0:7f:ba:d8:09:2c:1a:1c:2e:53:7e:1f:82:
                    cb:4d:b5:85:ea:fe:af:9d:6d:96:05:24:9a:68:c1:
                    8a:37:3c:f4:8b:6c:05:39:39:9e:58:77:27:f1:b2:
                    f4:a5:27:2f:5a:c1:02:ad:73:8e:01:21:33:8d:1f:
                    72:8e:f9:f4:2e:bc:30:a5:e8:8a:35:c5:ef:7b:75:
                    58:5f:97:61:4d:bb:c3:b2:23:db:17:71:60:1f:70:
                    12:28:cb:b7:73:7e:6d:66:98:19:fb:df:cc:9e:4c:
                    28:4a:8d:2d:cf:0b:64:5e:66:db:5a:4f:99:5b:d0:
                    62:f8:fd:de:69:ca:8b:45:17:07:43:6b:36:46:73:
                    e6:68:71:83:ee:a1:66:18:08:65:08:c0:33:ad:3c:
                    bd:3e:d3:22:b6:ef:89:17:72:72:dd:ea:70:a2:d5:
                    63:b7:76:89:6f:76:8f:91:e6:39:42:33:31:15:dd:
                    64:b0:1f:55:64:d3:0e:95:fb:83:b4:32:20:4e:d9:
                    60:bc:07:55:ae:11:83:09:50:0f:ef:db:d7:85:33:
                    42:ba:56:00:ca:69:4e:2b:78:3a:65:dd:2f:62:10:
                    d1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:DE:DB:FD:C3:71:9E:80:37:2F:FA:A1:AC:A4:9F:72:A8:78:36:58
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/96491e51-d777-441d-a70a-e306527eb669.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:74:7e:ab:8e:67:1f:1c:a4:4b:cd:b3:26:6c:1f:0b:59:3b:
         d9:dc:26:e4:0e:1c:3e:3a:b5:c9:03:27:7a:d4:1b:8b:1f:1b:
         c7:98:f2:94:ff:79:cc:90:8f:63:33:65:00:0c:5c:52:6c:19:
         a1:6e:96:3e:3b:69:a6:93:6c:55:25:44:61:f2:e7:e6:fd:d0:
         11:a3:da:69:ed:33:af:f8:ad:e1:27:fa:2d:33:15:e8:25:d9:
         37:88:6b:b2:88:cf:7b:fc:54:8d:46:d2:19:66:61:6e:07:91:
         3d:55:91:a6:44:8f:14:d2:d6:e0:20:cf:e7:64:b3:3b:c8:f5:
         3b:29:53:ba:d9:fd:aa:76:d4:71:58:3e:09:5f:b6:ff:77:a6:
         ca:3c:4a:b5:b7:8b:30:5c:eb:88:43:a7:32:1e:b1:0b:20:41:
         5b:27:ec:98:36:df:b7:0a:8f:23:85:4a:44:c7:2c:3a:3e:8f:
         59:25:eb:9a:bc:76:f5:28:f8:45:30:fb:92:62:11:43:1d:0e:
         1b:14:00:a4:ba:14:26:38:9d:71:87:e6:4d:17:e0:ac:3e:cb:
         d0:c5:a0:8a:a0:e6:8d:ef:4d:ac:7c:22:e2:72:77:27:91:1c:
         36:cd:be:8c:0a:d8:49:69:c8:83:b8:3b:46:aa:31:7a:8b:17:
         25:50:46:71
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKn27iwGYggC6kShRUzoFWh/cspYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI3MDAwMDAwWhcNMjMwNTMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTk0YWFjODdjYWEzODk0YTNmZTAyZTk1ZWE2NDNiMjk1
ZGFmZGQxYzFmMDcxZTYyYTAyYTc2OGFiZDBkY2QzMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALFNA/qNc3Xf2n4i3GyDSD5gg8MMr4+NMikzfeZ1Iqiwf7rYCSwa
HC5Tfh+Cy021her+r51tlgUkmmjBijc89ItsBTk5nlh3J/Gy9KUnL1rBAq1zjgEh
M40fco759C68MKXoijXF73t1WF+XYU27w7Ij2xdxYB9wEijLt3N+bWaYGfvfzJ5M
KEqNLc8LZF5m21pPmVvQYvj93mnKi0UXB0NrNkZz5mhxg+6hZhgIZQjAM608vT7T
IrbviRdyct3qcKLVY7d2iW92j5HmOUIzMRXdZLAfVWTTDpX7g7QyIE7ZYLwHVa4R
gwlQD+/b14UzQrpWAMppTit4OmXdL2IQ0fECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQs3tv9w3GegDcv+qGspJ9yqHg2WDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTY0OTFlNTEtZDc3Ny00NDFkLWE3MGEtZTMwNjUyN2ViNjY5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJd0fquOZx8cpEvN
syZsHwtZO9ncJuQOHD46tckDJ3rUG4sfG8eY8pT/ecyQj2MzZQAMXFJsGaFulj47
aaaTbFUlRGHy5+b90BGj2mntM6/4reEn+i0zFegl2TeIa7KIz3v8VI1G0hlmYW4H
kT1VkaZEjxTS1uAgz+dkszvI9TspU7rZ/ap21HFYPglftv93pso8SrW3izBc64hD
pzIesQsgQVsn7Jg237cKjyOFSkTHLDo+j1kl65q8dvUo+EUw+5JiEUMdDhsUAKS6
FCY4nXGH5k0X4Kw+y9DFoIqg5o3vTax8IuJydyeRHDbNvowK2ElpyIO4O0aqMXqL
FyVQRnE=
-----END CERTIFICATE-----