Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a2374e98-46b6-44eb-8062-0ad3144f0a37.roa
File:                     a2374e98-46b6-44eb-8062-0ad3144f0a37.roa (raw, json)
Hash identifier:          Z9ElliIL8eSfZ4wFI2RO6z4C0kAXQVESXMu8TbFC2mg=
Subject key identifier:   43:2D:AB:23:E6:BC:A0:06:07:24:60:19:42:DB:6C:9D:96:23:DC:10
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       74D1927D8C7F7F446778D14D9C318B84387809EA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a2374e98-46b6-44eb-8062-0ad3144f0a37.roa
Signing time:             Wed 31 May 2023 00:00:00 +0000
ROA not before:           Wed 31 May 2023 00:00:00 +0000
ROA not after:            Sat 03 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:d1:92:7d:8c:7f:7f:44:67:78:d1:4d:9c:31:8b:84:38:78:09:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 31 00:00:00 2023 GMT
            Not After : Jun  3 23:59:59 2023 GMT
        Subject: serialNumber=1c1820197b1d5b572549b886ec718ca2d5cd01b8b4ecabc990c66bf934d2a809, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:44:13:54:04:f9:35:74:d3:b2:e8:fb:f8:e1:
                    f9:77:b6:71:7e:e0:72:f4:ec:b3:5c:2d:0f:13:fa:
                    5c:9f:31:32:fd:23:92:b7:fd:2c:13:04:2b:ce:eb:
                    93:3c:f3:0b:99:d3:bf:b3:a8:2c:ce:cc:11:84:e8:
                    ce:a0:9f:d1:19:3b:10:ff:cb:1b:00:ab:e3:72:ee:
                    b3:2f:14:29:48:78:fb:71:b5:7c:d4:06:72:f6:7d:
                    88:36:2f:55:d1:3d:b9:82:60:b8:7f:d1:86:a8:c1:
                    13:1e:c5:18:df:05:f1:54:41:da:e3:32:b7:8c:9e:
                    09:38:96:5e:ff:7c:2e:52:57:25:a4:75:35:8f:a4:
                    05:ef:c4:62:4b:51:b6:79:e9:ec:3b:39:58:63:49:
                    26:f0:58:c3:d6:0b:f6:60:20:35:2d:d9:9b:4c:67:
                    68:48:05:a6:d9:b9:2a:a5:58:4f:20:36:d3:30:fd:
                    3b:3e:8e:d5:21:04:26:80:55:52:94:56:ce:99:40:
                    55:2c:29:1d:9d:0f:c3:2f:5a:ad:50:a2:cd:ec:68:
                    d4:6b:00:a1:b4:73:ee:f7:9a:3f:75:00:b3:95:a2:
                    51:0c:2c:77:6d:0b:77:45:6e:70:2c:b4:d3:ab:04:
                    5f:f4:07:02:1c:91:e4:e8:c4:a9:3e:1d:93:28:08:
                    5a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:2D:AB:23:E6:BC:A0:06:07:24:60:19:42:DB:6C:9D:96:23:DC:10
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a2374e98-46b6-44eb-8062-0ad3144f0a37.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:36:ea:19:e9:73:d3:f7:70:5a:15:af:62:94:2a:37:00:fd:
         fc:9d:e4:63:a5:3b:e1:75:6b:c5:66:e1:db:bb:87:36:71:44:
         21:de:c5:79:05:5a:7b:99:05:2c:f6:2c:e1:92:d7:e9:cd:ce:
         14:0a:c1:d3:4d:f3:70:12:dd:39:4c:be:13:8e:15:3f:60:6e:
         30:81:cd:b3:b8:57:d0:ba:fd:78:e9:c9:b7:31:99:c4:55:27:
         4b:3b:16:38:f5:fa:e5:bc:5f:0b:61:65:05:62:ca:74:dc:3a:
         de:9a:ab:8d:fc:a8:cc:20:25:ac:6d:ec:74:af:aa:ff:3d:fa:
         26:2c:fc:72:de:68:0e:5d:c8:c7:1a:d2:4e:f5:38:72:23:43:
         90:bb:96:b3:09:65:f3:b3:d8:6e:50:9c:4c:ce:25:72:06:7d:
         a3:31:03:68:83:7c:0d:de:61:5e:c3:51:a1:f2:2b:38:fb:fc:
         3c:87:88:26:f8:4c:0e:63:55:0a:58:69:0c:12:77:c1:7d:0d:
         a1:28:f9:f1:c6:1a:c0:93:9f:c7:49:31:de:60:16:9e:18:f5:
         10:c8:86:cb:93:73:20:08:2d:1a:f5:43:10:1f:ef:a5:f6:6b:
         06:82:e6:7f:0f:c2:a1:fd:c7:24:2e:58:ca:05:45:4b:f7:f5:
         ea:b8:04:85
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdNGSfYx/f0RneNFNnDGLhDh4CeowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTMxMDAwMDAwWhcNMjMwNjAzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWMxODIwMTk3YjFkNWI1NzI1NDliODg2ZWM3MThjYTJk
NWNkMDFiOGI0ZWNhYmM5OTBjNjZiZjkzNGQyYTgwOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN9EE1QE+TV007Lo+/jh+Xe2cX7gcvTss1wtDxP6XJ8xMv0jkrf9
LBMEK87rkzzzC5nTv7OoLM7MEYTozqCf0Rk7EP/LGwCr43Lusy8UKUh4+3G1fNQG
cvZ9iDYvVdE9uYJguH/RhqjBEx7FGN8F8VRB2uMyt4yeCTiWXv98LlJXJaR1NY+k
Be/EYktRtnnp7Ds5WGNJJvBYw9YL9mAgNS3Zm0xnaEgFptm5KqVYTyA20zD9Oz6O
1SEEJoBVUpRWzplAVSwpHZ0Pwy9arVCizexo1GsAobRz7veaP3UAs5WiUQwsd20L
d0VucCy006sEX/QHAhyR5OjEqT4dkygIWvsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRDLasj5rygBgckYBlC22ydliPcEDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTIzNzRlOTgtNDZiNi00NGViLTgwNjItMGFkMzE0NGYwYTM3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALo26hnpc9P3cFoV
r2KUKjcA/fyd5GOlO+F1a8Vm4du7hzZxRCHexXkFWnuZBSz2LOGS1+nNzhQKwdNN
83AS3TlMvhOOFT9gbjCBzbO4V9C6/XjpybcxmcRVJ0s7Fjj1+uW8XwthZQViynTc
Ot6aq438qMwgJaxt7HSvqv89+iYs/HLeaA5dyMca0k71OHIjQ5C7lrMJZfOz2G5Q
nEzOJXIGfaMxA2iDfA3eYV7DUaHyKzj7/DyHiCb4TA5jVQpYaQwSd8F9DaEo+fHG
GsCTn8dJMd5gFp4Y9RDIhsuTcyAILRr1QxAf76X2awaC5n8PwqH9xyQuWMoFRUv3
9eq4BIU=
-----END CERTIFICATE-----