Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a45e8251-4fe9-47a8-964a-dd1c44b78850.roa
File:                     a45e8251-4fe9-47a8-964a-dd1c44b78850.roa (raw, json)
Hash identifier:          1Zn66otJwJvo5ZreG6uNG1xJDZ/KRcDeKDpd58CF+dY=
Subject key identifier:   61:23:27:44:AB:D1:9C:63:4F:09:93:E5:2C:5D:9A:C6:CA:0F:7D:00
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       241EBF98DE59729092A3AEEEFD0764A28F7F6E6E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a45e8251-4fe9-47a8-964a-dd1c44b78850.roa
Signing time:             Wed 31 May 2023 00:00:00 +0000
ROA not before:           Wed 31 May 2023 00:00:00 +0000
ROA not after:            Sat 03 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:1e:bf:98:de:59:72:90:92:a3:ae:ee:fd:07:64:a2:8f:7f:6e:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 31 00:00:00 2023 GMT
            Not After : Jun  3 23:59:59 2023 GMT
        Subject: serialNumber=4065a4c9057396619df61ddaa405188ab0a0b3b2c3d6ea4be4337deb1ff2e8cc, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4e:dd:f1:b0:de:55:eb:c2:aa:99:29:27:dd:
                    d8:39:c8:2b:9e:26:16:0f:b4:34:40:8f:68:a7:7c:
                    f2:6c:c8:81:9a:53:f0:d8:d9:19:18:97:45:d2:d8:
                    89:1e:4d:fd:f0:bf:0a:27:89:c7:08:7e:7f:bc:64:
                    e8:6f:16:cf:66:c9:30:b2:4d:ab:ed:e9:cc:3c:81:
                    c4:fb:33:d5:60:df:a9:b6:f2:cb:38:7b:9b:91:cd:
                    04:99:5e:bc:16:78:52:94:c8:db:70:7e:00:85:de:
                    43:15:1b:69:53:84:29:85:28:22:ab:25:9a:a0:5c:
                    d1:86:32:71:9e:e7:fd:97:d4:08:7d:f0:b9:e3:74:
                    3d:cc:a2:cc:70:d0:5b:18:75:87:1a:35:21:93:7a:
                    4e:7a:48:a5:80:9a:ea:70:3a:fe:3e:03:c6:02:62:
                    91:0d:e4:e5:19:8c:67:db:b4:4b:0f:c6:ad:19:a4:
                    76:1f:30:29:2c:1b:12:6b:5e:ab:e4:aa:98:4f:61:
                    51:12:e5:a4:76:12:ba:f1:bc:19:5f:29:bd:39:39:
                    6b:78:24:64:ca:31:ee:23:a5:32:3c:40:eb:cc:4a:
                    df:d0:6d:da:40:3e:89:cd:2b:a8:bf:a4:8b:7e:a1:
                    af:0f:aa:90:05:14:17:0c:2d:3e:81:4e:1e:d1:d3:
                    4d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:23:27:44:AB:D1:9C:63:4F:09:93:E5:2C:5D:9A:C6:CA:0F:7D:00
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a45e8251-4fe9-47a8-964a-dd1c44b78850.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:31:fe:82:0f:30:84:5b:39:9e:d1:60:21:d7:8e:fe:97:de:
         4c:42:1c:04:7c:a7:83:f1:ef:91:af:ff:5e:85:39:8b:1a:2f:
         7d:20:6f:58:f5:55:2c:5d:c2:8e:c1:7a:e7:69:5a:36:7c:63:
         54:54:f8:03:f8:cf:b9:58:f2:77:3a:8c:02:06:61:45:7d:c1:
         7e:08:f6:c4:64:14:18:b5:a3:b3:7d:30:b3:1e:5e:f8:a3:27:
         72:7b:7a:48:9e:c9:f6:7b:36:23:83:85:ab:0c:2e:86:a9:4c:
         06:3d:92:73:e2:3d:14:e0:2f:e0:c2:1d:fe:98:ad:a1:2d:07:
         5c:62:f5:89:0e:4c:a0:84:ec:4c:75:d6:aa:cd:fb:bf:ca:16:
         b3:b3:23:65:27:81:be:b6:77:ed:39:95:82:7e:3a:85:b7:cf:
         91:a6:a4:67:66:14:39:9a:19:f3:b3:bc:74:b3:51:7d:75:d1:
         d0:be:1f:14:e4:87:08:87:fa:30:5d:89:cb:a6:51:a0:6d:5f:
         d9:89:3e:e3:a5:1a:c9:de:e9:b5:a9:94:36:a9:4b:4e:fa:54:
         58:1a:e9:bd:a7:62:54:98:84:f0:46:84:61:22:77:79:94:ea:
         1f:72:43:fb:10:e0:9d:5c:69:b5:f0:ce:0c:61:83:56:f1:e4:
         d5:1e:ce:94
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJB6/mN5ZcpCSo67u/Qdkoo9/bm4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTMxMDAwMDAwWhcNMjMwNjAzMjM1OTU5
WjCBpTFJMEcGA1UEBRNANDA2NWE0YzkwNTczOTY2MTlkZjYxZGRhYTQwNTE4OGFi
MGEwYjNiMmMzZDZlYTRiZTQzMzdkZWIxZmYyZThjYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJJO3fGw3lXrwqqZKSfd2DnIK54mFg+0NECPaKd88mzIgZpT8NjZ
GRiXRdLYiR5N/fC/CieJxwh+f7xk6G8Wz2bJMLJNq+3pzDyBxPsz1WDfqbbyyzh7
m5HNBJlevBZ4UpTI23B+AIXeQxUbaVOEKYUoIqslmqBc0YYycZ7n/ZfUCH3wueN0
PcyizHDQWxh1hxo1IZN6TnpIpYCa6nA6/j4DxgJikQ3k5RmMZ9u0Sw/GrRmkdh8w
KSwbEmteq+SqmE9hURLlpHYSuvG8GV8pvTk5a3gkZMox7iOlMjxA68xK39Bt2kA+
ic0rqL+ki36hrw+qkAUUFwwtPoFOHtHTTbUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRhIydEq9GcY08Jk+UsXZrGyg99ADAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTQ1ZTgyNTEtNGZlOS00N2E4LTk2NGEtZGQxYzQ0Yjc4ODUwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIox/oIPMIRbOZ7R
YCHXjv6X3kxCHAR8p4Px75Gv/16FOYsaL30gb1j1VSxdwo7BeudpWjZ8Y1RU+AP4
z7lY8nc6jAIGYUV9wX4I9sRkFBi1o7N9MLMeXvijJ3J7ekieyfZ7NiODhasMLoap
TAY9knPiPRTgL+DCHf6YraEtB1xi9YkOTKCE7Ex11qrN+7/KFrOzI2Ungb62d+05
lYJ+OoW3z5GmpGdmFDmaGfOzvHSzUX110dC+HxTkhwiH+jBdicumUaBtX9mJPuOl
Gsne6bWplDapS076VFga6b2nYlSYhPBGhGEid3mU6h9yQ/sQ4J1cabXwzgxhg1bx
5NUezpQ=
-----END CERTIFICATE-----