Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4feb79c-b826-44fe-a2a0-907855060f7c.roa
File:                     a4feb79c-b826-44fe-a2a0-907855060f7c.roa (raw, json)
Hash identifier:          txDyTUcII/qBxJ3+feJ5FPiETYFkfPBBQzzq57iqLOg=
Subject key identifier:   6E:FD:6F:87:80:99:3B:B1:AB:4C:FC:CE:2E:B8:77:7A:7B:79:EA:78
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6343F6E220A207B2DD4600D706168D4EE734F3DA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4feb79c-b826-44fe-a2a0-907855060f7c.roa
Signing time:             Sun 14 May 2023 00:00:00 +0000
ROA not before:           Sun 14 May 2023 00:00:00 +0000
ROA not after:            Wed 17 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:43:f6:e2:20:a2:07:b2:dd:46:00:d7:06:16:8d:4e:e7:34:f3:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 14 00:00:00 2023 GMT
            Not After : May 17 23:59:59 2023 GMT
        Subject: serialNumber=58d3774bd0e110f30279f0f6e8826ecfc002371c5a1c0b62c6a80bd1c10f9e07, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:85:be:22:0e:fd:13:cb:19:f4:d1:21:58:a7:
                    e8:9d:9e:4f:2a:85:63:ca:77:84:3c:fe:2a:0f:e7:
                    fe:38:21:d9:0e:16:27:c0:56:1d:74:9c:fe:d2:9f:
                    66:26:da:3c:84:d5:49:28:68:f9:03:25:0b:e0:c7:
                    5d:64:fe:e7:37:a9:07:29:3e:fe:ce:cf:83:1b:7f:
                    b0:34:f5:ec:67:3f:0d:cb:a4:29:d5:7e:ba:62:92:
                    8a:52:8f:96:6d:78:16:c8:10:02:d2:ef:2b:ba:5a:
                    0d:7e:bd:28:92:26:af:f5:cd:94:fa:e9:77:12:cd:
                    75:ac:89:d6:9a:2b:2c:b9:4e:a8:d4:c9:22:4a:2d:
                    de:5d:13:58:e6:aa:5b:ab:27:f7:df:48:bf:7e:54:
                    49:9a:0b:2f:66:2c:75:d8:b1:3d:ed:04:a8:98:a3:
                    fd:7b:2c:36:9c:5f:98:10:61:90:7b:85:de:c1:57:
                    e1:c3:92:ba:ef:96:79:aa:a8:e7:c8:5b:78:56:89:
                    05:28:5f:24:17:38:64:1d:13:1c:2a:59:61:d8:cf:
                    52:84:95:8d:48:a1:63:f1:d9:ec:dc:7a:ee:b0:55:
                    17:1c:e6:5e:e3:90:96:76:18:37:5a:42:64:32:d1:
                    f4:3c:88:54:37:2f:0d:2d:5f:8e:ce:4c:90:cd:68:
                    89:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:FD:6F:87:80:99:3B:B1:AB:4C:FC:CE:2E:B8:77:7A:7B:79:EA:78
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4feb79c-b826-44fe-a2a0-907855060f7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:9e:b4:08:ad:5d:a9:f4:e3:4e:6f:ae:09:3a:34:c4:c2:71:
         6a:c5:0d:eb:a7:75:d4:42:92:60:75:43:bf:94:18:cd:8f:1b:
         fa:71:68:65:8a:89:6b:d5:28:e0:7d:c8:9f:47:26:8b:bc:e4:
         7a:ed:aa:4e:f4:24:d5:d3:03:6c:b1:fb:70:bb:82:56:fc:0d:
         9b:6f:3b:72:76:b5:6c:2e:1b:82:89:26:92:1a:25:06:83:e6:
         60:7b:1f:cb:af:28:75:2b:48:af:37:62:af:7b:ee:ff:34:7c:
         e6:10:13:34:69:1c:1f:ca:ef:77:5a:c3:b2:15:86:10:be:82:
         2d:a8:73:dd:1f:37:e4:ce:ee:68:12:ba:e1:dc:06:54:37:89:
         f7:17:dc:d7:a6:8a:6f:9a:8c:3c:eb:06:87:88:7f:02:a1:17:
         14:e4:7e:3a:bf:fa:11:32:1e:e3:a6:d9:c8:cc:5f:64:ed:fa:
         ca:3d:7b:17:d0:cd:c7:7e:30:49:f8:a4:99:41:f1:fe:09:64:
         f3:f9:f1:58:32:80:ed:94:ba:f7:bb:83:de:dd:60:54:b6:fc:
         0d:7e:c9:76:7c:6f:99:12:fe:37:45:16:31:ee:78:da:8f:eb:
         62:61:9b:83:ba:75:1f:8c:cb:ee:72:00:50:32:51:d9:e9:d2:
         b9:53:85:d5
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUY0P24iCiB7LdRgDXBhaNTuc089owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE0MDAwMDAwWhcNMjMwNTE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANThkMzc3NGJkMGUxMTBmMzAyNzlmMGY2ZTg4MjZlY2Zj
MDAyMzcxYzVhMWMwYjYyYzZhODBiZDFjMTBmOWUwNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALKFviIO/RPLGfTRIVin6J2eTyqFY8p3hDz+Kg/n/jgh2Q4WJ8BW
HXSc/tKfZibaPITVSSho+QMlC+DHXWT+5zepByk+/s7Pgxt/sDT17Gc/DcukKdV+
umKSilKPlm14FsgQAtLvK7paDX69KJImr/XNlPrpdxLNdayJ1porLLlOqNTJIkot
3l0TWOaqW6sn999Iv35USZoLL2YsddixPe0EqJij/XssNpxfmBBhkHuF3sFX4cOS
uu+Weaqo58hbeFaJBShfJBc4ZB0THCpZYdjPUoSVjUihY/HZ7Nx67rBVFxzmXuOQ
lnYYN1pCZDLR9DyIVDcvDS1fjs5MkM1oiZMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRu/W+HgJk7satM/M4uuHd6e3nqeDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTRmZWI3OWMtYjgyNi00NGZlLWEyYTAtOTA3ODU1MDYwZjdjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGuetAitXan0405v
rgk6NMTCcWrFDeunddRCkmB1Q7+UGM2PG/pxaGWKiWvVKOB9yJ9HJou85Hrtqk70
JNXTA2yx+3C7glb8DZtvO3J2tWwuG4KJJpIaJQaD5mB7H8uvKHUrSK83Yq977v80
fOYQEzRpHB/K73daw7IVhhC+gi2oc90fN+TO7mgSuuHcBlQ3ifcX3Nemim+ajDzr
BoeIfwKhFxTkfjq/+hEyHuOm2cjMX2Tt+so9exfQzcd+MEn4pJlB8f4JZPP58Vgy
gO2Uuve7g97dYFS2/A1+yXZ8b5kS/jdFFjHueNqP62Jhm4O6dR+My+5yAFAyUdnp
0rlThdU=
-----END CERTIFICATE-----