Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/acef440b-0f07-4ebc-9517-11b1fa66eb65.roa
File:                     acef440b-0f07-4ebc-9517-11b1fa66eb65.roa (raw, json)
Hash identifier:          KBH1ka5JKCVlWUK7DzgzlDReUeg/6+hJToC2fjF6XcQ=
Subject key identifier:   13:61:4A:2E:99:65:2D:29:D9:AA:6B:AD:ED:6C:38:27:D8:FE:70:BD
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       062024E912E6B4D03023EE247E8BD8CE68FE7BA2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/acef440b-0f07-4ebc-9517-11b1fa66eb65.roa
Signing time:             Fri 12 May 2023 00:00:00 +0000
ROA not before:           Fri 12 May 2023 00:00:00 +0000
ROA not after:            Mon 15 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:20:24:e9:12:e6:b4:d0:30:23:ee:24:7e:8b:d8:ce:68:fe:7b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 12 00:00:00 2023 GMT
            Not After : May 15 23:59:59 2023 GMT
        Subject: serialNumber=1cd92362eab640b0e749ebf221b841ef73d7ea0d2cf42be0090c3ec55740bd5b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:40:b7:8e:ba:2f:50:a9:22:5f:93:97:02:28:
                    cd:d8:35:ce:2e:73:3f:73:93:a3:f9:a9:8c:d5:bd:
                    57:ae:ab:99:0e:ae:e0:8f:c3:69:ce:35:b4:0b:9d:
                    44:af:17:c4:e3:a1:d7:7f:a3:06:32:84:35:cc:40:
                    56:86:0a:24:d4:3a:50:b1:64:ee:36:28:fc:94:bd:
                    20:14:26:94:c8:35:7f:ca:4d:1b:81:35:69:75:03:
                    ec:39:7b:1c:3a:56:42:43:35:5f:1e:62:8c:9a:06:
                    4c:bc:fb:ab:03:53:39:73:c1:fe:8d:5a:ad:17:65:
                    73:1e:b7:32:b2:3d:cb:af:c6:ad:83:5f:2e:4d:d1:
                    66:83:1d:31:79:1c:b7:3f:9c:44:90:e1:27:c3:aa:
                    24:12:d0:48:5c:e4:60:ea:be:ac:f9:5b:db:f9:c4:
                    8c:29:29:b7:0c:1b:e9:97:df:5c:27:48:fe:8d:67:
                    b8:21:69:37:ab:05:c7:54:87:e6:f4:f7:ec:44:7d:
                    64:a7:02:ae:03:30:6c:1f:69:db:96:0d:a7:c1:10:
                    e0:fb:27:56:19:86:22:56:d7:cf:66:70:a0:d3:c0:
                    0f:85:02:f6:26:71:a0:c7:56:b4:72:ca:b4:77:db:
                    4a:58:06:d7:77:92:ac:eb:fc:45:c3:36:78:ac:8c:
                    04:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:61:4A:2E:99:65:2D:29:D9:AA:6B:AD:ED:6C:38:27:D8:FE:70:BD
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/acef440b-0f07-4ebc-9517-11b1fa66eb65.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:81:e0:02:7e:57:2a:b2:37:34:08:42:9a:a7:40:6c:da:3d:
         45:e0:8d:a7:51:d2:30:59:04:2c:66:e3:eb:ec:f0:f6:e4:8d:
         42:b3:40:46:44:ea:a5:56:57:6f:b0:e7:7e:82:a9:8a:03:9f:
         e7:15:6d:f5:1e:3a:7a:98:7b:63:fd:8d:ff:43:f8:1f:b0:86:
         52:33:89:1a:8d:37:12:f1:55:44:c3:9a:f3:4e:67:ea:ea:27:
         16:6f:71:80:1a:0a:f6:3e:af:f8:25:73:eb:86:1d:bd:4d:42:
         8a:aa:04:32:26:93:c1:48:21:e0:0b:b5:65:66:d3:0c:f8:07:
         3c:ca:8a:58:1e:20:b4:d4:bd:99:6d:7e:61:0e:94:af:15:0a:
         7d:dc:37:9e:9f:f2:50:44:90:a1:d2:ed:e1:21:ff:5e:a7:b4:
         b5:ff:98:95:66:ac:5b:af:08:e8:a5:b1:e1:c7:98:6b:4b:b6:
         ea:24:5d:ac:45:5e:e6:1f:49:4e:b4:fa:a3:61:bc:36:08:d6:
         6f:77:58:0c:b4:41:6d:c1:09:bf:92:ce:3e:f3:c6:87:d7:b2:
         a4:a3:51:ca:15:f7:34:d6:7a:9f:1b:56:5f:d4:10:75:98:2b:
         54:c3:f3:48:8d:d1:ef:fa:04:65:e3:83:08:94:61:84:13:e0:
         e8:bb:47:74
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBiAk6RLmtNAwI+4kfovYzmj+e6IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTEyMDAwMDAwWhcNMjMwNTE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWNkOTIzNjJlYWI2NDBiMGU3NDllYmYyMjFiODQxZWY3
M2Q3ZWEwZDJjZjQyYmUwMDkwYzNlYzU1NzQwYmQ1YjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOlAt466L1CpIl+TlwIozdg1zi5zP3OTo/mpjNW9V66rmQ6u4I/D
ac41tAudRK8XxOOh13+jBjKENcxAVoYKJNQ6ULFk7jYo/JS9IBQmlMg1f8pNG4E1
aXUD7Dl7HDpWQkM1Xx5ijJoGTLz7qwNTOXPB/o1arRdlcx63MrI9y6/GrYNfLk3R
ZoMdMXkctz+cRJDhJ8OqJBLQSFzkYOq+rPlb2/nEjCkptwwb6ZffXCdI/o1nuCFp
N6sFx1SH5vT37ER9ZKcCrgMwbB9p25YNp8EQ4PsnVhmGIlbXz2ZwoNPAD4UC9iZx
oMdWtHLKtHfbSlgG13eSrOv8RcM2eKyMBL8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQTYUoumWUtKdmqa63tbDgn2P5wvTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWNlZjQ0MGItMGYwNy00ZWJjLTk1MTctMTFiMWZhNjZlYjY1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFmB4AJ+VyqyNzQI
QpqnQGzaPUXgjadR0jBZBCxm4+vs8PbkjUKzQEZE6qVWV2+w536CqYoDn+cVbfUe
OnqYe2P9jf9D+B+whlIziRqNNxLxVUTDmvNOZ+rqJxZvcYAaCvY+r/glc+uGHb1N
QoqqBDImk8FIIeALtWVm0wz4BzzKilgeILTUvZltfmEOlK8VCn3cN56f8lBEkKHS
7eEh/16ntLX/mJVmrFuvCOilseHHmGtLtuokXaxFXuYfSU60+qNhvDYI1m93WAy0
QW3BCb+Szj7zxofXsqSjUcoV9zTWep8bVl/UEHWYK1TD80iN0e/6BGXjgwiUYYQT
4Oi7R3Q=
-----END CERTIFICATE-----