Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bcc0398f-33f7-47a4-a71a-bb1891cdaae4.roa
File:                     bcc0398f-33f7-47a4-a71a-bb1891cdaae4.roa (raw, json)
Hash identifier:          0QG2gDbCr5wks2vVIF9qJIP+NMr3V5mwnoV5BkJ2Bgk=
Subject key identifier:   88:14:EC:9B:72:6A:71:57:3D:FC:75:28:34:19:D4:7E:CF:47:F6:14
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       03F0CDCC0705B715003D92A3FF938452877D1930
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bcc0398f-33f7-47a4-a71a-bb1891cdaae4.roa
Signing time:             Sun 21 May 2023 00:00:00 +0000
ROA not before:           Sun 21 May 2023 00:00:00 +0000
ROA not after:            Wed 24 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:f0:cd:cc:07:05:b7:15:00:3d:92:a3:ff:93:84:52:87:7d:19:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 21 00:00:00 2023 GMT
            Not After : May 24 23:59:59 2023 GMT
        Subject: serialNumber=c172e4e34769dfff92ce12aedfd78b85c92956c3c7bf6d022c406ae05a9f9bbb, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:86:68:f6:47:90:d8:43:ac:0c:52:c8:d2:63:
                    15:a5:e5:68:4c:56:57:e2:07:f4:24:3b:f8:46:4f:
                    cc:48:f4:90:7c:18:e4:0e:80:f1:93:38:87:d8:4c:
                    c5:f9:55:b7:79:bf:19:70:23:d0:0f:e9:c6:4b:51:
                    d9:9e:14:92:9a:91:6a:a2:8a:3b:6a:7b:20:d5:90:
                    6a:5f:e0:1d:b6:4f:5e:7f:d4:6f:20:78:6f:fc:6f:
                    96:c0:61:41:1c:99:0b:1b:13:6f:4d:48:61:c4:34:
                    fd:15:a3:e7:d1:a1:0f:fc:47:12:ef:c5:7d:c4:43:
                    94:d9:d9:02:a3:1e:09:44:45:56:11:3d:cb:f2:ad:
                    5f:66:a4:39:f3:55:a9:51:40:12:bb:65:e4:be:bb:
                    11:e5:90:03:ff:7a:02:2e:92:92:81:72:d0:ee:f4:
                    bc:b9:64:81:a6:86:41:77:f4:55:70:c3:3a:33:6a:
                    07:71:cd:ff:6a:62:5f:20:13:c2:a5:9a:44:bc:96:
                    25:8b:c7:10:88:68:67:33:c7:ff:fb:13:8b:bd:31:
                    1a:fd:7f:1d:67:87:d7:be:83:cd:0b:57:04:fe:fd:
                    6d:65:1e:2f:9c:a1:58:92:fd:56:ee:4e:60:f0:c3:
                    ea:b7:56:a6:d7:51:c6:87:e5:54:ec:14:39:fc:34:
                    ec:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:14:EC:9B:72:6A:71:57:3D:FC:75:28:34:19:D4:7E:CF:47:F6:14
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bcc0398f-33f7-47a4-a71a-bb1891cdaae4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:70:40:c3:1c:22:f8:5c:00:cd:05:ca:37:09:e1:b9:62:d3:
         4e:ae:cf:4e:36:d5:7e:1c:55:67:14:92:bd:a5:43:cc:32:06:
         ff:40:f1:bd:d9:03:35:65:84:e9:ad:3c:8c:ca:3d:ee:3e:4c:
         52:fd:14:cf:c1:2b:b9:c6:d1:ad:11:df:06:2a:fc:58:82:ef:
         51:04:f1:86:d4:1b:91:7c:5b:54:8b:00:98:00:d4:b8:d8:e1:
         fb:72:26:0a:a4:58:09:5a:f1:62:42:c9:fc:b7:3e:e6:a8:20:
         f1:09:f0:59:2a:59:b1:e4:08:6e:4a:3f:53:74:b7:8d:99:3b:
         5b:a4:98:e3:27:a8:86:d7:47:93:a3:50:b3:2c:4a:79:b8:1d:
         24:7a:c3:9e:17:0b:8c:9d:71:57:e8:3b:4c:e7:8c:01:97:2e:
         7e:5c:00:0e:9d:07:56:e5:fc:ee:ca:3c:05:27:e8:9c:0f:cc:
         16:de:c9:a2:9f:30:ab:4c:a9:91:e9:57:25:1b:4b:78:d5:51:
         05:45:c4:a7:4c:9b:18:01:2e:85:c5:0e:75:ee:f6:43:91:94:
         89:b1:77:8c:e6:a6:2a:9b:76:19:18:06:d4:75:45:d1:48:d7:
         6a:d3:2f:56:68:5a:4a:76:73:d3:33:9c:b8:a7:63:83:4c:fc:
         bc:82:13:7f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUA/DNzAcFtxUAPZKj/5OEUod9GTAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIxMDAwMDAwWhcNMjMwNTI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzE3MmU0ZTM0NzY5ZGZmZjkyY2UxMmFlZGZkNzhiODVj
OTI5NTZjM2M3YmY2ZDAyMmM0MDZhZTA1YTlmOWJiYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKiGaPZHkNhDrAxSyNJjFaXlaExWV+IH9CQ7+EZPzEj0kHwY5A6A
8ZM4h9hMxflVt3m/GXAj0A/pxktR2Z4UkpqRaqKKO2p7INWQal/gHbZPXn/UbyB4
b/xvlsBhQRyZCxsTb01IYcQ0/RWj59GhD/xHEu/FfcRDlNnZAqMeCURFVhE9y/Kt
X2akOfNVqVFAErtl5L67EeWQA/96Ai6SkoFy0O70vLlkgaaGQXf0VXDDOjNqB3HN
/2piXyATwqWaRLyWJYvHEIhoZzPH//sTi70xGv1/HWeH176DzQtXBP79bWUeL5yh
WJL9Vu5OYPDD6rdWptdRxoflVOwUOfw07HkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSIFOybcmpxVz38dSg0GdR+z0f2FDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmNjMDM5OGYtMzNmNy00N2E0LWE3MWEtYmIxODkxY2RhYWU0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIBwQMMcIvhcAM0F
yjcJ4bli006uz0421X4cVWcUkr2lQ8wyBv9A8b3ZAzVlhOmtPIzKPe4+TFL9FM/B
K7nG0a0R3wYq/FiC71EE8YbUG5F8W1SLAJgA1LjY4ftyJgqkWAla8WJCyfy3Puao
IPEJ8FkqWbHkCG5KP1N0t42ZO1ukmOMnqIbXR5OjULMsSnm4HSR6w54XC4ydcVfo
O0znjAGXLn5cAA6dB1bl/O7KPAUn6JwPzBbeyaKfMKtMqZHpVyUbS3jVUQVFxKdM
mxgBLoXFDnXu9kORlImxd4zmpiqbdhkYBtR1RdFI12rTL1ZoWkp2c9MznLinY4NM
/LyCE38=
-----END CERTIFICATE-----