Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c98c6056-3fda-4bf5-b62a-374787d28ac0.roa
File:                     c98c6056-3fda-4bf5-b62a-374787d28ac0.roa (raw, json)
Hash identifier:          aHT2mSAkwh3dJ8C4zF83Zb/lxWFPxw2kUT7Mwx0X860=
Subject key identifier:   FC:F0:3C:FB:A3:EF:FE:A6:04:75:F5:B4:91:A5:93:BE:BD:EC:D3:5F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       41FECEA2D1956BB678C161EAC14A45D288B12E3A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c98c6056-3fda-4bf5-b62a-374787d28ac0.roa
Signing time:             Wed 17 May 2023 00:00:00 +0000
ROA not before:           Wed 17 May 2023 00:00:00 +0000
ROA not after:            Sat 20 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:fe:ce:a2:d1:95:6b:b6:78:c1:61:ea:c1:4a:45:d2:88:b1:2e:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 17 00:00:00 2023 GMT
            Not After : May 20 23:59:59 2023 GMT
        Subject: serialNumber=d183c1b53d7be0d9b4f6911473c351f0cc45e36874203facf901b6bea0306e3d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5e:97:e3:49:46:04:a6:3a:e6:d9:e7:53:c4:
                    9a:4f:1b:b8:90:f8:7b:59:da:65:59:b6:39:b2:86:
                    12:fc:1d:70:6e:fc:b4:82:18:bd:8f:8f:d4:a7:fc:
                    ec:43:3a:51:3d:96:9c:8b:bb:62:71:37:65:34:78:
                    fd:a8:f6:b3:39:ae:eb:c4:49:a1:60:db:17:f8:43:
                    4f:2e:aa:84:bc:4c:db:92:f2:4c:49:2b:89:aa:20:
                    35:fe:7d:76:c2:57:2f:60:e0:59:2a:d2:27:11:ec:
                    8c:50:00:e3:d7:6d:c8:2d:54:15:33:6b:14:62:ef:
                    78:22:f8:c9:f8:04:c1:99:2d:b3:cc:0c:ca:c0:f5:
                    42:5a:30:93:bd:94:fa:9f:44:68:2c:f2:df:f1:e3:
                    c9:99:b0:27:a6:45:ec:a2:3d:30:5c:50:16:e8:05:
                    c4:6a:1d:9f:fe:59:94:04:46:cb:29:8d:74:28:d6:
                    99:dc:88:e9:82:4f:f2:0f:ae:64:48:d8:02:0a:e0:
                    02:44:eb:9e:92:dc:10:e5:6e:44:e8:8c:9f:80:3d:
                    df:b5:0e:6f:61:bd:bd:44:68:c5:2b:0c:34:be:da:
                    0a:0d:cf:8b:a7:ca:8e:f4:18:f6:78:69:fe:ac:da:
                    10:9b:8c:0e:12:85:1b:33:d4:88:7d:97:c7:f6:6a:
                    23:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:F0:3C:FB:A3:EF:FE:A6:04:75:F5:B4:91:A5:93:BE:BD:EC:D3:5F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c98c6056-3fda-4bf5-b62a-374787d28ac0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:f2:1a:9b:03:8a:70:aa:f7:b6:19:da:21:2b:d6:d1:b9:62:
         de:b3:67:13:f7:76:a1:cf:bb:bc:f4:26:03:6e:8f:a3:8c:5d:
         69:f0:e9:f1:36:5e:e5:84:33:fc:2f:96:18:5f:21:68:3b:06:
         9d:bf:90:5e:79:65:2b:82:7a:9c:aa:86:88:b7:f5:8f:e4:99:
         ac:92:69:1c:79:a3:ad:02:a4:11:22:b7:c1:70:6f:53:73:1d:
         1e:ed:ad:2a:12:a0:89:e8:e6:84:3d:2c:10:1b:9a:3d:77:e6:
         b1:36:0e:27:9b:a1:fe:20:ad:8e:70:21:8c:a0:64:81:26:dd:
         60:ad:12:3a:b7:b6:69:98:7a:a8:1b:34:d3:55:fe:5e:72:20:
         b9:99:26:66:a3:02:69:ed:5c:39:00:14:74:3a:6c:84:87:c8:
         c6:02:52:7d:44:96:42:37:1e:28:6b:22:99:6c:b0:2e:73:87:
         50:39:95:cb:8f:5b:9f:12:e6:b4:0e:d3:6d:47:22:86:f8:74:
         a6:d2:e5:9a:2f:e5:dd:cd:51:88:61:be:92:0c:ee:6b:90:f4:
         ef:3a:07:31:a6:c3:ad:36:ed:f1:93:70:6a:1f:e7:49:6d:db:
         ae:75:7c:90:88:c3:ea:be:4f:75:73:0f:d2:0d:44:97:ec:d6:
         de:1c:f6:48
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQf7OotGVa7Z4wWHqwUpF0oixLjowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE3MDAwMDAwWhcNMjMwNTIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDE4M2MxYjUzZDdiZTBkOWI0ZjY5MTE0NzNjMzUxZjBj
YzQ1ZTM2ODc0MjAzZmFjZjkwMWI2YmVhMDMwNmUzZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALpel+NJRgSmOubZ51PEmk8buJD4e1naZVm2ObKGEvwdcG78tIIY
vY+P1Kf87EM6UT2WnIu7YnE3ZTR4/aj2szmu68RJoWDbF/hDTy6qhLxM25LyTEkr
iaogNf59dsJXL2DgWSrSJxHsjFAA49dtyC1UFTNrFGLveCL4yfgEwZkts8wMysD1
Qlowk72U+p9EaCzy3/HjyZmwJ6ZF7KI9MFxQFugFxGodn/5ZlARGyymNdCjWmdyI
6YJP8g+uZEjYAgrgAkTrnpLcEOVuROiMn4A937UOb2G9vURoxSsMNL7aCg3Pi6fK
jvQY9nhp/qzaEJuMDhKFGzPUiH2Xx/ZqI70CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT88Dz7o+/+pgR19bSRpZO+vezTXzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzk4YzYwNTYtM2ZkYS00YmY1LWI2MmEtMzc0Nzg3ZDI4YWMwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFHyGpsDinCq97YZ
2iEr1tG5Yt6zZxP3dqHPu7z0JgNuj6OMXWnw6fE2XuWEM/wvlhhfIWg7Bp2/kF55
ZSuCepyqhoi39Y/kmaySaRx5o60CpBEit8Fwb1NzHR7trSoSoIno5oQ9LBAbmj13
5rE2Diebof4grY5wIYygZIEm3WCtEjq3tmmYeqgbNNNV/l5yILmZJmajAmntXDkA
FHQ6bISHyMYCUn1ElkI3HihrIplssC5zh1A5lcuPW58S5rQO021HIob4dKbS5Zov
5d3NUYhhvpIM7muQ9O86BzGmw6027fGTcGof50lt2651fJCIw+q+T3VzD9INRJfs
1t4c9kg=
-----END CERTIFICATE-----