Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cae32601-c30f-4ff1-af24-970ff4d3e90a.roa
File:                     cae32601-c30f-4ff1-af24-970ff4d3e90a.roa (raw, json)
Hash identifier:          2wl+9V05fUj55z4zB/hwq06cxfO2Yrb4MhM6v7UXD5s=
Subject key identifier:   7D:B3:F4:58:74:1B:EB:9D:B3:A7:99:2B:96:CC:B0:0C:1F:CB:9C:7A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       72D2683BD0355EAFCC31B6A9031CF55284197B03
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cae32601-c30f-4ff1-af24-970ff4d3e90a.roa
Signing time:             Sat 13 May 2023 00:00:00 +0000
ROA not before:           Sat 13 May 2023 00:00:00 +0000
ROA not after:            Tue 16 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:d2:68:3b:d0:35:5e:af:cc:31:b6:a9:03:1c:f5:52:84:19:7b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 13 00:00:00 2023 GMT
            Not After : May 16 23:59:59 2023 GMT
        Subject: serialNumber=3f28dd0f040da2b48a6b188221b5779f260e0538ed8128c00117a9cba4a73cb1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:60:68:47:5b:4d:81:86:bd:20:0d:9b:79:58:
                    e5:af:bd:9f:2d:84:03:48:cc:8d:04:f8:60:0f:c6:
                    41:2a:b8:b2:29:9b:5f:e8:47:1f:f7:ab:11:d2:0e:
                    e0:b8:f6:dc:2e:5e:60:ca:f7:3d:67:fd:fa:d5:24:
                    a0:1a:f2:6f:eb:4a:e9:aa:9f:05:c5:2f:25:fe:be:
                    d5:43:d5:38:96:cc:d9:7e:56:d2:aa:82:fa:a3:1f:
                    02:70:7b:98:86:52:a1:82:1e:bf:a7:c6:e4:f5:fb:
                    30:2e:dc:14:88:74:3a:e3:66:d1:97:87:39:ba:c6:
                    fc:94:50:b9:63:fa:c5:6c:7d:9a:50:c7:2d:bf:51:
                    95:7d:59:20:86:d4:d9:7a:31:c5:04:b3:b5:e3:4b:
                    51:5e:48:3c:77:69:91:fe:f9:46:17:21:4e:07:c2:
                    1d:0e:32:4f:43:e0:30:26:80:82:a1:82:37:4c:44:
                    68:64:14:31:ef:18:76:7d:1b:0e:61:32:ce:4a:7c:
                    e3:e2:c6:07:d1:7d:a5:eb:35:ff:3a:52:74:88:b8:
                    62:a4:e5:ea:4b:01:ac:bb:2a:99:15:3d:7d:13:b7:
                    46:9f:82:13:1f:90:6f:d3:97:94:12:e7:b4:d5:7f:
                    81:59:bc:bd:7e:1d:32:e9:a2:22:f6:bb:8c:24:4b:
                    55:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:B3:F4:58:74:1B:EB:9D:B3:A7:99:2B:96:CC:B0:0C:1F:CB:9C:7A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cae32601-c30f-4ff1-af24-970ff4d3e90a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:c7:64:1f:06:69:17:88:9e:92:b9:6a:e8:e6:24:82:75:26:
         f2:27:8f:e2:51:bd:3e:00:d2:d7:05:00:69:39:ab:b6:57:f1:
         79:11:9e:23:19:40:f7:1d:77:1e:44:63:a6:13:c7:06:3a:67:
         5b:84:89:da:3c:d2:8c:1f:94:a4:5a:e0:c7:d4:02:ea:0e:2b:
         6d:3c:fd:ed:b4:24:e3:37:61:3c:e9:16:a3:5a:3a:fd:db:27:
         84:6b:60:ed:48:48:5b:f8:14:14:be:60:24:2e:dc:30:d4:2a:
         a9:23:b6:0c:d5:5a:4f:be:7e:15:2f:61:88:38:79:67:47:bb:
         e9:2d:b7:89:fd:85:fd:af:1f:0c:26:4a:cb:88:41:52:77:e9:
         cb:3d:39:f1:2f:d9:6f:e5:03:20:d8:e2:7c:38:53:10:25:f8:
         2c:1e:f1:2d:c3:37:5d:86:c2:6f:a7:e2:71:59:d5:d0:cf:ca:
         86:a4:e4:f7:6c:fd:2e:c6:74:ae:c3:49:8f:97:e8:4b:70:3b:
         69:52:c7:2f:2e:ac:41:97:f2:97:fe:8c:79:c9:b0:11:e4:4e:
         15:98:9b:51:c8:ed:99:ce:9a:78:e9:ae:ac:d7:88:55:87:f2:
         27:17:a1:64:08:ee:e7:4f:4c:f9:da:08:fa:d2:ef:fc:bc:9c:
         65:61:78:f1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUctJoO9A1Xq/MMbapAxz1UoQZewMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTEzMDAwMDAwWhcNMjMwNTE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2YyOGRkMGYwNDBkYTJiNDhhNmIxODgyMjFiNTc3OWYy
NjBlMDUzOGVkODEyOGMwMDExN2E5Y2JhNGE3M2NiMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK1gaEdbTYGGvSANm3lY5a+9ny2EA0jMjQT4YA/GQSq4simbX+hH
H/erEdIO4Lj23C5eYMr3PWf9+tUkoBryb+tK6aqfBcUvJf6+1UPVOJbM2X5W0qqC
+qMfAnB7mIZSoYIev6fG5PX7MC7cFIh0OuNm0ZeHObrG/JRQuWP6xWx9mlDHLb9R
lX1ZIIbU2XoxxQSzteNLUV5IPHdpkf75RhchTgfCHQ4yT0PgMCaAgqGCN0xEaGQU
Me8Ydn0bDmEyzkp84+LGB9F9pes1/zpSdIi4YqTl6ksBrLsqmRU9fRO3Rp+CEx+Q
b9OXlBLntNV/gVm8vX4dMumiIva7jCRLVacCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR9s/RYdBvrnbOnmSuWzLAMH8ucejAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2FlMzI2MDEtYzMwZi00ZmYxLWFmMjQtOTcwZmY0ZDNlOTBhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMPHZB8GaReInpK5
aujmJIJ1JvInj+JRvT4A0tcFAGk5q7ZX8XkRniMZQPcddx5EY6YTxwY6Z1uEido8
0owflKRa4MfUAuoOK208/e20JOM3YTzpFqNaOv3bJ4RrYO1ISFv4FBS+YCQu3DDU
KqkjtgzVWk++fhUvYYg4eWdHu+ktt4n9hf2vHwwmSsuIQVJ36cs9OfEv2W/lAyDY
4nw4UxAl+Cwe8S3DN12Gwm+n4nFZ1dDPyoak5Pds/S7GdK7DSY+X6EtwO2lSxy8u
rEGX8pf+jHnJsBHkThWYm1HI7ZnOmnjprqzXiFWH8icXoWQI7udPTPnaCPrS7/y8
nGVhePE=
-----END CERTIFICATE-----