Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cdbd48f6-567f-40a0-acab-3b883bc44ebc.roa
File:                     cdbd48f6-567f-40a0-acab-3b883bc44ebc.roa (raw, json)
Hash identifier:          pM7UsaDdIV0vDS+5tZB1zzrBis+HrTvwIOaoDZyMTB4=
Subject key identifier:   A8:E7:15:B8:E7:62:3B:66:AA:FD:0B:5E:66:70:8E:72:66:74:26:B8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       40DB4B139C3362D1F7CACE3249089F969B307CDC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cdbd48f6-567f-40a0-acab-3b883bc44ebc.roa
Signing time:             Fri 28 Apr 2023 00:00:00 +0000
ROA not before:           Fri 28 Apr 2023 00:00:00 +0000
ROA not after:            Mon 01 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:db:4b:13:9c:33:62:d1:f7:ca:ce:32:49:08:9f:96:9b:30:7c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 28 00:00:00 2023 GMT
            Not After : May  1 23:59:59 2023 GMT
        Subject: serialNumber=435ce6f9acf7178ef8fb04294752e66aefe29210beeef226b6c6b6b15544cb40, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a8:11:a4:3d:2d:96:7e:c0:48:e8:34:fb:c3:
                    03:6e:68:68:cc:e0:66:c2:16:a0:86:51:ae:28:ae:
                    27:f9:4d:2c:22:6f:a6:9e:bb:22:47:1f:86:16:e7:
                    20:63:c1:b1:51:5d:7d:bc:ad:3f:0e:0d:11:f8:19:
                    29:bf:8b:50:9c:51:99:73:7a:77:de:f3:29:37:d7:
                    7c:fd:cb:35:7b:91:d5:ee:b7:61:ce:ac:d1:0f:26:
                    70:0b:63:50:5e:fc:ba:30:96:3a:c7:4d:59:77:df:
                    bc:0c:58:c8:73:7f:ce:69:87:72:c1:49:1e:8c:c3:
                    e1:bc:a0:45:ef:68:f1:1d:a9:d0:47:0a:7b:6f:3a:
                    39:5c:0d:7a:c7:0d:c7:9a:53:98:fd:7a:d2:7e:f5:
                    54:6d:20:f9:2c:08:4d:7b:37:13:45:af:5c:18:c2:
                    de:cc:f5:64:c2:b8:3b:ff:b9:e7:72:6b:ac:35:61:
                    93:83:a2:07:48:ec:3e:13:77:19:b2:37:b8:0b:10:
                    5e:1f:93:b0:e0:2f:d7:2e:48:e9:c6:d6:f7:d0:d8:
                    cd:cd:67:3f:ed:dd:24:18:bd:d3:8e:6b:be:15:0c:
                    dd:6c:03:22:b3:c5:1c:38:77:42:40:25:20:f2:3f:
                    d7:31:05:bc:0d:1c:4e:ed:da:7f:52:6e:d8:b0:ac:
                    a1:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E7:15:B8:E7:62:3B:66:AA:FD:0B:5E:66:70:8E:72:66:74:26:B8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cdbd48f6-567f-40a0-acab-3b883bc44ebc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:e6:74:f8:b0:6a:89:da:1d:30:16:72:25:93:53:a2:5d:e9:
         ab:6d:48:22:8c:99:52:bc:ec:bf:6e:1b:06:a6:43:67:83:92:
         0e:0a:36:5f:7e:5e:c4:6a:eb:48:0f:73:80:dd:69:5a:5c:3e:
         bd:a7:22:ca:e1:9e:a3:e6:a7:82:53:c4:17:c6:ed:5e:b1:fc:
         2a:75:b2:fd:26:91:f9:54:91:3f:63:95:da:25:69:10:62:ef:
         7e:3e:73:fd:4e:de:85:a0:6e:72:1a:6f:7c:b4:b5:4b:c4:c1:
         79:7c:e7:56:73:cb:1f:45:bb:ad:cf:5f:32:e7:87:3e:60:b7:
         1f:f3:2f:46:bf:70:c3:49:7f:5c:ac:9f:b6:7d:a0:ff:6f:be:
         d1:06:d3:a7:5d:63:8c:eb:b6:4e:30:74:e6:a5:e8:7d:90:5d:
         d0:b8:98:25:59:e0:64:39:9c:9e:1f:79:e1:62:60:33:53:9a:
         f4:c9:40:f9:12:da:df:96:12:50:03:d1:a6:3e:30:73:f3:b4:
         1e:13:7e:eb:74:96:e0:f3:e4:c5:3f:b4:47:fe:b3:a4:c1:ba:
         bf:08:9b:ef:ef:93:8d:8c:6e:ff:91:2b:f1:38:eb:1f:51:3a:
         b5:3e:89:79:54:a1:84:43:38:ac:28:56:2c:40:28:6d:18:b0:
         5a:3f:54:29
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQNtLE5wzYtH3ys4ySQiflpswfNwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI4MDAwMDAwWhcNMjMwNTAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANDM1Y2U2ZjlhY2Y3MTc4ZWY4ZmIwNDI5NDc1MmU2NmFl
ZmUyOTIxMGJlZWVmMjI2YjZjNmI2YjE1NTQ0Y2I0MDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALCoEaQ9LZZ+wEjoNPvDA25oaMzgZsIWoIZRriiuJ/lNLCJvpp67
IkcfhhbnIGPBsVFdfbytPw4NEfgZKb+LUJxRmXN6d97zKTfXfP3LNXuR1e63Yc6s
0Q8mcAtjUF78ujCWOsdNWXffvAxYyHN/zmmHcsFJHozD4bygRe9o8R2p0EcKe286
OVwNescNx5pTmP160n71VG0g+SwITXs3E0WvXBjC3sz1ZMK4O/+553JrrDVhk4Oi
B0jsPhN3GbI3uAsQXh+TsOAv1y5I6cbW99DYzc1nP+3dJBi9045rvhUM3WwDIrPF
HDh3QkAlIPI/1zEFvA0cTu3af1Ju2LCsoR8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSo5xW452I7Zqr9C15mcI5yZnQmuDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2RiZDQ4ZjYtNTY3Zi00MGEwLWFjYWItM2I4ODNiYzQ0ZWJjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA/mdPiwaonaHTAW
ciWTU6Jd6attSCKMmVK87L9uGwamQ2eDkg4KNl9+XsRq60gPc4DdaVpcPr2nIsrh
nqPmp4JTxBfG7V6x/Cp1sv0mkflUkT9jldolaRBi734+c/1O3oWgbnIab3y0tUvE
wXl851Zzyx9Fu63PXzLnhz5gtx/zL0a/cMNJf1ysn7Z9oP9vvtEG06ddY4zrtk4w
dOal6H2QXdC4mCVZ4GQ5nJ4feeFiYDNTmvTJQPkS2t+WElAD0aY+MHPztB4Tfut0
luDz5MU/tEf+s6TBur8Im+/vk42Mbv+RK/E46x9ROrU+iXlUoYRDOKwoVixAKG0Y
sFo/VCk=
-----END CERTIFICATE-----