Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d456f8af-ebd9-4df5-8ce1-4d3924d38399.roa
File:                     d456f8af-ebd9-4df5-8ce1-4d3924d38399.roa (raw, json)
Hash identifier:          mu11G4D3gB7JyEB2hX6yicUg7J1uC6Bgrar8lKVagro=
Subject key identifier:   36:1B:78:5D:89:D4:AD:E5:B1:DF:CA:C0:91:0B:90:E7:60:30:EE:14
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       408396E5836E404CAE488B5D51BB7859BC07B3E9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d456f8af-ebd9-4df5-8ce1-4d3924d38399.roa
Signing time:             Sun 21 May 2023 00:00:00 +0000
ROA not before:           Sun 21 May 2023 00:00:00 +0000
ROA not after:            Wed 24 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:83:96:e5:83:6e:40:4c:ae:48:8b:5d:51:bb:78:59:bc:07:b3:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 21 00:00:00 2023 GMT
            Not After : May 24 23:59:59 2023 GMT
        Subject: serialNumber=3225d1e809eec38b9fd6eb4c8b66b8447c70198278544d06b829cc8973696616, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:c3:ef:3c:bb:a5:0f:6d:5e:e4:45:89:b9:c3:
                    f5:e2:71:9b:15:b3:4b:c3:67:a3:99:81:c2:06:6c:
                    ba:3e:2d:d4:63:5c:84:7d:4a:00:95:80:ad:ad:78:
                    6e:ce:b7:60:91:fe:8b:6e:dd:c3:1e:76:b5:3d:b5:
                    d3:00:4e:55:55:f3:a6:df:55:11:76:8c:ef:f4:d9:
                    a2:bf:85:14:17:a6:c4:6f:31:42:34:d9:a6:be:6a:
                    74:10:c5:4d:86:f9:9b:1c:87:50:31:56:9f:00:95:
                    67:8f:e3:8d:7f:16:29:26:e6:19:31:d4:4c:e2:48:
                    48:ca:8b:55:ff:09:6d:a9:54:86:6f:93:3d:70:53:
                    4c:20:a2:f1:88:d1:78:3b:d7:4d:e7:50:76:62:44:
                    bf:4c:4a:e2:21:04:7d:de:a5:c1:8f:82:67:4a:7f:
                    e0:08:07:f2:92:31:e6:27:11:74:22:c0:b3:0b:4d:
                    37:38:5e:16:59:e6:de:ea:ed:73:29:24:6e:d7:3e:
                    61:30:0a:0b:bb:62:58:a8:48:96:02:56:8d:c7:fc:
                    6b:cd:7e:54:fd:b0:8b:4d:ad:a0:f0:fd:ee:2e:87:
                    1d:fe:91:3d:e6:08:81:fc:97:77:0d:1a:fb:6d:ca:
                    e6:57:de:b4:0e:61:67:02:23:8c:af:b7:01:37:12:
                    ed:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:1B:78:5D:89:D4:AD:E5:B1:DF:CA:C0:91:0B:90:E7:60:30:EE:14
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d456f8af-ebd9-4df5-8ce1-4d3924d38399.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:36:fd:01:24:98:57:55:35:a4:07:0a:be:ad:93:5a:de:43:
         cc:70:c4:3d:a4:87:80:3a:47:ea:e2:4b:36:6e:8d:6b:ac:be:
         36:3c:22:b2:da:d6:f1:fd:15:e8:33:f6:d8:67:dd:c7:c1:eb:
         bf:ea:c6:34:24:cf:8b:2d:cc:3e:04:e9:b9:8a:48:65:c9:1c:
         06:0f:10:08:ca:80:96:2e:b0:b1:f0:84:89:c4:f6:fc:a6:4c:
         cd:0b:5e:2b:96:e2:fd:9b:6a:8a:30:47:de:11:a7:a7:2c:9e:
         03:4d:a4:d2:1e:59:32:e0:4f:26:35:2d:08:95:66:68:a8:b6:
         08:f2:20:6a:11:a7:01:83:8e:b6:d0:e3:99:d6:fd:34:18:4e:
         8b:97:b9:e1:0c:b7:81:44:e2:1e:70:bc:8a:8e:23:c7:de:02:
         62:f0:26:28:08:96:03:90:37:58:3b:91:ce:c6:de:1f:aa:af:
         8c:eb:a0:2a:20:cf:0b:8f:cc:7b:ee:93:6a:eb:22:10:31:c7:
         49:59:44:94:86:1b:60:8a:69:96:81:3b:88:f9:a5:7e:78:ab:
         cd:47:af:63:20:6a:38:bd:7f:34:18:a7:8b:3a:35:34:e9:ea:
         b8:61:ad:9f:56:e8:ef:0e:19:ad:b7:50:35:22:95:59:0e:53:
         36:4e:99:06
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQIOW5YNuQEyuSItdUbt4WbwHs+kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIxMDAwMDAwWhcNMjMwNTI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzIyNWQxZTgwOWVlYzM4YjlmZDZlYjRjOGI2NmI4NDQ3
YzcwMTk4Mjc4NTQ0ZDA2YjgyOWNjODk3MzY5NjYxNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPLD7zy7pQ9tXuRFibnD9eJxmxWzS8Nno5mBwgZsuj4t1GNchH1K
AJWAra14bs63YJH+i27dwx52tT210wBOVVXzpt9VEXaM7/TZor+FFBemxG8xQjTZ
pr5qdBDFTYb5mxyHUDFWnwCVZ4/jjX8WKSbmGTHUTOJISMqLVf8JbalUhm+TPXBT
TCCi8YjReDvXTedQdmJEv0xK4iEEfd6lwY+CZ0p/4AgH8pIx5icRdCLAswtNNzhe
Flnm3urtcykkbtc+YTAKC7tiWKhIlgJWjcf8a81+VP2wi02toPD97i6HHf6RPeYI
gfyXdw0a+23K5lfetA5hZwIjjK+3ATcS7SMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ2G3hdidSt5bHfysCRC5DnYDDuFDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDQ1NmY4YWYtZWJkOS00ZGY1LThjZTEtNGQzOTI0ZDM4Mzk5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGQ2/QEkmFdVNaQH
Cr6tk1reQ8xwxD2kh4A6R+riSzZujWusvjY8IrLa1vH9Fegz9thn3cfB67/qxjQk
z4stzD4E6bmKSGXJHAYPEAjKgJYusLHwhInE9vymTM0LXiuW4v2baoowR94Rp6cs
ngNNpNIeWTLgTyY1LQiVZmiotgjyIGoRpwGDjrbQ45nW/TQYTouXueEMt4FE4h5w
vIqOI8feAmLwJigIlgOQN1g7kc7G3h+qr4zroCogzwuPzHvuk2rrIhAxx0lZRJSG
G2CKaZaBO4j5pX54q81Hr2Mgaji9fzQYp4s6NTTp6rhhrZ9W6O8OGa23UDUilVkO
UzZOmQY=
-----END CERTIFICATE-----