Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e17367e0-7c5e-455e-99e1-0db615af9108.roa
File:                     e17367e0-7c5e-455e-99e1-0db615af9108.roa (raw, json)
Hash identifier:          L4ie0TWlhd/8XpYJEb8ur2pxnYB1cFFJ1+JgR6LsdHo=
Subject key identifier:   65:D9:4B:78:FF:9A:77:CB:7B:DD:85:2A:47:73:B8:F7:6C:E1:1B:D3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5E491F507D10713A4544BC945D7FD1CDDF0FC2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e17367e0-7c5e-455e-99e1-0db615af9108.roa
Signing time:             Thu 11 May 2023 00:00:00 +0000
ROA not before:           Thu 11 May 2023 00:00:00 +0000
ROA not after:            Sun 14 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:49:1f:50:7d:10:71:3a:45:44:bc:94:5d:7f:d1:cd:df:0f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 11 00:00:00 2023 GMT
            Not After : May 14 23:59:59 2023 GMT
        Subject: serialNumber=6666a6af442c2c5f36e7ed84451aed0688636df07cc24058cc8081c56cb8347a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:27:64:b7:33:4d:ca:d1:87:7d:0f:45:b0:67:
                    99:ee:28:2c:f5:de:03:5a:39:0a:2c:44:21:cb:c5:
                    6c:c0:14:d9:64:34:b7:27:64:7a:42:a8:17:47:47:
                    a0:4e:a6:91:fd:8b:48:1a:c0:a7:43:80:42:c6:53:
                    37:29:29:37:40:d9:6f:9a:84:5b:68:97:79:22:09:
                    df:ae:8a:3d:8c:3e:73:f4:15:49:25:1a:8f:5f:88:
                    d4:2f:8d:94:e3:dd:c3:e3:f4:dc:c4:c2:33:af:06:
                    bf:eb:0c:f4:a7:55:17:ed:c5:54:46:87:19:98:44:
                    3b:f3:59:de:5b:e7:81:b4:33:d0:a1:8c:cc:35:36:
                    77:86:94:ba:a9:26:50:f2:b7:75:e5:7e:3f:cf:31:
                    59:5e:b4:be:c3:0f:71:7a:a2:71:e9:92:2f:71:e3:
                    64:b1:69:3b:04:6f:b3:50:3d:87:a2:15:77:32:41:
                    0d:5d:c3:3e:7f:53:19:aa:01:ce:06:ef:23:9c:01:
                    bd:05:57:ab:37:35:a9:26:20:18:92:89:8d:d2:35:
                    cd:2c:5b:fe:09:1b:22:f1:78:ca:18:1b:06:30:62:
                    53:57:c4:46:5e:14:a0:32:16:bb:6e:23:b2:d7:12:
                    9d:c1:5c:f7:b8:9e:3a:d2:e1:08:02:9b:ba:14:42:
                    61:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:D9:4B:78:FF:9A:77:CB:7B:DD:85:2A:47:73:B8:F7:6C:E1:1B:D3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e17367e0-7c5e-455e-99e1-0db615af9108.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:bb:13:26:99:d9:74:5f:08:a2:05:72:92:f6:c0:c9:bf:eb:
         a8:64:b6:2d:1f:23:d3:24:85:d2:c0:43:cd:82:d3:6c:c5:2e:
         00:25:93:4c:6f:1d:2d:d4:31:39:b2:10:f2:3f:f3:f4:15:4e:
         a7:e2:e2:b7:4d:c6:81:fe:99:6a:c8:12:d3:58:99:e8:e9:62:
         ac:3e:31:41:6f:dc:66:40:ec:c6:89:60:9e:ce:84:10:f5:18:
         b5:92:cc:07:14:04:6c:b6:42:bf:35:e8:05:2b:8d:e8:72:50:
         c1:ee:b1:4f:db:58:1b:63:f0:7c:59:5a:80:a8:59:56:a4:23:
         f5:a4:8a:be:33:11:05:30:3d:05:3e:d2:4e:ae:04:c1:e4:3f:
         8a:0c:a9:a5:4e:35:e5:9e:7e:4f:ec:8f:e3:0a:83:29:cd:16:
         b0:40:ae:04:f0:ae:1c:77:06:a4:28:d9:dc:ec:78:0b:aa:66:
         12:50:28:0c:0d:b8:13:d1:f0:0e:9e:20:53:c7:b1:ea:c7:8e:
         4a:15:c6:60:d7:8f:f2:33:9b:9a:bf:7b:e3:1c:90:25:61:4d:
         92:6e:70:94:6f:77:da:c5:c8:d1:26:ad:e6:13:c5:0f:0e:9f:
         a4:6d:c5:88:b4:c4:4b:27:f8:97:d3:b6:75:4a:90:c5:84:1f:
         65:5b:e6:eb
-----BEGIN CERTIFICATE-----
MIIGMDCCBRigAwIBAgITXkkfUH0QcTpFRLyUXX/Rzd8PwjANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5NGIwOTJkODZm
YjFkN2EwZjc0ZTI4MTYxMTAeFw0yMzA1MTEwMDAwMDBaFw0yMzA1MTQyMzU5NTla
MIGlMUkwRwYDVQQFE0A2NjY2YTZhZjQ0MmMyYzVmMzZlN2VkODQ0NTFhZWQwNjg4
NjM2ZGYwN2NjMjQwNThjYzgwODFjNTZjYjgzNDdhMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMxFDASBgNVBAsTC0FtYXpvbiBS
UEtJMRMwEQYDVQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA8SdktzNNytGHfQ9FsGeZ7igs9d4DWjkKLEQhy8VswBTZZDS3J2R6
QqgXR0egTqaR/YtIGsCnQ4BCxlM3KSk3QNlvmoRbaJd5Ignfroo9jD5z9BVJJRqP
X4jUL42U493D4/TcxMIzrwa/6wz0p1UX7cVURocZmEQ781neW+eBtDPQoYzMNTZ3
hpS6qSZQ8rd15X4/zzFZXrS+ww9xeqJx6ZIvceNksWk7BG+zUD2HohV3MkENXcM+
f1MZqgHOBu8jnAG9BVerNzWpJiAYkomN0jXNLFv+CRsi8XjKGBsGMGJTV8RGXhSg
Mha7biOy1xKdwVz3uJ460uEIApu6FEJhdwIDAQABo4ICvjCCArowHQYDVR0OBBYE
FGXZS3j/mnfLe92FKkdzuPds4RvTMB8GA1UdIwQYMBaAFJFE7cekDumQt/o2b/bh
fXmtxIOXMA4GA1UdDwEB/wQEAwIHgDCB8wYIKwYBBQUHAQEEgeYwgeMwgeAGCCsG
AQUFBzAChoHTcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1y
cGtpLXRhLzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8wMzU3
MjcyYy1hNzlhLTQ1YmYtOTU4Ni05MmRkNDllZjMyMjMvNzNmMjFjMmItODgyMy00
YzI0LWIyNWItNDNjODBjYjZkMWJiLzI3OGFhYjg3OGYyODMxYmIxODIzYjU4Nzk0
YjA5MmQ4NmZiMWQ3YTBmNzRlMjgxNjExLmNlcjCBngYIKwYBBQUHAQsEgZEwgY4w
gYsGCCsGAQUFBzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNkLTFhNWJlNzQ4
YmZlYS9lMTczNjdlMC03YzVlLTQ1NWUtOTllMS0wZGI2MTVhZjkxMDgucm9hMIGV
BgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2Qt
MWE1YmU3NDhiZmVhLzRiYjhhZTVjLTEyNGMtNDJmMy04N2ZiLTRmMzRlNzRlM2Rh
Mi5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAMckeDANBgkqhkiG9w0BAQsFAAOCAQEAErsTJpnZdF8IogVy
kvbAyb/rqGS2LR8j0ySF0sBDzYLTbMUuACWTTG8dLdQxObIQ8j/z9BVOp+Lit03G
gf6ZasgS01iZ6OlirD4xQW/cZkDsxolgns6EEPUYtZLMBxQEbLZCvzXoBSuN6HJQ
we6xT9tYG2PwfFlagKhZVqQj9aSKvjMRBTA9BT7STq4EweQ/igyppU415Z5+T+yP
4wqDKc0WsECuBPCuHHcGpCjZ3Ox4C6pmElAoDA24E9HwDp4gU8ex6seOShXGYNeP
8jObmr974xyQJWFNkm5wlG932sXI0Sat5hPFDw6fpG3FiLTESyf4l9O2dUqQxYQf
ZVvm6w==
-----END CERTIFICATE-----