Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e45af9c9-45e0-4ea5-a8c3-606fbee258e1.roa
File:                     e45af9c9-45e0-4ea5-a8c3-606fbee258e1.roa (raw, json)
Hash identifier:          NqdRyILwssQUtbgtNAAKI351qwDESNWec8StD6BHqcY=
Subject key identifier:   09:EF:9A:D2:4C:6B:3D:E5:9E:FB:64:7A:A5:6D:01:96:49:34:9B:97
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4E95AF00E9F025B3D0876A1886A3D916074D5FE7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e45af9c9-45e0-4ea5-a8c3-606fbee258e1.roa
Signing time:             Mon 15 May 2023 00:00:00 +0000
ROA not before:           Mon 15 May 2023 00:00:00 +0000
ROA not after:            Thu 18 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:95:af:00:e9:f0:25:b3:d0:87:6a:18:86:a3:d9:16:07:4d:5f:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 15 00:00:00 2023 GMT
            Not After : May 18 23:59:59 2023 GMT
        Subject: serialNumber=095a2116c10560f442e27da05b83f551761c896fb68c50144ad6f1083bbc9d09, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:29:2a:6e:db:72:d2:d2:25:40:cd:69:ee:db:
                    05:9a:d7:c4:72:7c:50:34:bb:be:e4:8c:a3:3e:50:
                    43:63:44:e7:22:25:05:10:73:51:15:b8:d0:76:73:
                    fb:f8:8c:57:7d:6b:e2:b5:90:e8:b3:24:38:e1:67:
                    12:a6:9e:17:91:3b:c5:bb:f1:84:4b:f3:61:16:97:
                    fb:79:35:11:ac:f0:a8:ae:f4:c2:e0:03:46:57:09:
                    97:95:00:4d:c0:17:4d:6b:7b:58:20:dc:b4:e4:59:
                    62:fb:34:71:bd:f3:3d:3a:08:25:87:a8:1c:63:73:
                    12:bb:a7:ec:b4:e7:61:c2:db:41:b5:8a:e1:53:e4:
                    b7:95:9c:ec:d6:f8:e2:5a:f1:02:6b:cb:99:ec:40:
                    6a:7e:a7:42:15:f5:0c:71:0d:bf:5d:43:73:49:d0:
                    1c:ae:3f:11:f7:f7:aa:e0:6e:e5:c3:0d:c9:d8:06:
                    2d:ab:76:65:2d:e1:97:58:2b:2d:bd:fc:fb:ee:a2:
                    a1:c1:3e:41:6a:fc:22:7d:b3:32:a0:2f:49:71:1a:
                    d8:8f:e0:7c:62:b0:5b:82:f6:d3:b8:a0:6c:cc:ba:
                    2e:55:b5:22:69:f4:6b:60:cd:02:00:9d:57:86:d2:
                    a6:5a:9f:26:81:ef:44:15:af:bf:dd:de:65:5b:e9:
                    11:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:EF:9A:D2:4C:6B:3D:E5:9E:FB:64:7A:A5:6D:01:96:49:34:9B:97
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e45af9c9-45e0-4ea5-a8c3-606fbee258e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:67:39:a2:04:46:3c:51:0f:33:d0:20:a0:d9:93:b3:13:fd:
         9a:c8:dd:e9:f3:42:03:8f:f9:c1:d6:93:b8:0c:4d:51:59:46:
         aa:07:51:d1:54:a1:9f:9a:f0:fb:f1:9a:4f:91:25:fb:5b:86:
         7c:26:25:ba:48:ae:c6:55:91:33:16:32:4f:cf:69:35:06:61:
         15:d7:b8:a6:fa:16:b5:29:0b:ca:6f:36:5b:86:c6:05:61:f4:
         8c:fb:a2:7c:50:71:b6:f8:58:64:4b:09:33:f8:e3:e3:88:d0:
         e0:4a:8c:e8:a4:74:82:79:e3:e9:95:c0:38:f4:58:0e:34:25:
         f2:3f:8f:4f:15:d4:fd:8b:03:29:66:34:0a:1f:2f:dc:de:e4:
         37:50:cb:aa:4f:a4:a1:59:3a:db:1e:16:72:e5:d1:da:b9:fe:
         47:6b:70:12:62:45:b6:25:52:6d:55:83:1f:2d:c1:8b:e6:be:
         44:ea:17:03:b0:20:5d:57:ae:95:32:bf:b2:d6:9a:16:5e:26:
         73:2b:ed:53:f7:f5:cf:a5:16:e2:9b:2b:d9:df:02:2b:02:b7:
         4a:91:26:4e:84:28:8a:47:14:38:f0:9c:5c:c7:83:d3:69:a9:
         1c:d5:1f:8d:4e:7f:4f:14:52:d6:a9:72:9e:e4:b8:63:5a:26:
         22:e4:81:2d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTpWvAOnwJbPQh2oYhqPZFgdNX+cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE1MDAwMDAwWhcNMjMwNTE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDk1YTIxMTZjMTA1NjBmNDQyZTI3ZGEwNWI4M2Y1NTE3
NjFjODk2ZmI2OGM1MDE0NGFkNmYxMDgzYmJjOWQwOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALMpKm7bctLSJUDNae7bBZrXxHJ8UDS7vuSMoz5QQ2NE5yIlBRBz
URW40HZz+/iMV31r4rWQ6LMkOOFnEqaeF5E7xbvxhEvzYRaX+3k1EazwqK70wuAD
RlcJl5UATcAXTWt7WCDctORZYvs0cb3zPToIJYeoHGNzErun7LTnYcLbQbWK4VPk
t5Wc7Nb44lrxAmvLmexAan6nQhX1DHENv11Dc0nQHK4/Eff3quBu5cMNydgGLat2
ZS3hl1grLb38++6iocE+QWr8In2zMqAvSXEa2I/gfGKwW4L207igbMy6LlW1Imn0
a2DNAgCdV4bSplqfJoHvRBWvv93eZVvpEVUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQJ75rSTGs95Z77ZHqlbQGWSTSblzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTQ1YWY5YzktNDVlMC00ZWE1LWE4YzMtNjA2ZmJlZTI1OGUxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADRnOaIERjxRDzPQ
IKDZk7MT/ZrI3enzQgOP+cHWk7gMTVFZRqoHUdFUoZ+a8Pvxmk+RJftbhnwmJbpI
rsZVkTMWMk/PaTUGYRXXuKb6FrUpC8pvNluGxgVh9Iz7onxQcbb4WGRLCTP44+OI
0OBKjOikdIJ54+mVwDj0WA40JfI/j08V1P2LAylmNAofL9ze5DdQy6pPpKFZOtse
FnLl0dq5/kdrcBJiRbYlUm1Vgx8twYvmvkTqFwOwIF1XrpUyv7LWmhZeJnMr7VP3
9c+lFuKbK9nfAisCt0qRJk6EKIpHFDjwnFzHg9NpqRzVH41Of08UUtapcp7kuGNa
JiLkgS0=
-----END CERTIFICATE-----