Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e6a84bcd-29d0-4d96-b0a6-e96d3292cbaf.roa
File:                     e6a84bcd-29d0-4d96-b0a6-e96d3292cbaf.roa (raw, json)
Hash identifier:          xE2muZyBzUrsLND817N0PNI0YDRW6c1rhjravE3hRxk=
Subject key identifier:   F8:7E:F4:EA:45:1C:52:29:34:EE:28:E6:D7:DD:C5:FC:21:3B:24:80
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       044D17C7FE1BB7A338A8A1DFC4FABF2FDA155B5C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e6a84bcd-29d0-4d96-b0a6-e96d3292cbaf.roa
Signing time:             Tue 23 May 2023 00:00:00 +0000
ROA not before:           Tue 23 May 2023 00:00:00 +0000
ROA not after:            Fri 26 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:4d:17:c7:fe:1b:b7:a3:38:a8:a1:df:c4:fa:bf:2f:da:15:5b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 23 00:00:00 2023 GMT
            Not After : May 26 23:59:59 2023 GMT
        Subject: serialNumber=bf9dbd3fcc7ae806b718643f033c8dc7947c32cf3967e0b437b1d27e21153514, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:6b:0b:d3:a3:e1:32:8d:e9:65:d9:f1:63:bf:
                    74:3f:c9:61:71:9f:52:25:94:35:03:c3:3f:09:97:
                    ba:0c:05:f5:d1:72:85:b5:a9:7f:5a:1f:0d:fe:8f:
                    1b:6a:e3:16:1a:64:57:ca:56:3c:e4:0f:58:e3:d7:
                    96:3b:13:b4:18:4e:e8:e8:da:0e:1a:dd:dc:0c:c6:
                    2f:52:2d:e9:b6:42:33:83:e5:24:60:a7:4b:33:84:
                    07:a0:13:1a:01:14:45:1a:fa:53:cc:a1:72:17:38:
                    76:6b:91:e9:2b:6c:7f:88:fb:c5:b9:f6:ca:9b:5f:
                    7c:15:cb:7a:92:55:76:cc:36:65:e6:6c:3a:6a:7e:
                    ec:15:39:ec:05:fd:1a:30:d6:0a:8a:cb:2c:1b:43:
                    48:cd:95:3a:e6:fc:17:59:5b:20:37:07:88:f8:d2:
                    00:3b:6c:54:67:26:cd:d0:d0:f5:b8:c1:3d:4e:ad:
                    0a:c9:83:14:0f:03:87:9c:4f:4e:d0:7f:9c:72:ee:
                    28:35:78:1c:89:ff:69:ac:7f:43:86:4c:e1:57:62:
                    db:83:50:69:4f:1f:b1:77:ca:23:c0:6d:c0:dc:b8:
                    15:9f:16:dc:13:28:81:3a:52:b2:04:c4:f2:10:48:
                    64:40:7f:1c:9c:d5:1a:82:5c:9b:2a:70:f4:29:2a:
                    6d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:7E:F4:EA:45:1C:52:29:34:EE:28:E6:D7:DD:C5:FC:21:3B:24:80
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e6a84bcd-29d0-4d96-b0a6-e96d3292cbaf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:4b:ec:96:c4:98:23:09:92:ba:a5:4a:69:40:67:27:f8:3b:
         af:c6:34:60:a9:48:56:1c:e1:7f:f5:52:8a:f7:17:db:28:72:
         78:8f:5e:eb:a1:d3:7d:2c:51:19:90:1a:f1:06:86:5b:5a:3a:
         76:54:f5:ae:cb:02:aa:c8:df:c3:97:fc:3f:e8:61:3e:b8:f2:
         28:70:03:9a:80:60:8f:d3:50:09:45:94:bb:00:77:21:9c:e1:
         d5:26:c6:ca:92:02:e0:7e:3b:2d:9d:66:f0:c1:df:cd:24:a0:
         19:41:27:2c:1e:71:45:57:bd:8e:36:85:af:95:b8:da:92:c4:
         59:a5:7f:5c:98:5a:4f:d8:ec:22:12:40:b4:7a:da:ce:04:58:
         12:d9:3b:51:01:ee:42:0c:03:c7:22:60:96:a9:24:3c:2d:b2:
         94:66:c5:24:88:ef:be:7a:b0:f7:d2:81:0d:06:94:01:f1:27:
         c6:e7:a1:e1:84:2e:a3:29:5c:10:82:5c:2c:2c:62:99:6e:31:
         bf:64:5b:03:7b:78:ea:06:4e:f8:b3:06:d1:e7:78:1a:b0:e4:
         e1:5c:2c:a8:6b:36:ed:f0:5a:89:0e:09:a7:5e:94:9b:60:e9:
         25:50:41:c3:ae:df:1b:76:5a:de:60:7c:c3:7e:23:b2:db:3c:
         ac:cc:4b:a1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBE0Xx/4bt6M4qKHfxPq/L9oVW1wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIzMDAwMDAwWhcNMjMwNTI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmY5ZGJkM2ZjYzdhZTgwNmI3MTg2NDNmMDMzYzhkYzc5
NDdjMzJjZjM5NjdlMGI0MzdiMWQyN2UyMTE1MzUxNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANlrC9Oj4TKN6WXZ8WO/dD/JYXGfUiWUNQPDPwmXugwF9dFyhbWp
f1ofDf6PG2rjFhpkV8pWPOQPWOPXljsTtBhO6OjaDhrd3AzGL1It6bZCM4PlJGCn
SzOEB6ATGgEURRr6U8yhchc4dmuR6Stsf4j7xbn2yptffBXLepJVdsw2ZeZsOmp+
7BU57AX9GjDWCorLLBtDSM2VOub8F1lbIDcHiPjSADtsVGcmzdDQ9bjBPU6tCsmD
FA8Dh5xPTtB/nHLuKDV4HIn/aax/Q4ZM4Vdi24NQaU8fsXfKI8BtwNy4FZ8W3BMo
gTpSsgTE8hBIZEB/HJzVGoJcmypw9CkqbRkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT4fvTqRRxSKTTuKObX3cX8ITskgDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTZhODRiY2QtMjlkMC00ZDk2LWIwYTYtZTk2ZDMyOTJjYmFmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABBL7JbEmCMJkrql
SmlAZyf4O6/GNGCpSFYc4X/1Uor3F9socniPXuuh030sURmQGvEGhltaOnZU9a7L
AqrI38OX/D/oYT648ihwA5qAYI/TUAlFlLsAdyGc4dUmxsqSAuB+Oy2dZvDB380k
oBlBJywecUVXvY42ha+VuNqSxFmlf1yYWk/Y7CISQLR62s4EWBLZO1EB7kIMA8ci
YJapJDwtspRmxSSI7756sPfSgQ0GlAHxJ8bnoeGELqMpXBCCXCwsYpluMb9kWwN7
eOoGTvizBtHneBqw5OFcLKhrNu3wWokOCadelJtg6SVQQcOu3xt2Wt5gfMN+I7Lb
PKzMS6E=
-----END CERTIFICATE-----