Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fb030b5f-dbe3-46de-805a-78076848e3c4.roa
File:                     fb030b5f-dbe3-46de-805a-78076848e3c4.roa (raw, json)
Hash identifier:          InuHQVy0gYc5GQ7yOu2vvTOaf1E4mt8YexlyCxzVvrQ=
Subject key identifier:   F9:30:FC:EC:E6:7F:10:E7:78:DA:FA:53:7E:EC:61:FF:CB:DA:7B:A4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6FE165311D46B0E8D84363309E01CAD88EEDFB59
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fb030b5f-dbe3-46de-805a-78076848e3c4.roa
Signing time:             Thu 18 May 2023 00:00:00 +0000
ROA not before:           Thu 18 May 2023 00:00:00 +0000
ROA not after:            Sun 21 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:e1:65:31:1d:46:b0:e8:d8:43:63:30:9e:01:ca:d8:8e:ed:fb:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 18 00:00:00 2023 GMT
            Not After : May 21 23:59:59 2023 GMT
        Subject: serialNumber=07aaabf097481f907afe7e89d445e6d92c0e1535883e84e006d83d73c11e80e3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e0:73:fe:de:86:3c:73:01:92:ea:f9:a6:dc:
                    f9:55:fb:e1:01:a5:52:1a:53:82:32:eb:6d:16:ff:
                    ce:09:ae:e7:82:95:cb:44:47:27:7e:7d:23:e1:96:
                    bc:fc:d8:1f:64:8e:62:10:08:ac:b6:f0:93:1e:62:
                    39:ee:85:f0:65:0b:28:87:1a:db:8c:72:17:52:27:
                    63:de:9d:26:94:04:b9:42:1e:d7:f1:b1:2e:9b:33:
                    06:67:c7:1d:a9:63:c3:c8:c8:47:48:c2:47:c1:7d:
                    14:68:85:bd:d1:16:9f:cf:5c:fa:84:02:c9:75:c8:
                    43:e1:59:f0:87:f5:87:bd:81:af:8d:dd:2e:09:4d:
                    fa:7e:2a:e9:80:74:ec:a9:f4:a7:7b:ca:07:fb:7e:
                    82:e4:36:cd:59:46:69:39:68:95:ac:ae:62:55:ec:
                    20:f5:f0:00:cf:fb:f0:31:3f:dd:d9:38:ce:ce:69:
                    75:af:7b:d9:16:66:ba:87:b5:3b:26:95:80:58:58:
                    7d:1f:30:ed:e5:82:35:e5:06:7c:3d:ec:05:e4:28:
                    0f:e7:ad:84:1f:12:0b:e3:44:ba:c5:d9:ae:47:dc:
                    45:d8:d6:5e:65:24:9e:64:fa:13:f2:c9:67:8b:7c:
                    42:7c:c0:aa:48:f4:39:9d:41:5b:e7:54:d6:ed:49:
                    8c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:30:FC:EC:E6:7F:10:E7:78:DA:FA:53:7E:EC:61:FF:CB:DA:7B:A4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fb030b5f-dbe3-46de-805a-78076848e3c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:87:00:4b:d5:8e:9b:0a:6c:b8:2a:30:ee:5d:e4:94:30:99:
         b5:e9:ac:a8:5e:34:00:56:ec:76:a6:bf:b0:af:57:59:8f:95:
         da:17:1c:d7:aa:3d:b8:79:b1:77:40:63:7c:40:5d:d7:e9:e3:
         e9:66:82:66:89:05:25:2d:95:58:df:fb:b8:22:1b:06:29:ff:
         6a:37:30:e9:6c:c2:8a:08:12:82:98:66:aa:d4:b1:3a:3e:b4:
         a5:0a:a6:a3:0d:ae:2a:ab:b7:cc:5a:21:0a:c0:fb:3d:d3:c6:
         56:13:66:51:46:53:5d:29:80:c5:c2:78:05:e2:bd:b2:56:4d:
         f7:37:d2:dc:7a:77:d2:66:8b:66:32:32:01:f6:06:0f:52:8d:
         d9:20:f6:c6:8e:e9:ba:c8:f6:e0:6a:99:c4:2d:2e:79:11:ee:
         53:bb:5f:b4:db:ae:e7:72:11:e4:97:b6:a9:1f:a8:de:89:23:
         18:47:21:b7:f3:40:55:5c:dd:51:78:bc:6b:fe:a5:db:d4:16:
         ca:54:96:56:18:23:7f:df:77:44:3b:81:4e:db:c6:95:05:25:
         6f:6c:2c:57:67:06:66:61:d6:f7:a4:41:87:46:40:da:01:79:
         1f:4f:e5:8a:10:b8:c2:1a:a9:75:34:bc:aa:7d:08:50:63:81:
         b9:71:e0:37
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUb+FlMR1GsOjYQ2MwngHK2I7t+1kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE4MDAwMDAwWhcNMjMwNTIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDdhYWFiZjA5NzQ4MWY5MDdhZmU3ZTg5ZDQ0NWU2ZDky
YzBlMTUzNTg4M2U4NGUwMDZkODNkNzNjMTFlODBlMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJXgc/7ehjxzAZLq+abc+VX74QGlUhpTgjLrbRb/zgmu54KVy0RH
J359I+GWvPzYH2SOYhAIrLbwkx5iOe6F8GULKIca24xyF1InY96dJpQEuUIe1/Gx
LpszBmfHHaljw8jIR0jCR8F9FGiFvdEWn89c+oQCyXXIQ+FZ8If1h72Br43dLglN
+n4q6YB07Kn0p3vKB/t+guQ2zVlGaTlolayuYlXsIPXwAM/78DE/3dk4zs5pda97
2RZmuoe1OyaVgFhYfR8w7eWCNeUGfD3sBeQoD+ethB8SC+NEusXZrkfcRdjWXmUk
nmT6E/LJZ4t8QnzAqkj0OZ1BW+dU1u1JjDcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT5MPzs5n8Q53ja+lN+7GH/y9p7pDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZmIwMzBiNWYtZGJlMy00NmRlLTgwNWEtNzgwNzY4NDhlM2M0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAESHAEvVjpsKbLgq
MO5d5JQwmbXprKheNABW7Hamv7CvV1mPldoXHNeqPbh5sXdAY3xAXdfp4+lmgmaJ
BSUtlVjf+7giGwYp/2o3MOlswooIEoKYZqrUsTo+tKUKpqMNriqrt8xaIQrA+z3T
xlYTZlFGU10pgMXCeAXivbJWTfc30tx6d9Jmi2YyMgH2Bg9Sjdkg9saO6brI9uBq
mcQtLnkR7lO7X7TbrudyEeSXtqkfqN6JIxhHIbfzQFVc3VF4vGv+pdvUFspUllYY
I3/fd0Q7gU7bxpUFJW9sLFdnBmZh1vekQYdGQNoBeR9P5YoQuMIaqXU0vKp9CFBj
gblx4Dc=
-----END CERTIFICATE-----