Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/13a40b3f-08bf-4083-9a6a-0560f804b294.roa
File:                     13a40b3f-08bf-4083-9a6a-0560f804b294.roa (raw, json)
Hash identifier:          xrPOmocSsrpFg57OX+b+c8vsUjHAP1iaC6gT2a3dzRk=
Subject key identifier:   6C:14:8B:61:3B:20:82:08:FC:69:B5:99:DF:62:62:B3:51:5F:F7:B5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       72D36E597B3A4C53523344F16E7E0ED1290E7DBB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/13a40b3f-08bf-4083-9a6a-0560f804b294.roa
Signing time:             Wed 22 Feb 2023 00:00:00 +0000
ROA not before:           Wed 22 Feb 2023 00:00:00 +0000
ROA not after:            Sat 25 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:d3:6e:59:7b:3a:4c:53:52:33:44:f1:6e:7e:0e:d1:29:0e:7d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 22 00:00:00 2023 GMT
            Not After : Feb 25 23:59:59 2023 GMT
        Subject: serialNumber=d3efe5256bb0ff792cfc5cf8ae72678540a8a0d884a76e41acb4abe8d4b3b27a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:30:da:c4:5d:65:1f:8b:02:e5:85:20:80:d9:
                    8c:3b:3d:30:43:eb:c1:e6:ac:4c:4a:84:e2:45:94:
                    fb:51:c8:b0:f1:f9:68:c5:e5:e4:94:48:9a:b9:83:
                    ff:94:78:74:4d:7d:98:df:24:ca:09:98:f8:0b:68:
                    c2:44:98:b2:30:0a:a4:7f:df:5f:20:f3:7c:4b:65:
                    6e:18:45:a7:6a:33:e6:a3:28:72:7c:d2:73:ee:6a:
                    6d:d1:7d:43:a7:8a:17:91:41:75:05:1c:90:06:b0:
                    c6:44:99:01:c3:be:0c:68:43:39:3b:86:82:28:be:
                    4a:8e:6b:c7:c7:59:f9:7c:ec:1b:21:97:49:ee:c8:
                    ba:35:4f:e9:f9:69:7e:11:a6:24:64:98:17:39:df:
                    25:7f:ee:ba:91:b3:ab:f0:ab:3a:8f:d9:17:b8:a4:
                    b5:d1:fb:b6:16:fb:07:7c:04:f8:81:8c:d4:e4:ca:
                    63:40:10:51:27:d7:b9:e6:ee:ed:fc:c2:14:bb:0d:
                    85:59:fd:e5:0e:03:75:ef:19:86:82:25:c0:e6:f0:
                    10:d6:1d:c2:3b:0c:87:e2:ed:76:40:d2:3f:e4:6c:
                    5a:dd:0c:7d:49:70:cd:4d:31:3c:03:62:63:10:0e:
                    b0:85:ee:8a:25:d7:e6:be:7f:ee:55:ba:1d:e4:e3:
                    6b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:14:8B:61:3B:20:82:08:FC:69:B5:99:DF:62:62:B3:51:5F:F7:B5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/13a40b3f-08bf-4083-9a6a-0560f804b294.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:35:96:57:db:f7:b5:82:a9:52:eb:72:99:31:d2:e5:aa:ca:
         de:20:99:a3:fe:36:9c:15:a3:9d:ef:59:e4:ae:b7:aa:65:44:
         1e:f9:ea:45:0a:b5:c4:88:97:6d:f6:8b:50:7f:46:01:94:68:
         1e:19:b4:42:2c:ea:3f:87:06:0f:ef:27:04:83:a4:12:bd:a0:
         73:8f:0b:0d:46:69:96:0f:5b:03:14:f1:f4:71:cf:8c:5a:58:
         99:bb:51:fd:0d:58:c1:60:db:d9:ba:a4:a7:b9:2a:28:8a:b3:
         07:91:c1:6e:40:18:e9:ac:44:4f:71:69:69:34:16:e3:dd:3d:
         f0:19:5c:08:c1:f7:7f:7c:7a:22:0c:c2:fa:af:cf:89:f0:74:
         75:13:1e:ad:dc:1c:e1:97:e7:67:7c:84:7e:0a:96:44:f4:e7:
         02:48:c5:af:51:4d:34:0f:7d:62:14:0c:c7:c9:2c:23:30:10:
         0f:bf:0b:8b:9b:14:94:0e:18:6d:a9:8a:bf:30:a5:56:58:df:
         87:33:13:4a:d4:e9:25:f6:a8:b8:cf:75:db:52:17:2a:91:3d:
         53:62:7c:b9:86:83:dd:a0:b9:16:42:94:71:e0:a9:11:90:48:
         09:11:49:1c:65:e7:0a:fc:0d:b9:86:80:8d:b5:4b:66:e6:aa:
         40:4c:d3:6d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUctNuWXs6TFNSM0Txbn4O0SkOfbswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIyMDAwMDAwWhcNMjMwMjI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDNlZmU1MjU2YmIwZmY3OTJjZmM1Y2Y4YWU3MjY3ODU0
MGE4YTBkODg0YTc2ZTQxYWNiNGFiZThkNGIzYjI3YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOMw2sRdZR+LAuWFIIDZjDs9MEPrweasTEqE4kWU+1HIsPH5aMXl
5JRImrmD/5R4dE19mN8kygmY+AtowkSYsjAKpH/fXyDzfEtlbhhFp2oz5qMocnzS
c+5qbdF9Q6eKF5FBdQUckAawxkSZAcO+DGhDOTuGgii+So5rx8dZ+XzsGyGXSe7I
ujVP6flpfhGmJGSYFznfJX/uupGzq/CrOo/ZF7iktdH7thb7B3wE+IGM1OTKY0AQ
USfXuebu7fzCFLsNhVn95Q4Dde8ZhoIlwObwENYdwjsMh+LtdkDSP+RsWt0MfUlw
zU0xPANiYxAOsIXuiiXX5r5/7lW6HeTja0MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRsFIthOyCCCPxptZnfYmKzUV/3tTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTNhNDBiM2YtMDhiZi00MDgzLTlhNmEtMDU2MGY4MDRiMjk0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAo1llfb97WCqVLr
cpkx0uWqyt4gmaP+NpwVo53vWeSut6plRB756kUKtcSIl232i1B/RgGUaB4ZtEIs
6j+HBg/vJwSDpBK9oHOPCw1GaZYPWwMU8fRxz4xaWJm7Uf0NWMFg29m6pKe5KiiK
sweRwW5AGOmsRE9xaWk0FuPdPfAZXAjB9398eiIMwvqvz4nwdHUTHq3cHOGX52d8
hH4KlkT05wJIxa9RTTQPfWIUDMfJLCMwEA+/C4ubFJQOGG2pir8wpVZY34czE0rU
6SX2qLjPddtSFyqRPVNifLmGg92guRZClHHgqRGQSAkRSRxl5wr8DbmGgI21S2bm
qkBM020=
-----END CERTIFICATE-----