Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/13dff05e-8eb4-4b65-829f-af96347157c9.roa
File:                     13dff05e-8eb4-4b65-829f-af96347157c9.roa (raw, json)
Hash identifier:          LSPA59st+66DcccIWzKjbFubw0V7eI/4H7luSZwj0QY=
Subject key identifier:   58:98:47:B8:9D:91:2D:04:95:10:E2:5E:02:A9:DC:63:F9:68:67:DA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3D7A2E86D1C49A91C2656AA892C1D5083718A325
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/13dff05e-8eb4-4b65-829f-af96347157c9.roa
Signing time:             Sat 01 Apr 2023 00:00:00 +0000
ROA not before:           Sat 01 Apr 2023 00:00:00 +0000
ROA not after:            Tue 04 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:7a:2e:86:d1:c4:9a:91:c2:65:6a:a8:92:c1:d5:08:37:18:a3:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  1 00:00:00 2023 GMT
            Not After : Apr  4 23:59:59 2023 GMT
        Subject: serialNumber=b46df64dc6ee286e0e720b7e6525d2d019ea2bb9a6764b85e59881eb740acfbc, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:90:2b:f3:cf:8c:f6:05:d2:16:f5:b3:8f:93:
                    78:26:2e:a8:e3:05:d2:c6:5f:de:f2:30:6b:35:f0:
                    19:46:2e:93:09:b0:f6:34:26:eb:03:92:e5:8e:82:
                    04:7b:2e:46:35:fc:c5:72:c6:36:96:6c:e8:4d:61:
                    8d:61:79:2f:e5:97:89:62:3c:27:7f:41:dd:79:19:
                    75:77:a4:9f:83:d1:c4:33:20:d4:d4:43:19:dc:b9:
                    f9:00:ad:fc:77:1e:4f:d8:96:57:db:8a:aa:36:45:
                    a8:bc:5f:71:7b:11:4f:dc:6a:34:9f:0f:c5:21:7b:
                    b7:69:f8:3d:5a:93:1e:50:56:bf:93:63:1c:ec:a3:
                    2c:e4:22:7f:b9:38:ff:c9:00:ef:21:b3:4e:9c:ed:
                    cb:f0:35:41:44:d8:20:b7:5d:dc:68:a6:63:b0:13:
                    4e:bb:33:9e:76:62:18:8c:35:b6:25:80:f0:f5:ce:
                    fc:2d:b9:9b:22:b5:fb:bf:a9:d6:95:8d:b4:d6:94:
                    ec:14:bf:d8:49:e1:4c:1f:f2:63:63:56:27:75:62:
                    e5:16:dd:42:86:1f:41:39:a6:0a:52:17:bf:8a:91:
                    85:c3:d8:51:d3:dc:c5:8e:05:59:fa:a6:a5:5d:19:
                    4e:ce:ed:8a:d2:27:03:3e:77:c5:ee:a4:07:bb:54:
                    d9:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:98:47:B8:9D:91:2D:04:95:10:E2:5E:02:A9:DC:63:F9:68:67:DA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/13dff05e-8eb4-4b65-829f-af96347157c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:a7:df:50:10:5d:09:d9:7b:ac:14:f6:10:9e:6d:7d:84:b6:
         28:5d:74:22:db:c8:2e:c6:83:d0:09:d3:d3:ea:53:6f:6c:16:
         5c:1e:5a:41:d2:65:8b:52:ad:5d:63:30:02:c4:ac:10:97:71:
         cb:f2:3f:84:54:1f:ea:23:d3:ce:4c:8f:b9:67:b0:f4:32:6c:
         df:7a:cf:4e:40:0c:1c:af:df:02:02:92:d0:3e:ea:67:8c:70:
         2d:38:53:bb:98:62:db:98:6c:fc:22:a6:7a:90:30:5a:97:bd:
         f1:87:1f:cf:6a:f6:89:a9:e2:86:54:83:9c:45:ad:5a:4b:69:
         95:99:33:62:ed:31:41:75:b4:f2:dc:ef:5b:ee:8f:c0:14:1a:
         1f:a1:1b:62:f4:3b:33:aa:a3:84:58:5f:d2:4f:f3:ab:a7:f7:
         00:60:3b:b6:2e:06:7b:d7:61:d5:f6:0b:9b:52:da:fc:65:03:
         4f:18:b9:3a:58:c9:ec:d0:59:a6:28:c1:16:d5:bc:86:e4:84:
         41:04:18:89:d4:38:06:9f:03:38:2a:b3:49:0f:e8:91:fb:bb:
         a6:70:6e:76:8e:ef:e7:28:ab:0f:04:c4:e0:81:59:6e:b3:46:
         31:84:39:d7:02:c6:19:fc:dc:2d:25:58:0c:82:1f:ad:59:cc:
         08:3f:d9:a1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPXouhtHEmpHCZWqoksHVCDcYoyUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDAxMDAwMDAwWhcNMjMwNDA0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjQ2ZGY2NGRjNmVlMjg2ZTBlNzIwYjdlNjUyNWQyZDAx
OWVhMmJiOWE2NzY0Yjg1ZTU5ODgxZWI3NDBhY2ZiYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMyQK/PPjPYF0hb1s4+TeCYuqOMF0sZf3vIwazXwGUYukwmw9jQm
6wOS5Y6CBHsuRjX8xXLGNpZs6E1hjWF5L+WXiWI8J39B3XkZdXekn4PRxDMg1NRD
Gdy5+QCt/HceT9iWV9uKqjZFqLxfcXsRT9xqNJ8PxSF7t2n4PVqTHlBWv5NjHOyj
LOQif7k4/8kA7yGzTpzty/A1QUTYILdd3GimY7ATTrsznnZiGIw1tiWA8PXO/C25
myK1+7+p1pWNtNaU7BS/2EnhTB/yY2NWJ3Vi5RbdQoYfQTmmClIXv4qRhcPYUdPc
xY4FWfqmpV0ZTs7titInAz53xe6kB7tU2QUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRYmEe4nZEtBJUQ4l4Cqdxj+Whn2jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTNkZmYwNWUtOGViNC00YjY1LTgyOWYtYWY5NjM0NzE1N2M5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMKn31AQXQnZe6wU
9hCebX2EtihddCLbyC7Gg9AJ09PqU29sFlweWkHSZYtSrV1jMALErBCXccvyP4RU
H+oj085Mj7lnsPQybN96z05ADByv3wICktA+6meMcC04U7uYYtuYbPwipnqQMFqX
vfGHH89q9omp4oZUg5xFrVpLaZWZM2LtMUF1tPLc71vuj8AUGh+hG2L0OzOqo4RY
X9JP86un9wBgO7YuBnvXYdX2C5tS2vxlA08YuTpYyezQWaYowRbVvIbkhEEEGInU
OAafAzgqs0kP6JH7u6ZwbnaO7+coqw8ExOCBWW6zRjGEOdcCxhn83C0lWAyCH61Z
zAg/2aE=
-----END CERTIFICATE-----