Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1bb5df94-48ab-416d-9614-b3262dfb6be2.roa
File:                     1bb5df94-48ab-416d-9614-b3262dfb6be2.roa (raw, json)
Hash identifier:          P1ONA1wbwKP2/ipuYvnqlYjFNCQ3TCHO3KmYC4v5de4=
Subject key identifier:   56:A4:C1:F3:3B:35:92:9A:8F:F6:2E:CF:52:3A:7C:86:6C:DB:17:AC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5F98502F575D59ED77B07D8FEFDA809522921BC4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1bb5df94-48ab-416d-9614-b3262dfb6be2.roa
Signing time:             Thu 23 Mar 2023 00:00:00 +0000
ROA not before:           Thu 23 Mar 2023 00:00:00 +0000
ROA not after:            Sun 26 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:98:50:2f:57:5d:59:ed:77:b0:7d:8f:ef:da:80:95:22:92:1b:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 23 00:00:00 2023 GMT
            Not After : Mar 26 23:59:59 2023 GMT
        Subject: serialNumber=eb9388cf73fdf7d0e2f6b9bb06a580db713a4d9148f2e12f0df1609da873fe50, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:55:32:ac:c9:b6:01:f9:46:2a:6e:55:ed:cc:
                    b7:ff:79:77:1e:5c:38:f2:de:af:9d:b9:62:1d:ba:
                    9e:fe:1d:9a:00:60:70:73:fd:55:95:89:a3:34:30:
                    9e:06:98:ee:99:fa:61:5e:24:cb:70:22:dc:77:2e:
                    27:f5:fc:c7:5e:69:dc:0c:64:6f:80:2e:f0:13:2c:
                    54:79:87:12:0b:af:1a:c5:87:6a:65:4a:e5:42:a1:
                    3c:6a:ee:6b:d9:22:fb:f6:21:00:dd:ff:1a:81:ea:
                    2b:8f:98:69:ad:51:76:97:7f:15:87:0d:6c:02:4a:
                    cd:f4:cc:8c:14:63:ff:49:ee:87:3b:12:0a:77:b5:
                    21:cb:a6:25:a6:f1:50:ff:72:3b:5d:9b:76:c3:85:
                    4a:c7:1e:92:24:a5:dc:4b:2a:9d:98:31:0f:f9:d0:
                    85:83:cd:8d:ed:0b:a5:92:e5:5c:37:ca:0a:b8:14:
                    e4:43:2d:b8:bf:dd:94:01:84:2a:b0:fc:48:0d:28:
                    54:6d:a0:90:19:5e:e5:58:db:bd:a7:3e:1d:d3:7d:
                    04:a6:8e:c0:67:5b:d5:04:77:59:41:81:b3:fa:5d:
                    36:72:0c:91:df:be:5d:b2:af:c4:fe:61:a5:0b:6a:
                    36:15:8c:46:0a:d4:23:ac:89:df:6e:c2:c5:80:e0:
                    8f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A4:C1:F3:3B:35:92:9A:8F:F6:2E:CF:52:3A:7C:86:6C:DB:17:AC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1bb5df94-48ab-416d-9614-b3262dfb6be2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:db:72:6f:35:4c:43:54:cd:66:2c:2a:86:70:a1:9c:64:48:
         93:73:9c:fe:80:52:aa:1a:f7:6b:9d:89:32:b5:fb:3b:9e:01:
         1f:57:43:74:86:bc:0c:d8:7a:67:72:40:d6:7d:07:04:f3:b1:
         54:5a:41:57:17:b2:ed:15:9f:68:99:70:09:85:57:43:c9:11:
         3e:a2:60:2d:4b:df:6c:cc:98:ac:c8:77:50:b8:1d:5b:f9:16:
         0b:25:8f:0a:c1:25:16:95:a2:c8:12:3b:3a:84:d8:5e:c1:66:
         7f:5a:7c:94:c8:00:fc:6c:71:19:1f:1b:47:59:47:10:a0:59:
         ce:f2:e3:16:60:6b:b9:0a:71:56:1e:5b:02:47:05:29:5d:cb:
         58:16:72:a5:54:ea:cc:63:08:2f:53:2a:71:32:6c:33:67:fb:
         63:b8:bc:40:cd:56:44:02:70:b3:88:a9:51:10:11:18:e0:c5:
         4d:37:e0:67:73:0a:77:6a:d4:1c:5f:f7:b0:4b:a2:a5:43:24:
         e0:26:ca:c0:c0:db:25:70:72:75:08:df:19:19:ed:5e:b4:7a:
         c5:43:3b:9a:83:81:38:a8:18:a6:82:54:63:f4:c2:07:df:5f:
         4d:59:51:b1:b4:ac:ac:88:22:1c:94:7b:3f:55:f2:85:75:e9:
         4d:3c:89:ba
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUX5hQL1ddWe13sH2P79qAlSKSG8QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIzMDAwMDAwWhcNMjMwMzI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZWI5Mzg4Y2Y3M2ZkZjdkMGUyZjZiOWJiMDZhNTgwZGI3
MTNhNGQ5MTQ4ZjJlMTJmMGRmMTYwOWRhODczZmU1MDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMdVMqzJtgH5RipuVe3Mt/95dx5cOPLer525Yh26nv4dmgBgcHP9
VZWJozQwngaY7pn6YV4ky3Ai3HcuJ/X8x15p3Axkb4Au8BMsVHmHEguvGsWHamVK
5UKhPGrua9ki+/YhAN3/GoHqK4+Yaa1Rdpd/FYcNbAJKzfTMjBRj/0nuhzsSCne1
IcumJabxUP9yO12bdsOFSscekiSl3EsqnZgxD/nQhYPNje0LpZLlXDfKCrgU5EMt
uL/dlAGEKrD8SA0oVG2gkBle5Vjbvac+HdN9BKaOwGdb1QR3WUGBs/pdNnIMkd++
XbKvxP5hpQtqNhWMRgrUI6yJ327CxYDgj+cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRWpMHzOzWSmo/2Ls9SOnyGbNsXrDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWJiNWRmOTQtNDhhYi00MTZkLTk2MTQtYjMyNjJkZmI2YmUyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHfbcm81TENUzWYs
KoZwoZxkSJNznP6AUqoa92udiTK1+zueAR9XQ3SGvAzYemdyQNZ9BwTzsVRaQVcX
su0Vn2iZcAmFV0PJET6iYC1L32zMmKzId1C4HVv5FgsljwrBJRaVosgSOzqE2F7B
Zn9afJTIAPxscRkfG0dZRxCgWc7y4xZga7kKcVYeWwJHBSldy1gWcqVU6sxjCC9T
KnEybDNn+2O4vEDNVkQCcLOIqVEQERjgxU034GdzCndq1Bxf97BLoqVDJOAmysDA
2yVwcnUI3xkZ7V60esVDO5qDgTioGKaCVGP0wgffX01ZUbG0rKyIIhyUez9V8oV1
6U08ibo=
-----END CERTIFICATE-----