Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2671876e-61b2-4f33-af4d-e968fc393717.roa
File:                     2671876e-61b2-4f33-af4d-e968fc393717.roa (raw, json)
Hash identifier:          bZDQccCD0H7xeA/dflug2ulKI+JEQt+by8ujkkpgTgc=
Subject key identifier:   40:99:ED:1B:75:D3:40:93:77:F3:53:E1:F1:F3:DD:4A:CD:44:AC:EC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2EAFB9ED33C57EF771359271FA5B8E9C9F09C855
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2671876e-61b2-4f33-af4d-e968fc393717.roa
Signing time:             Thu 23 Feb 2023 00:00:00 +0000
ROA not before:           Thu 23 Feb 2023 00:00:00 +0000
ROA not after:            Sun 26 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:af:b9:ed:33:c5:7e:f7:71:35:92:71:fa:5b:8e:9c:9f:09:c8:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 23 00:00:00 2023 GMT
            Not After : Feb 26 23:59:59 2023 GMT
        Subject: serialNumber=f52eca32662c7f7c081a049fed6912bebc0917fac134f5d2bdf35db0738ded4f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e4:6a:36:a0:1a:0f:7d:f8:03:4a:e8:25:90:
                    6d:3e:99:f3:02:87:d9:9f:41:ee:3f:c2:e7:50:29:
                    09:3b:01:b6:85:84:58:77:93:21:a7:34:5a:9f:15:
                    72:09:48:f5:3b:76:c9:c2:b0:63:d6:f8:9d:fd:6a:
                    bf:88:cb:80:43:8c:fe:0a:81:f2:39:5b:f0:80:64:
                    e2:4e:d7:0c:21:30:47:81:c5:97:00:f5:fb:1d:42:
                    a8:31:b1:66:9b:c7:e1:00:af:cf:7c:d9:43:32:c8:
                    d9:6d:67:68:58:54:51:2b:07:77:69:c3:ea:74:f7:
                    03:f4:4b:b7:dc:ad:c0:ec:ce:1a:2b:4e:39:c5:28:
                    2a:27:a0:aa:55:62:44:05:23:cc:85:12:49:9d:a8:
                    b5:3a:7e:61:d3:b0:a5:31:64:83:9f:39:05:72:97:
                    b4:45:b4:4f:ed:5a:9f:8b:20:c6:e7:69:aa:6e:40:
                    be:a1:d6:14:c4:5a:79:b5:bf:b7:86:ce:b6:71:fa:
                    44:2e:0c:93:ff:34:84:c8:3f:62:a1:61:0b:a4:8f:
                    c3:d7:a7:2f:e9:1a:c3:d7:b3:76:d0:eb:61:f0:d7:
                    e2:a0:cb:1a:96:09:49:f9:b8:e2:46:aa:a8:9d:ce:
                    b4:25:05:6b:1f:5e:df:c4:81:a6:9d:ce:93:ab:88:
                    53:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:99:ED:1B:75:D3:40:93:77:F3:53:E1:F1:F3:DD:4A:CD:44:AC:EC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2671876e-61b2-4f33-af4d-e968fc393717.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:70:25:51:1b:f3:1c:76:10:e4:b9:77:77:f7:7b:13:b5:1e:
         d1:37:9a:25:fc:0b:ea:1e:9f:99:7e:eb:73:09:60:ed:80:05:
         47:73:5b:18:c2:29:54:41:23:1f:ed:d0:55:f7:54:36:ad:5c:
         e8:ec:3d:cb:9a:10:c4:7a:5c:12:31:33:70:cd:00:c1:b9:76:
         ab:af:06:25:d5:e3:62:e7:43:6f:f1:f5:b7:43:2e:9d:02:cb:
         33:5b:80:ad:27:0e:55:02:a7:4a:41:46:92:93:36:eb:cf:72:
         6f:dd:d2:67:e5:ab:44:09:41:43:fa:0a:7d:65:5b:70:97:3a:
         fd:f5:7d:37:8f:2e:bb:b5:ad:76:37:0b:55:94:6e:13:4d:7c:
         c5:9a:b9:3f:cb:bd:cc:cc:a6:23:32:73:1b:15:05:86:fd:ea:
         0b:35:8a:8c:dd:39:c8:40:05:75:cc:d1:e2:76:45:79:41:e6:
         8e:0d:70:fc:64:06:72:09:a5:34:a8:e3:0d:2e:dc:c8:08:af:
         e0:44:a5:86:66:d5:6d:84:d6:a7:94:59:4d:93:f1:9b:15:5f:
         de:de:62:07:99:d4:c6:e2:6c:71:6f:75:5c:6c:10:b2:0f:08:
         91:7e:06:63:0a:b9:d4:95:e4:b6:4d:26:82:21:11:31:8e:cf:
         0d:23:24:55
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULq+57TPFfvdxNZJx+luOnJ8JyFUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIzMDAwMDAwWhcNMjMwMjI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjUyZWNhMzI2NjJjN2Y3YzA4MWEwNDlmZWQ2OTEyYmVi
YzA5MTdmYWMxMzRmNWQyYmRmMzVkYjA3MzhkZWQ0ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMfkajagGg99+ANK6CWQbT6Z8wKH2Z9B7j/C51ApCTsBtoWEWHeT
Iac0Wp8VcglI9Tt2ycKwY9b4nf1qv4jLgEOM/gqB8jlb8IBk4k7XDCEwR4HFlwD1
+x1CqDGxZpvH4QCvz3zZQzLI2W1naFhUUSsHd2nD6nT3A/RLt9ytwOzOGitOOcUo
KiegqlViRAUjzIUSSZ2otTp+YdOwpTFkg585BXKXtEW0T+1an4sgxudpqm5AvqHW
FMRaebW/t4bOtnH6RC4Mk/80hMg/YqFhC6SPw9enL+kaw9ezdtDrYfDX4qDLGpYJ
Sfm44kaqqJ3OtCUFax9e38SBpp3Ok6uIU9MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRAme0bddNAk3fzU+Hx891KzUSs7DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjY3MTg3NmUtNjFiMi00ZjMzLWFmNGQtZTk2OGZjMzkzNzE3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMpwJVEb8xx2EOS5
d3f3exO1HtE3miX8C+oen5l+63MJYO2ABUdzWxjCKVRBIx/t0FX3VDatXOjsPcua
EMR6XBIxM3DNAMG5dquvBiXV42LnQ2/x9bdDLp0CyzNbgK0nDlUCp0pBRpKTNuvP
cm/d0mflq0QJQUP6Cn1lW3CXOv31fTePLru1rXY3C1WUbhNNfMWauT/LvczMpiMy
cxsVBYb96gs1iozdOchABXXM0eJ2RXlB5o4NcPxkBnIJpTSo4w0u3MgIr+BEpYZm
1W2E1qeUWU2T8ZsVX97eYgeZ1MbibHFvdVxsELIPCJF+BmMKudSV5LZNJoIhETGO
zw0jJFU=
-----END CERTIFICATE-----