Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2b9353c5-8ae2-453c-b2ec-581c3294082c.roa
File:                     2b9353c5-8ae2-453c-b2ec-581c3294082c.roa (raw, json)
Hash identifier:          keG+nNfivv6ABTyJnTcJyO83h8rQDKK/MtNZyvCX/VQ=
Subject key identifier:   64:F2:D2:49:AC:04:43:57:A7:80:1E:13:A1:55:96:0D:60:6A:65:8A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0A2C20252400A14DB38EE7AE680DE3AF39EBBF47
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2b9353c5-8ae2-453c-b2ec-581c3294082c.roa
Signing time:             Tue 14 Feb 2023 00:00:00 +0000
ROA not before:           Tue 14 Feb 2023 00:00:00 +0000
ROA not after:            Fri 17 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:2c:20:25:24:00:a1:4d:b3:8e:e7:ae:68:0d:e3:af:39:eb:bf:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 14 00:00:00 2023 GMT
            Not After : Feb 17 23:59:59 2023 GMT
        Subject: serialNumber=276daefd04add8b08fbb08dd3f7f306624d7ff5d8e483df10377bcd7b62f0de1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:08:d2:23:3c:2c:00:36:1e:fc:5e:89:55:6f:
                    7c:55:06:54:9d:11:ca:21:d8:e5:01:3c:54:d4:c1:
                    81:c1:b7:de:4d:32:ae:76:e9:5b:f0:1e:1a:0a:f6:
                    c5:50:a7:1c:0a:1d:72:ff:31:37:ee:0f:c2:2e:1a:
                    30:b3:fe:8d:1f:8a:8d:5c:80:0f:01:d1:e5:54:ba:
                    3c:42:9d:a0:32:3a:60:d0:b4:9d:91:8b:a7:54:28:
                    81:96:87:ce:c4:87:27:79:08:cc:92:a9:43:9f:a7:
                    db:45:19:b2:1e:03:2e:5c:b2:3e:c9:d0:7b:40:41:
                    59:6e:de:31:28:04:61:9c:a3:c2:6e:b0:b3:a2:28:
                    0c:15:9f:24:52:fd:87:7f:15:9d:68:c1:15:fa:82:
                    bd:88:89:89:2d:f2:3a:bc:f3:9d:4c:6e:15:fa:22:
                    b3:ef:60:33:ac:b2:bd:5c:49:b6:e5:29:77:c8:5d:
                    c0:09:54:b9:b2:68:0a:f3:12:2e:d2:03:6f:ee:d3:
                    8d:f9:b3:b2:e2:3a:9e:04:8b:0b:1a:ad:49:a3:27:
                    e6:ab:d0:7d:7b:29:31:43:52:5b:8c:d6:c2:2a:4f:
                    52:74:c6:24:29:2d:ff:c3:52:70:ca:29:ef:1d:a2:
                    45:b4:c4:53:1e:de:51:81:d8:7c:6e:52:8c:bc:e4:
                    32:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:F2:D2:49:AC:04:43:57:A7:80:1E:13:A1:55:96:0D:60:6A:65:8A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2b9353c5-8ae2-453c-b2ec-581c3294082c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:71:8a:63:45:d8:51:f3:be:3a:0f:9f:8f:af:42:ef:7d:d6:
         65:2b:ab:b2:67:10:db:9f:f5:f5:3e:dc:bb:8d:7b:8b:54:b3:
         32:50:39:41:b7:31:65:e1:27:23:c8:47:e5:5b:eb:64:3f:d3:
         b1:7e:6d:77:c1:c8:94:a9:be:c9:2a:a3:81:b9:2c:0b:61:b1:
         85:3c:74:5f:81:63:5f:f5:de:50:b8:06:3f:24:4d:e1:8b:7f:
         40:31:ac:24:43:84:1b:76:15:a9:b9:2d:8e:75:e9:a1:d5:19:
         12:70:ad:51:c4:2b:45:d1:84:7b:da:af:14:ad:bf:18:e1:46:
         22:07:81:7b:c9:88:0a:71:bf:74:3d:b4:61:0a:44:d3:2f:95:
         51:2a:9d:dc:ab:18:7d:b7:ff:ec:ba:f6:ab:c9:7a:a9:c2:14:
         9b:65:13:c7:04:69:9d:8f:1a:df:f3:33:76:62:98:39:16:24:
         23:11:4b:ad:f5:34:23:45:de:0c:93:c5:c7:9c:b2:62:bc:1f:
         d8:ff:b4:48:83:25:25:cc:a2:3b:1d:b5:14:eb:8f:d1:a6:07:
         64:fb:c7:5a:16:82:d5:56:e1:28:24:ba:64:33:3c:64:2d:ea:
         7b:af:00:e0:c8:32:7f:95:fc:02:33:22:c2:76:bb:66:92:39:
         09:f2:fe:7a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCiwgJSQAoU2zjueuaA3jrznrv0cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE0MDAwMDAwWhcNMjMwMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMjc2ZGFlZmQwNGFkZDhiMDhmYmIwOGRkM2Y3ZjMwNjYy
NGQ3ZmY1ZDhlNDgzZGYxMDM3N2JjZDdiNjJmMGRlMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOoI0iM8LAA2HvxeiVVvfFUGVJ0RyiHY5QE8VNTBgcG33k0yrnbp
W/AeGgr2xVCnHAodcv8xN+4Pwi4aMLP+jR+KjVyADwHR5VS6PEKdoDI6YNC0nZGL
p1QogZaHzsSHJ3kIzJKpQ5+n20UZsh4DLlyyPsnQe0BBWW7eMSgEYZyjwm6ws6Io
DBWfJFL9h38VnWjBFfqCvYiJiS3yOrzznUxuFfois+9gM6yyvVxJtuUpd8hdwAlU
ubJoCvMSLtIDb+7TjfmzsuI6ngSLCxqtSaMn5qvQfXspMUNSW4zWwipPUnTGJCkt
/8NScMop7x2iRbTEUx7eUYHYfG5SjLzkMgsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRk8tJJrARDV6eAHhOhVZYNYGplijAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMmI5MzUzYzUtOGFlMi00NTNjLWIyZWMtNTgxYzMyOTQwODJjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAxximNF2FHzvjoP
n4+vQu991mUrq7JnENuf9fU+3LuNe4tUszJQOUG3MWXhJyPIR+Vb62Q/07F+bXfB
yJSpvskqo4G5LAthsYU8dF+BY1/13lC4Bj8kTeGLf0AxrCRDhBt2Fam5LY516aHV
GRJwrVHEK0XRhHvarxStvxjhRiIHgXvJiApxv3Q9tGEKRNMvlVEqndyrGH23/+y6
9qvJeqnCFJtlE8cEaZ2PGt/zM3ZimDkWJCMRS631NCNF3gyTxcecsmK8H9j/tEiD
JSXMojsdtRTrj9GmB2T7x1oWgtVW4SgkumQzPGQt6nuvAODIMn+V/AIzIsJ2u2aS
OQny/no=
-----END CERTIFICATE-----