Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2d07294f-2513-4a36-a61c-776d09863f44.roa
File:                     2d07294f-2513-4a36-a61c-776d09863f44.roa (raw, json)
Hash identifier:          5NfPcj30yF+sGFTas30ksSPUTcM56kom+VLyFZ48ttU=
Subject key identifier:   7F:A1:7F:57:D3:95:B5:D2:EC:D9:4E:14:DE:BF:3A:2E:8A:FA:FB:3F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       35F6C32A33752FD459BA930F3313183048336990
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2d07294f-2513-4a36-a61c-776d09863f44.roa
Signing time:             Mon 06 Mar 2023 00:00:00 +0000
ROA not before:           Mon 06 Mar 2023 00:00:00 +0000
ROA not after:            Thu 09 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:f6:c3:2a:33:75:2f:d4:59:ba:93:0f:33:13:18:30:48:33:69:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  6 00:00:00 2023 GMT
            Not After : Mar  9 23:59:59 2023 GMT
        Subject: serialNumber=3f4716d83201f83d1091465816305f8c69f90ffacb31e8b81b9cfabb2ffd12ed, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:38:ef:ce:61:b9:ac:9c:49:78:61:92:d4:5e:
                    59:34:1b:b3:26:86:62:98:58:32:da:c8:64:0a:50:
                    7e:01:b9:d8:f6:ab:c9:68:8e:8b:19:35:c1:a0:7a:
                    d3:f5:80:75:01:2a:d0:83:84:5c:c3:39:93:f4:6e:
                    a8:d0:83:6d:8a:e0:38:43:34:4e:e5:dd:10:50:0a:
                    ed:06:e1:c7:5f:b8:15:29:23:fa:22:87:83:38:ad:
                    12:18:00:af:3a:4c:1f:60:b3:40:38:98:f4:13:9d:
                    05:61:fc:9f:67:63:9a:59:70:a0:e5:2c:a5:fe:65:
                    18:5d:5e:b9:7f:a2:e6:d8:90:5d:9f:87:3e:3e:44:
                    c7:d7:71:06:77:33:06:17:a6:be:26:89:77:3f:0d:
                    7c:70:d6:ab:ca:53:d5:25:df:29:8f:05:4e:f2:c5:
                    3c:23:a1:94:3d:04:7b:38:c8:52:ad:86:07:df:2f:
                    ff:72:ac:9c:1b:4d:f8:a2:d6:79:17:3a:ce:54:0a:
                    c8:24:68:94:ba:69:f0:a4:18:f5:ce:24:8f:8c:5c:
                    25:33:cb:a5:7b:e8:e6:1f:1d:94:58:78:00:bf:83:
                    1a:95:28:0f:fa:fa:c6:7e:0f:95:b8:31:22:81:ba:
                    f2:35:c1:ba:97:3c:28:5e:d3:da:de:d7:4e:01:23:
                    8b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:A1:7F:57:D3:95:B5:D2:EC:D9:4E:14:DE:BF:3A:2E:8A:FA:FB:3F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2d07294f-2513-4a36-a61c-776d09863f44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:a0:cb:ed:48:6f:25:01:fa:81:88:e0:0a:b2:1e:c4:cd:3e:
         41:b0:f2:41:ad:b5:d3:28:47:b2:c9:a8:86:e0:3e:56:64:16:
         4a:08:fb:f8:11:f8:b9:b3:8f:14:66:47:b9:ea:c4:c6:f0:23:
         22:6d:05:a1:ec:25:dc:59:72:26:52:1a:46:36:dd:b5:27:0c:
         43:a0:59:83:f3:93:bf:a0:5b:5e:a7:e4:2c:6f:af:43:11:95:
         ad:08:ce:ad:54:46:2a:28:e1:9c:bb:21:7e:26:cb:b7:cc:2f:
         38:e9:ca:5e:ea:b2:65:48:d3:07:7f:c3:19:45:81:e5:8a:59:
         3b:2a:7c:8a:64:54:8a:3d:d5:45:86:d5:2f:5c:83:28:b7:0d:
         9d:bf:16:b8:ca:14:26:c5:18:6a:73:7b:c2:ca:05:84:0d:bb:
         5c:e1:51:2a:6d:dc:1e:09:b6:f7:34:83:16:19:12:34:f3:a7:
         b9:9c:90:a2:2c:c4:67:3c:dc:d4:79:23:09:b8:0d:09:d9:fe:
         09:e2:9d:f4:54:6e:cc:f2:76:16:f2:30:29:de:1b:58:8e:ec:
         77:fe:cb:8a:72:ad:07:44:bc:0f:fd:c4:b5:ea:a9:9a:4d:8f:
         8a:b6:82:34:42:b2:b1:07:f5:ab:0f:67:f0:29:3e:f2:36:76:
         ae:07:46:20
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNfbDKjN1L9RZupMPMxMYMEgzaZAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA2MDAwMDAwWhcNMjMwMzA5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2Y0NzE2ZDgzMjAxZjgzZDEwOTE0NjU4MTYzMDVmOGM2
OWY5MGZmYWNiMzFlOGI4MWI5Y2ZhYmIyZmZkMTJlZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMQ4785huaycSXhhktReWTQbsyaGYphYMtrIZApQfgG52ParyWiO
ixk1waB60/WAdQEq0IOEXMM5k/RuqNCDbYrgOEM0TuXdEFAK7Qbhx1+4FSkj+iKH
gzitEhgArzpMH2CzQDiY9BOdBWH8n2djmllwoOUspf5lGF1euX+i5tiQXZ+HPj5E
x9dxBnczBhemviaJdz8NfHDWq8pT1SXfKY8FTvLFPCOhlD0EezjIUq2GB98v/3Ks
nBtN+KLWeRc6zlQKyCRolLpp8KQY9c4kj4xcJTPLpXvo5h8dlFh4AL+DGpUoD/r6
xn4PlbgxIoG68jXBupc8KF7T2t7XTgEji9UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR/oX9X05W10uzZThTevzouivr7PzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMmQwNzI5NGYtMjUxMy00YTM2LWE2MWMtNzc2ZDA5ODYzZjQ0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADigy+1IbyUB+oGI
4AqyHsTNPkGw8kGttdMoR7LJqIbgPlZkFkoI+/gR+LmzjxRmR7nqxMbwIyJtBaHs
JdxZciZSGkY23bUnDEOgWYPzk7+gW16n5Cxvr0MRla0Izq1URioo4Zy7IX4my7fM
Lzjpyl7qsmVI0wd/wxlFgeWKWTsqfIpkVIo91UWG1S9cgyi3DZ2/FrjKFCbFGGpz
e8LKBYQNu1zhUSpt3B4Jtvc0gxYZEjTzp7mckKIsxGc83NR5Iwm4DQnZ/gninfRU
bszydhbyMCneG1iO7Hf+y4pyrQdEvA/9xLXqqZpNj4q2gjRCsrEH9asPZ/ApPvI2
dq4HRiA=
-----END CERTIFICATE-----