Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/32693810-3f67-4e76-b9db-6b1363368f84.roa
File:                     32693810-3f67-4e76-b9db-6b1363368f84.roa (raw, json)
Hash identifier:          fVlNGVg6ApbIvRbcnnl/MoeVHUFow3SqYl4t5wn920s=
Subject key identifier:   A0:41:E7:51:0F:64:86:3B:50:45:9F:08:14:30:2D:14:77:81:AB:6E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       16DE26F70CE08016AB5C9B4BFB0043389B8A1186
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/32693810-3f67-4e76-b9db-6b1363368f84.roa
Signing time:             Fri 10 Feb 2023 00:00:00 +0000
ROA not before:           Fri 10 Feb 2023 00:00:00 +0000
ROA not after:            Mon 13 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:de:26:f7:0c:e0:80:16:ab:5c:9b:4b:fb:00:43:38:9b:8a:11:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 10 00:00:00 2023 GMT
            Not After : Feb 13 23:59:59 2023 GMT
        Subject: serialNumber=41040132b953c00b75a42f181f81d7367a11981e7322d5fbdffb048c469567a6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fd:c6:0b:ca:01:57:a4:bb:b7:09:7a:f0:52:
                    c3:9c:c6:23:35:e9:50:65:98:38:0b:88:43:20:97:
                    68:02:2f:a3:c5:e7:d2:dc:ad:a2:6e:2a:47:a7:f3:
                    aa:00:83:ab:25:3e:32:55:56:57:cd:3d:72:38:a5:
                    dd:e3:88:b8:f7:b5:4b:ba:b6:b1:79:19:2c:c7:99:
                    6d:b0:e7:0d:34:64:57:21:16:79:92:ba:e3:25:d7:
                    c0:34:23:3c:d5:5a:b8:50:ca:26:f4:d7:2f:2c:c5:
                    74:49:d1:33:f4:c5:5a:b7:43:37:2b:47:07:da:40:
                    d8:e5:44:00:62:de:6a:3f:02:f1:3e:c5:7b:aa:32:
                    e3:10:43:78:83:c2:3d:cb:82:53:62:49:4d:7a:ed:
                    91:20:24:a4:42:35:84:79:d0:e3:eb:68:86:bb:26:
                    77:e9:73:28:31:24:69:35:43:7e:20:44:7a:bd:c1:
                    8f:c6:e3:31:ce:21:5f:b2:fa:5f:a3:32:38:53:85:
                    33:e3:63:21:63:f5:6c:de:9f:4d:e2:5a:55:da:f0:
                    02:91:f9:4e:d7:8f:68:72:b4:0d:eb:d3:01:53:62:
                    70:98:77:46:de:da:91:50:d4:20:30:6f:48:9a:9b:
                    f5:16:96:0d:82:2b:70:57:8e:b1:4f:9f:1c:f0:bb:
                    65:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:41:E7:51:0F:64:86:3B:50:45:9F:08:14:30:2D:14:77:81:AB:6E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/32693810-3f67-4e76-b9db-6b1363368f84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:a4:1b:9b:34:51:27:16:34:da:e5:dc:80:b3:fe:b9:75:ea:
         eb:21:b3:75:65:0c:dc:09:4b:12:af:37:53:d3:8f:cd:36:7e:
         69:33:db:e7:a1:b9:28:2b:e8:26:4c:de:27:5f:60:c5:db:e4:
         a3:bb:4a:48:22:92:7a:7e:45:8f:19:c5:34:bf:56:0b:3f:84:
         f0:3d:0d:9a:13:74:80:a9:8f:ff:01:d4:2e:7c:b9:0e:7f:8c:
         78:8a:b3:42:4e:30:b9:69:fa:ba:59:10:6c:b2:80:a2:54:82:
         df:10:7e:be:8c:21:85:50:03:9c:96:89:b5:46:6e:c1:92:7a:
         04:4b:8c:6b:0e:21:57:4a:0b:51:5e:ed:e7:9d:33:16:2e:88:
         2a:25:58:5b:2d:16:d8:3a:70:f5:83:84:c5:02:4d:ba:26:1b:
         d4:3a:4e:02:f1:ee:37:4c:ab:15:f0:6c:53:f4:c6:26:ee:e6:
         f5:b7:76:2a:3c:c9:fc:65:13:cf:a6:2c:3a:27:30:b8:dc:f5:
         a4:c4:48:7b:d6:d2:9a:1e:15:a3:4e:df:44:13:27:1b:11:35:
         8e:c5:a6:af:8e:43:c6:01:39:1c:29:1d:a0:ed:04:6b:6c:a5:
         d1:f0:ca:a6:aa:ce:d1:b1:44:80:d0:b5:ae:02:04:4f:b3:cc:
         8c:5b:f8:26
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUFt4m9wzggBarXJtL+wBDOJuKEYYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEwMDAwMDAwWhcNMjMwMjEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNANDEwNDAxMzJiOTUzYzAwYjc1YTQyZjE4MWY4MWQ3MzY3
YTExOTgxZTczMjJkNWZiZGZmYjA0OGM0Njk1NjdhNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKb9xgvKAVeku7cJevBSw5zGIzXpUGWYOAuIQyCXaAIvo8Xn0tyt
om4qR6fzqgCDqyU+MlVWV809cjil3eOIuPe1S7q2sXkZLMeZbbDnDTRkVyEWeZK6
4yXXwDQjPNVauFDKJvTXLyzFdEnRM/TFWrdDNytHB9pA2OVEAGLeaj8C8T7Fe6oy
4xBDeIPCPcuCU2JJTXrtkSAkpEI1hHnQ4+tohrsmd+lzKDEkaTVDfiBEer3Bj8bj
Mc4hX7L6X6MyOFOFM+NjIWP1bN6fTeJaVdrwApH5TtePaHK0DevTAVNicJh3Rt7a
kVDUIDBvSJqb9RaWDYIrcFeOsU+fHPC7ZYsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSgQedRD2SGO1BFnwgUMC0Ud4GrbjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzI2OTM4MTAtM2Y2Ny00ZTc2LWI5ZGItNmIxMzYzMzY4Zjg0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMqkG5s0UScWNNrl
3ICz/rl16ushs3VlDNwJSxKvN1PTj802fmkz2+ehuSgr6CZM3idfYMXb5KO7Skgi
knp+RY8ZxTS/Vgs/hPA9DZoTdICpj/8B1C58uQ5/jHiKs0JOMLlp+rpZEGyygKJU
gt8Qfr6MIYVQA5yWibVGbsGSegRLjGsOIVdKC1Fe7eedMxYuiColWFstFtg6cPWD
hMUCTbomG9Q6TgLx7jdMqxXwbFP0xibu5vW3dio8yfxlE8+mLDonMLjc9aTESHvW
0poeFaNO30QTJxsRNY7Fpq+OQ8YBORwpHaDtBGtspdHwyqaqztGxRIDQta4CBE+z
zIxb+CY=
-----END CERTIFICATE-----