Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33154f29-b472-4bd8-9111-0202944d022e.roa
File:                     33154f29-b472-4bd8-9111-0202944d022e.roa (raw, json)
Hash identifier:          V03rJFh4/1iSonAZoP5xzwBnfSmTjXS1nPfYWGMgiBA=
Subject key identifier:   2C:B5:02:EC:CE:F5:65:3D:14:84:F8:AA:02:54:2E:93:FF:43:B2:73
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2C0411AF198747DE4BC10FE74011939B2E70739F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33154f29-b472-4bd8-9111-0202944d022e.roa
Signing time:             Thu 23 Mar 2023 00:00:00 +0000
ROA not before:           Thu 23 Mar 2023 00:00:00 +0000
ROA not after:            Sun 26 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:04:11:af:19:87:47:de:4b:c1:0f:e7:40:11:93:9b:2e:70:73:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 23 00:00:00 2023 GMT
            Not After : Mar 26 23:59:59 2023 GMT
        Subject: serialNumber=96a0b9bb5a89f2439949878992994a3b7064816c5a54a952ed7f94bed5e941e1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0a:7a:e3:f9:84:0d:e3:d0:b4:e6:11:34:8b:
                    08:9c:bb:5c:fb:1b:c4:3a:d7:75:8c:d3:dd:50:61:
                    03:1f:19:e8:b6:85:a5:24:76:d6:14:b3:3b:c9:77:
                    d1:92:ea:b8:cd:74:66:19:48:ea:f6:3e:2f:3a:87:
                    0d:9f:67:cc:f9:e5:5b:53:ee:55:c3:42:17:c1:d7:
                    73:ec:34:69:80:c2:a4:ed:cd:ab:2c:f8:8f:85:9a:
                    4f:49:37:75:08:16:3e:ee:4e:83:27:6c:34:d6:29:
                    32:2e:ef:f5:63:37:8d:f9:c6:de:1f:1a:9d:0b:8a:
                    e3:7c:1a:9e:bf:5f:b5:1f:58:04:96:ef:da:90:ff:
                    9d:62:ef:9e:a4:95:d4:ae:26:69:07:86:dd:e7:b4:
                    f8:28:d0:18:04:09:15:76:4d:9e:e9:e7:f3:2c:a0:
                    88:0e:96:06:67:09:27:bd:f8:ec:43:63:49:6f:28:
                    48:24:21:41:28:e2:78:56:ba:dd:78:ce:da:2e:0f:
                    a4:57:94:3b:f9:c1:7d:24:b2:7d:7a:8b:fe:20:b1:
                    c8:61:fd:6b:94:b5:f3:10:88:6c:00:26:be:31:94:
                    0a:70:4f:cd:c1:ef:52:e8:6a:b4:da:b0:e5:bd:8d:
                    cf:e3:77:02:f7:0d:95:79:32:81:93:81:4b:38:c0:
                    fe:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:B5:02:EC:CE:F5:65:3D:14:84:F8:AA:02:54:2E:93:FF:43:B2:73
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33154f29-b472-4bd8-9111-0202944d022e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:58:cd:40:39:44:73:25:ef:0e:f4:21:81:81:7c:f0:03:40:
         69:e4:d0:10:c2:ae:1b:c9:28:76:74:43:f6:f2:14:f8:3e:5d:
         4f:24:9a:f9:24:f0:31:4a:48:6d:38:8e:14:cc:9a:2e:cf:b1:
         3e:bd:6d:97:63:b8:8c:a2:4b:42:f5:6c:98:11:a9:e8:45:77:
         03:92:65:c6:d4:6b:42:b8:03:77:5d:4f:ac:1c:b4:cf:80:62:
         ce:3e:7a:8b:55:15:6c:2f:c3:e0:84:06:fb:d9:ca:64:6a:58:
         09:84:5a:99:38:f7:cb:ff:09:49:14:88:5a:3c:d9:19:c4:5c:
         ea:5d:76:f4:73:f4:2b:99:10:2f:1a:f6:9f:d2:8c:3f:79:32:
         62:54:72:89:5c:21:17:e1:6f:c5:8a:17:76:2b:91:fa:48:f3:
         e9:28:3e:97:82:a2:7a:12:0b:6a:02:9c:d0:0e:7d:38:51:35:
         19:93:a7:65:a7:72:d1:13:26:c0:5b:cf:8c:cf:59:fd:a3:68:
         ac:30:b0:42:25:49:6f:b7:e4:c2:5e:8c:38:c6:99:ac:b2:f8:
         47:14:ba:5c:03:46:fd:98:b7:23:e7:c1:b2:c6:e7:9d:44:f7:
         f1:46:9d:4b:9e:47:2b:79:84:6d:65:dd:26:c0:2f:99:ea:14:
         2a:df:1c:67
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULAQRrxmHR95LwQ/nQBGTmy5wc58wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIzMDAwMDAwWhcNMjMwMzI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTZhMGI5YmI1YTg5ZjI0Mzk5NDk4Nzg5OTI5OTRhM2I3
MDY0ODE2YzVhNTRhOTUyZWQ3Zjk0YmVkNWU5NDFlMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKoKeuP5hA3j0LTmETSLCJy7XPsbxDrXdYzT3VBhAx8Z6LaFpSR2
1hSzO8l30ZLquM10ZhlI6vY+LzqHDZ9nzPnlW1PuVcNCF8HXc+w0aYDCpO3Nqyz4
j4WaT0k3dQgWPu5OgydsNNYpMi7v9WM3jfnG3h8anQuK43wanr9ftR9YBJbv2pD/
nWLvnqSV1K4maQeG3ee0+CjQGAQJFXZNnunn8yygiA6WBmcJJ7347ENjSW8oSCQh
QSjieFa63XjO2i4PpFeUO/nBfSSyfXqL/iCxyGH9a5S18xCIbAAmvjGUCnBPzcHv
UuhqtNqw5b2Nz+N3AvcNlXkygZOBSzjA/k8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQstQLszvVlPRSE+KoCVC6T/0OyczAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzMxNTRmMjktYjQ3Mi00YmQ4LTkxMTEtMDIwMjk0NGQwMjJlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEZYzUA5RHMl7w70
IYGBfPADQGnk0BDCrhvJKHZ0Q/byFPg+XU8kmvkk8DFKSG04jhTMmi7PsT69bZdj
uIyiS0L1bJgRqehFdwOSZcbUa0K4A3ddT6wctM+AYs4+eotVFWwvw+CEBvvZymRq
WAmEWpk498v/CUkUiFo82RnEXOpddvRz9CuZEC8a9p/SjD95MmJUcolcIRfhb8WK
F3YrkfpI8+koPpeConoSC2oCnNAOfThRNRmTp2WnctETJsBbz4zPWf2jaKwwsEIl
SW+35MJejDjGmayy+EcUulwDRv2YtyPnwbLG551E9/FGnUueRyt5hG1l3SbAL5nq
FCrfHGc=
-----END CERTIFICATE-----