Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3316e9d8-62e3-4448-a597-26b91eb746f0.roa
File:                     3316e9d8-62e3-4448-a597-26b91eb746f0.roa (raw, json)
Hash identifier:          lTM2i+6R29rdjNla9piWKEZ1fnmm0t/x0Kfe+OWSPwI=
Subject key identifier:   DB:F3:BE:7F:10:3E:11:3C:D2:07:C1:85:AC:23:D7:52:E6:CF:22:01
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6AD838D1C078ED3FAE9963D55D2060A256233D9E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3316e9d8-62e3-4448-a597-26b91eb746f0.roa
Signing time:             Fri 12 May 2023 00:00:00 +0000
ROA not before:           Fri 12 May 2023 00:00:00 +0000
ROA not after:            Mon 15 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:d8:38:d1:c0:78:ed:3f:ae:99:63:d5:5d:20:60:a2:56:23:3d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 12 00:00:00 2023 GMT
            Not After : May 15 23:59:59 2023 GMT
        Subject: serialNumber=997a40078ee8d41e9ce3db0f5cbcebb6ff3f9d5f7f62aa1338ca89706f7ab321, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3e:bd:45:ca:cf:a7:32:32:ee:a9:e9:ad:7e:
                    b8:97:c9:76:26:89:bd:84:27:33:e4:68:c5:09:ba:
                    59:e0:d2:3d:0b:59:76:ac:4a:06:3d:3b:53:ad:f7:
                    51:b2:3a:98:17:67:8c:41:a4:31:7a:d1:de:c5:0f:
                    c5:b9:3c:da:dd:48:d2:24:db:35:42:44:77:06:5b:
                    f3:36:76:29:73:7f:54:10:b7:72:ee:9f:d1:c0:8c:
                    9c:32:f3:cc:da:00:8a:86:df:ef:14:92:2f:3b:0d:
                    5b:49:2a:ec:8c:cd:fc:ff:a8:08:c0:84:91:3e:72:
                    c0:eb:96:00:2d:dd:9f:4a:9e:0a:eb:9e:e3:c6:81:
                    de:39:36:88:43:2d:ce:e0:19:76:a3:2f:f6:66:a4:
                    b5:54:57:52:6d:59:c4:4b:a4:f1:02:a4:13:ef:5f:
                    36:4d:1b:2a:ea:83:70:14:59:c5:06:6e:d4:96:23:
                    34:bc:63:87:d1:c7:a2:42:ad:f2:74:8e:9b:7a:79:
                    32:fa:84:b4:94:73:dc:9e:4b:2c:f3:5b:d7:ca:26:
                    f9:f2:55:24:22:0d:a2:ba:24:0d:11:17:b4:da:c4:
                    4b:08:6f:7a:cb:5d:ff:88:e4:d2:cc:47:aa:2e:1d:
                    4b:11:69:51:60:b7:5f:03:05:03:c5:88:f8:4b:15:
                    11:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F3:BE:7F:10:3E:11:3C:D2:07:C1:85:AC:23:D7:52:E6:CF:22:01
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3316e9d8-62e3-4448-a597-26b91eb746f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:eb:37:44:e5:92:81:9b:56:73:36:be:e2:1b:82:de:5d:aa:
         19:e6:7a:e3:88:39:83:bf:fc:8e:f8:c7:53:23:a0:2e:c5:f5:
         14:16:24:b3:90:c4:0b:e0:31:1b:1c:52:9f:cf:a3:4e:a2:12:
         25:7c:a8:96:7e:de:86:dc:aa:28:8d:aa:bb:f4:86:eb:ad:7b:
         46:03:ec:44:fa:ea:45:48:28:55:e7:9b:03:29:3c:24:e8:ee:
         68:06:8a:54:3a:81:2a:51:c4:54:0c:92:07:f5:20:ba:5a:71:
         0e:aa:c5:a9:bb:ab:61:9d:ab:2e:26:b6:4e:a4:32:31:9c:44:
         9a:66:f6:49:be:e1:f6:25:62:9c:5f:58:53:5d:b5:c9:67:0c:
         de:b4:ed:ad:60:96:fd:7c:a6:dd:e7:58:d9:11:c9:3e:dd:b8:
         72:4c:37:5a:75:25:2d:8e:3f:6b:fa:16:ff:1e:91:d1:00:fb:
         8a:2e:98:cb:fa:5f:60:73:4d:fc:66:a9:60:8c:05:45:27:37:
         3c:22:a5:81:d5:b0:13:53:2f:08:f5:81:a9:fb:ed:bb:b0:01:
         fb:0e:db:4d:be:c7:75:d1:da:20:c9:fb:01:f5:64:2d:44:e1:
         ae:f9:c5:d9:25:c0:12:c6:74:ff:0b:23:39:12:fe:2c:a4:d9:
         16:4e:45:9a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUatg40cB47T+umWPVXSBgolYjPZ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTEyMDAwMDAwWhcNMjMwNTE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTk3YTQwMDc4ZWU4ZDQxZTljZTNkYjBmNWNiY2ViYjZm
ZjNmOWQ1ZjdmNjJhYTEzMzhjYTg5NzA2ZjdhYjMyMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALg+vUXKz6cyMu6p6a1+uJfJdiaJvYQnM+RoxQm6WeDSPQtZdqxK
Bj07U633UbI6mBdnjEGkMXrR3sUPxbk82t1I0iTbNUJEdwZb8zZ2KXN/VBC3cu6f
0cCMnDLzzNoAiobf7xSSLzsNW0kq7IzN/P+oCMCEkT5ywOuWAC3dn0qeCuue48aB
3jk2iEMtzuAZdqMv9maktVRXUm1ZxEuk8QKkE+9fNk0bKuqDcBRZxQZu1JYjNLxj
h9HHokKt8nSOm3p5MvqEtJRz3J5LLPNb18om+fJVJCINorokDREXtNrESwhvestd
/4jk0sxHqi4dSxFpUWC3XwMFA8WI+EsVEbUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTb875/ED4RPNIHwYWsI9dS5s8iATAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzMxNmU5ZDgtNjJlMy00NDQ4LWE1OTctMjZiOTFlYjc0NmYwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG3rN0TlkoGbVnM2
vuIbgt5dqhnmeuOIOYO//I74x1MjoC7F9RQWJLOQxAvgMRscUp/Po06iEiV8qJZ+
3obcqiiNqrv0huute0YD7ET66kVIKFXnmwMpPCTo7mgGilQ6gSpRxFQMkgf1ILpa
cQ6qxam7q2Gdqy4mtk6kMjGcRJpm9km+4fYlYpxfWFNdtclnDN607a1glv18pt3n
WNkRyT7duHJMN1p1JS2OP2v6Fv8ekdEA+4oumMv6X2BzTfxmqWCMBUUnNzwipYHV
sBNTLwj1gan77buwAfsO202+x3XR2iDJ+wH1ZC1E4a75xdklwBLGdP8LIzkS/iyk
2RZORZo=
-----END CERTIFICATE-----