Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33de31ca-6b2d-476b-adca-c20817b83b63.roa
File:                     33de31ca-6b2d-476b-adca-c20817b83b63.roa (raw, json)
Hash identifier:          f/T85hDJyD7YHVH0300bQAjEGtEmoBq5rWOLubB4aU8=
Subject key identifier:   EC:B0:6B:C1:F3:32:40:42:07:3F:10:94:21:F4:6F:C1:86:E6:76:3E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       07AF1B0517AE762E893F294A64D2087D83EA6071
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33de31ca-6b2d-476b-adca-c20817b83b63.roa
Signing time:             Tue 02 May 2023 00:00:00 +0000
ROA not before:           Tue 02 May 2023 00:00:00 +0000
ROA not after:            Fri 05 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:af:1b:05:17:ae:76:2e:89:3f:29:4a:64:d2:08:7d:83:ea:60:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May  2 00:00:00 2023 GMT
            Not After : May  5 23:59:59 2023 GMT
        Subject: serialNumber=66d50169ee0903b8f8eb15d5d737f17458d2965744b18fbc0de81b695d684eb2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:eb:97:af:4f:10:9d:fd:2d:7f:a7:cf:3f:36:
                    cf:a4:2d:d6:58:15:2d:09:81:d8:42:7f:d1:8f:83:
                    e8:5a:c7:32:7f:46:28:66:21:1e:f5:a4:8d:ea:66:
                    40:2d:38:79:b6:cc:64:f5:7a:5e:5b:f7:d2:c8:48:
                    ba:50:aa:5d:e1:7e:2c:89:d4:eb:4f:78:f9:e3:a3:
                    4e:4f:56:56:7c:c9:9b:4a:57:45:41:ac:b3:de:b9:
                    80:1e:77:58:85:3d:e7:41:29:f3:af:0c:bb:d3:da:
                    79:d8:fd:44:25:e4:5a:37:b6:4e:1b:7f:bb:9f:e8:
                    50:0b:92:97:96:3b:12:8a:b3:3c:c0:37:e8:6c:28:
                    6a:d8:a9:07:5d:c2:3f:69:c7:bc:e6:c4:dd:be:82:
                    c5:f4:89:4b:4d:c7:d4:02:56:a8:f9:31:ea:dc:d0:
                    be:d8:4b:95:ce:46:89:e4:f8:fe:af:e8:fe:b6:07:
                    c9:7d:4c:fe:50:c8:f4:8f:af:63:c2:f3:b5:2e:64:
                    3a:d4:28:f9:1a:14:9a:af:3e:fc:b7:0d:0b:5c:c6:
                    e2:9b:25:33:cd:95:55:5c:d4:48:9e:2b:b6:da:85:
                    de:85:6a:d5:9a:e9:4d:0e:78:dd:ec:77:94:6a:5e:
                    c4:b1:8d:13:24:ee:12:1b:35:a8:aa:0b:58:9a:6a:
                    c6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:B0:6B:C1:F3:32:40:42:07:3F:10:94:21:F4:6F:C1:86:E6:76:3E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33de31ca-6b2d-476b-adca-c20817b83b63.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:fc:2f:cf:43:b6:e2:22:21:56:b3:a2:69:1c:7f:7b:ab:86:
         2e:9c:13:f4:9f:38:0c:86:83:c4:90:42:39:c2:8f:9e:74:0c:
         74:b6:9b:a7:18:12:af:80:fe:40:40:4c:86:0e:e9:13:79:ba:
         3e:af:e7:49:8c:a4:7a:39:25:e1:32:c9:a7:7f:44:04:a4:64:
         6b:f2:4e:f6:65:1b:7e:45:ca:01:bb:bd:22:42:6e:cc:e7:20:
         bc:bc:b9:bd:73:c3:df:e3:93:5b:83:d1:c9:49:43:31:2c:ac:
         98:e2:4c:31:c9:d6:bf:bf:4c:1d:1e:a4:a4:fc:bc:17:af:30:
         47:77:1d:24:07:64:33:b6:10:c5:29:6e:cb:4c:02:f7:90:d5:
         1b:5b:30:f3:bd:cb:e0:91:ee:15:04:16:ba:c5:75:e0:09:88:
         83:d2:76:82:d5:21:f7:d9:a2:61:4a:4c:b1:9b:6a:3a:96:bf:
         ac:4c:dc:c9:93:c0:30:2b:35:af:5d:56:bd:42:4f:3f:df:ff:
         1d:32:21:f3:39:1f:bd:fa:a8:34:d1:c9:73:92:fd:93:09:3d:
         3c:a2:f6:8d:6c:98:8f:9f:aa:68:57:5d:78:1a:16:c9:77:0b:
         ea:4c:2e:28:31:54:38:fd:31:c7:30:a7:9f:ac:c6:07:e3:8d:
         25:85:72:7b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUB68bBReudi6JPylKZNIIfYPqYHEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTAyMDAwMDAwWhcNMjMwNTA1MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjZkNTAxNjllZTA5MDNiOGY4ZWIxNWQ1ZDczN2YxNzQ1
OGQyOTY1NzQ0YjE4ZmJjMGRlODFiNjk1ZDY4NGViMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKHrl69PEJ39LX+nzz82z6Qt1lgVLQmB2EJ/0Y+D6FrHMn9GKGYh
HvWkjepmQC04ebbMZPV6Xlv30shIulCqXeF+LInU6094+eOjTk9WVnzJm0pXRUGs
s965gB53WIU950Ep868Mu9Paedj9RCXkWje2Tht/u5/oUAuSl5Y7EoqzPMA36Gwo
atipB13CP2nHvObE3b6CxfSJS03H1AJWqPkx6tzQvthLlc5GieT4/q/o/rYHyX1M
/lDI9I+vY8LztS5kOtQo+RoUmq8+/LcNC1zG4pslM82VVVzUSJ4rttqF3oVq1Zrp
TQ543ex3lGpexLGNEyTuEhs1qKoLWJpqxvcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTssGvB8zJAQgc/EJQh9G/BhuZ2PjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzNkZTMxY2EtNmIyZC00NzZiLWFkY2EtYzIwODE3YjgzYjYzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC78L89DtuIiIVaz
omkcf3urhi6cE/SfOAyGg8SQQjnCj550DHS2m6cYEq+A/kBATIYO6RN5uj6v50mM
pHo5JeEyyad/RASkZGvyTvZlG35FygG7vSJCbsznILy8ub1zw9/jk1uD0clJQzEs
rJjiTDHJ1r+/TB0epKT8vBevMEd3HSQHZDO2EMUpbstMAveQ1RtbMPO9y+CR7hUE
FrrFdeAJiIPSdoLVIffZomFKTLGbajqWv6xM3MmTwDArNa9dVr1CTz/f/x0yIfM5
H736qDTRyXOS/ZMJPTyi9o1smI+fqmhXXXgaFsl3C+pMLigxVDj9Mccwp5+sxgfj
jSWFcns=
-----END CERTIFICATE-----