Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3438522d-38d7-4a16-a3f8-719fb70e7d5a.roa
File:                     3438522d-38d7-4a16-a3f8-719fb70e7d5a.roa (raw, json)
Hash identifier:          VfaQRPaFQIU3IcPAZnJQeISxdlFC+Eb5unrnG15oPmc=
Subject key identifier:   71:BB:02:1F:4A:8C:2A:20:D6:E5:EC:D9:C3:15:57:F3:1C:E0:F6:39
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2352F656BFC94295A69E59F6107B31C8A66873AE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3438522d-38d7-4a16-a3f8-719fb70e7d5a.roa
Signing time:             Tue 14 Feb 2023 00:00:00 +0000
ROA not before:           Tue 14 Feb 2023 00:00:00 +0000
ROA not after:            Fri 17 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:52:f6:56:bf:c9:42:95:a6:9e:59:f6:10:7b:31:c8:a6:68:73:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 14 00:00:00 2023 GMT
            Not After : Feb 17 23:59:59 2023 GMT
        Subject: serialNumber=c37f1cd5a4ae69657b1f72a3c8a654a53ffb3eabff4bd62c1a0715df966d4b34, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b3:b1:13:e9:66:91:9b:56:9c:5f:f0:fb:e4:
                    d2:ba:e1:7b:10:aa:db:42:70:41:90:5b:0c:15:ee:
                    c5:bb:6d:84:b2:c3:9b:10:96:1f:6d:7d:ad:44:5d:
                    14:84:86:99:91:39:18:07:29:7c:35:27:c6:f3:53:
                    66:5e:55:a3:57:a1:6a:9f:16:1d:46:e0:33:53:55:
                    35:b5:f8:24:72:80:a5:a1:f4:ec:83:75:39:e0:42:
                    3c:b4:96:6d:46:02:8d:39:8f:4a:7c:47:ff:1f:83:
                    93:57:07:8c:2b:52:3a:b9:4d:29:b7:fb:4c:bc:7f:
                    ad:64:de:dd:69:5a:a6:e0:63:d7:16:56:ca:d5:05:
                    6b:ea:39:79:f2:85:1c:78:9c:bb:3b:05:23:4f:3e:
                    37:80:bd:0b:0a:cc:6f:1b:30:6c:72:14:64:10:fa:
                    a6:64:ec:19:03:25:1f:5c:4e:a6:74:3a:46:be:ba:
                    75:ca:75:91:77:eb:bf:ec:19:14:e1:47:0f:aa:99:
                    84:02:8d:84:7c:21:a1:15:44:7f:fc:85:6f:79:f5:
                    da:ce:d1:1b:a2:6f:76:77:98:7f:79:84:4d:05:e2:
                    b5:f5:e7:b8:27:fe:69:f3:a1:35:ea:a2:ff:97:9e:
                    9f:03:de:94:0d:c3:b3:ef:98:ea:ed:ed:16:30:11:
                    ac:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:BB:02:1F:4A:8C:2A:20:D6:E5:EC:D9:C3:15:57:F3:1C:E0:F6:39
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3438522d-38d7-4a16-a3f8-719fb70e7d5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:36:c2:11:a2:48:68:50:e4:42:44:aa:60:8f:b3:3b:de:c2:
         df:a3:e0:0c:ce:bb:a1:a4:68:7f:a2:54:3b:9c:df:b5:7e:3a:
         1f:b9:51:0f:f2:29:c0:1b:61:0c:3e:81:f1:5c:bf:7a:e9:ec:
         de:c3:fb:8f:79:bb:a9:9f:97:04:a8:d5:5b:52:59:90:91:4a:
         13:d8:ca:d3:cf:fb:0e:a0:3e:6f:82:e1:33:8f:83:42:e3:3e:
         b5:11:82:87:84:02:b9:d5:b6:5d:3f:31:98:54:6c:69:fc:0b:
         f2:f1:67:59:7c:20:8b:af:67:19:d1:b5:36:c4:85:ac:4f:aa:
         8d:d3:91:c7:5f:ec:69:d4:7f:55:19:50:a3:68:0f:91:76:b5:
         5e:dd:f8:1c:40:06:b1:9a:b5:eb:94:d0:2d:73:bc:c0:1f:13:
         07:7f:2a:2d:8d:71:e1:08:32:95:de:a3:06:7e:88:1d:65:0c:
         db:1a:46:79:d4:5d:85:aa:ce:ae:a7:dc:73:be:fb:a9:8b:3d:
         60:12:0b:75:fd:2c:c5:ee:bd:5b:23:a3:91:07:55:c5:2b:92:
         d4:6c:42:92:ce:1c:fb:82:e8:fe:01:95:69:fa:8d:05:94:22:
         7d:60:b4:fd:cc:ba:42:95:67:62:07:4f:0a:6e:9b:da:71:59:
         f8:a6:fa:42
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUI1L2Vr/JQpWmnln2EHsxyKZoc64wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE0MDAwMDAwWhcNMjMwMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzM3ZjFjZDVhNGFlNjk2NTdiMWY3MmEzYzhhNjU0YTUz
ZmZiM2VhYmZmNGJkNjJjMWEwNzE1ZGY5NjZkNGIzNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJCzsRPpZpGbVpxf8Pvk0rrhexCq20JwQZBbDBXuxbtthLLDmxCW
H219rURdFISGmZE5GAcpfDUnxvNTZl5Vo1ehap8WHUbgM1NVNbX4JHKApaH07IN1
OeBCPLSWbUYCjTmPSnxH/x+Dk1cHjCtSOrlNKbf7TLx/rWTe3WlapuBj1xZWytUF
a+o5efKFHHicuzsFI08+N4C9CwrMbxswbHIUZBD6pmTsGQMlH1xOpnQ6Rr66dcp1
kXfrv+wZFOFHD6qZhAKNhHwhoRVEf/yFb3n12s7RG6JvdneYf3mETQXitfXnuCf+
afOhNeqi/5eenwPelA3Ds++Y6u3tFjARrM8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRxuwIfSowqINbl7NnDFVfzHOD2OTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzQzODUyMmQtMzhkNy00YTE2LWEzZjgtNzE5ZmI3MGU3ZDVhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIg2whGiSGhQ5EJE
qmCPszvewt+j4AzOu6GkaH+iVDuc37V+Oh+5UQ/yKcAbYQw+gfFcv3rp7N7D+495
u6mflwSo1VtSWZCRShPYytPP+w6gPm+C4TOPg0LjPrURgoeEArnVtl0/MZhUbGn8
C/LxZ1l8IIuvZxnRtTbEhaxPqo3Tkcdf7GnUf1UZUKNoD5F2tV7d+BxABrGateuU
0C1zvMAfEwd/Ki2NceEIMpXeowZ+iB1lDNsaRnnUXYWqzq6n3HO++6mLPWASC3X9
LMXuvVsjo5EHVcUrktRsQpLOHPuC6P4BlWn6jQWUIn1gtP3MukKVZ2IHTwpum9px
Wfim+kI=
-----END CERTIFICATE-----