Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/38fb80fc-deec-461e-b9c1-1d5d0086cc0b.roa
File:                     38fb80fc-deec-461e-b9c1-1d5d0086cc0b.roa (raw, json)
Hash identifier:          qRgrGQV3ahmPYTwc9PiHlvKxNbmXTeUcaNS7Q3QE/xo=
Subject key identifier:   63:FD:A7:3E:DC:39:36:0F:50:D6:05:B2:89:80:BB:B8:07:4B:34:25
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2D1D561CD83996C4DFFDCF87E2F9B562605331A9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/38fb80fc-deec-461e-b9c1-1d5d0086cc0b.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:1d:56:1c:d8:39:96:c4:df:fd:cf:87:e2:f9:b5:62:60:53:31:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=f8a54720f9ae10cf2b028874be37a89521cad492a1f2291f29c2c80231fbe615, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:74:b9:c1:ab:c7:1a:41:f2:f7:9b:ec:14:0f:
                    8b:fc:7c:69:cd:60:da:52:ac:de:c8:03:62:db:00:
                    3f:bc:4d:9e:0c:10:84:82:9a:d7:6b:15:fb:43:48:
                    c2:eb:88:02:d4:e8:5a:3f:a5:97:4e:e4:f0:46:4f:
                    0c:4e:57:c9:2a:ed:3a:61:88:a6:10:28:4a:44:31:
                    58:ea:15:26:c9:22:5d:04:ac:bc:ac:b5:85:e4:94:
                    de:f0:02:e7:52:be:30:7b:b6:8e:4c:0c:48:b4:1e:
                    30:ce:56:38:81:72:5c:87:5b:28:32:e3:35:7a:91:
                    a6:12:e2:d2:ed:ce:1e:31:43:d2:eb:30:fc:c9:7f:
                    6f:88:17:72:d2:66:d4:04:3c:38:ac:a5:74:7c:1d:
                    95:06:eb:3f:07:b0:cf:5d:46:03:b7:aa:71:a4:e3:
                    0d:b0:66:c5:e8:74:0e:6c:6e:a7:d4:1e:e5:44:bb:
                    6f:98:0b:d7:e7:23:47:9a:cd:71:6f:c6:be:e5:3a:
                    b7:e8:d9:b6:ff:b1:f7:e3:1e:cd:c8:53:24:b9:69:
                    6b:b0:a1:35:df:8b:43:c1:fd:97:e2:70:ec:6f:7f:
                    28:7e:02:20:de:6f:44:79:b9:61:e7:45:d6:d7:73:
                    7a:9b:e1:25:61:db:2a:ea:9c:3c:52:14:4c:13:ba:
                    e7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FD:A7:3E:DC:39:36:0F:50:D6:05:B2:89:80:BB:B8:07:4B:34:25
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/38fb80fc-deec-461e-b9c1-1d5d0086cc0b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:81:d6:47:d9:a5:95:6b:c1:9c:3a:b9:d8:d4:04:83:69:7c:
         75:43:1e:c5:ed:fe:1c:36:b3:3d:e8:55:fe:35:46:62:6e:a7:
         6e:3a:bf:06:01:a1:f9:1e:f7:4b:a7:c3:40:93:6c:5e:42:d4:
         3a:59:e1:1e:5c:02:4a:33:b7:62:af:3f:5f:5f:6a:36:55:51:
         a8:ac:f7:1c:b7:95:02:56:5c:3a:7c:60:77:13:4a:d4:9d:42:
         cc:bb:9c:6a:2e:a0:a8:84:0a:6c:f5:7c:1d:1c:6a:05:80:e5:
         46:24:11:a1:ba:62:00:11:3a:d6:91:12:27:ba:f2:3a:1e:1b:
         b6:4d:ae:3e:dc:dc:95:b0:d2:3e:1e:1a:2c:4b:28:85:96:87:
         ae:b0:ae:91:7f:93:12:07:70:5e:38:93:ed:98:04:50:3d:c5:
         ce:32:7f:fd:9a:e3:b2:1b:a1:3e:99:9f:e5:d4:b2:7e:32:7a:
         0d:15:8c:17:76:c5:cc:d5:0d:bd:20:1a:c0:0c:41:05:0a:4d:
         dd:e6:60:59:4f:c3:05:bf:59:11:d2:15:ac:32:f8:d6:7d:8e:
         d1:7c:91:b1:41:dc:51:4c:07:29:ab:ce:55:d2:df:bd:43:5a:
         99:cf:64:6c:06:72:29:81:d4:4a:0d:59:d7:29:67:3d:6d:a6:
         00:1c:2b:25
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULR1WHNg5lsTf/c+H4vm1YmBTMakwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjhhNTQ3MjBmOWFlMTBjZjJiMDI4ODc0YmUzN2E4OTUy
MWNhZDQ5MmExZjIyOTFmMjljMmM4MDIzMWZiZTYxNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALN0ucGrxxpB8veb7BQPi/x8ac1g2lKs3sgDYtsAP7xNngwQhIKa
12sV+0NIwuuIAtToWj+ll07k8EZPDE5XySrtOmGIphAoSkQxWOoVJskiXQSsvKy1
heSU3vAC51K+MHu2jkwMSLQeMM5WOIFyXIdbKDLjNXqRphLi0u3OHjFD0usw/Ml/
b4gXctJm1AQ8OKyldHwdlQbrPwewz11GA7eqcaTjDbBmxeh0Dmxup9Qe5US7b5gL
1+cjR5rNcW/GvuU6t+jZtv+x9+MezchTJLlpa7ChNd+LQ8H9l+Jw7G9/KH4CIN5v
RHm5YedF1tdzepvhJWHbKuqcPFIUTBO655sCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRj/ac+3Dk2D1DWBbKJgLu4B0s0JTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzhmYjgwZmMtZGVlYy00NjFlLWI5YzEtMWQ1ZDAwODZjYzBiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADaB1kfZpZVrwZw6
udjUBINpfHVDHsXt/hw2sz3oVf41RmJup246vwYBofke90unw0CTbF5C1DpZ4R5c
Akozt2KvP19fajZVUais9xy3lQJWXDp8YHcTStSdQsy7nGouoKiECmz1fB0cagWA
5UYkEaG6YgAROtaREie68joeG7ZNrj7c3JWw0j4eGixLKIWWh66wrpF/kxIHcF44
k+2YBFA9xc4yf/2a47IboT6Zn+XUsn4yeg0VjBd2xczVDb0gGsAMQQUKTd3mYFlP
wwW/WRHSFawy+NZ9jtF8kbFB3FFMBymrzlXS371DWpnPZGwGcimB1EoNWdcpZz1t
pgAcKyU=
-----END CERTIFICATE-----