Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3f280348-57b9-438a-910e-07f8901b5e1e.roa
File:                     3f280348-57b9-438a-910e-07f8901b5e1e.roa (raw, json)
Hash identifier:          3gnx58VhA28k+G/6/RJ5fkEVvKL+3oPTiozkwd8qadw=
Subject key identifier:   E4:F1:37:65:06:9B:6B:45:B9:DA:83:CA:BF:1E:54:7A:89:A1:73:93
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1B5FED0285A0ED1A8C89928A7456D7A11C9AB289
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3f280348-57b9-438a-910e-07f8901b5e1e.roa
Signing time:             Fri 26 May 2023 00:00:00 +0000
ROA not before:           Fri 26 May 2023 00:00:00 +0000
ROA not after:            Mon 29 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:5f:ed:02:85:a0:ed:1a:8c:89:92:8a:74:56:d7:a1:1c:9a:b2:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 26 00:00:00 2023 GMT
            Not After : May 29 23:59:59 2023 GMT
        Subject: serialNumber=d6a73cbcac1aa4b366c32609df8553952b80b44348a6c27312abbc764f760a22, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:e5:ab:d3:e0:e8:5d:46:10:0b:9e:1a:38:0f:
                    0e:45:70:4e:ca:e9:e6:14:cf:f2:be:7a:09:ea:eb:
                    1e:fc:8b:86:fb:f2:a4:ec:88:4b:6b:b7:98:24:02:
                    f7:0f:92:9c:73:a9:33:02:e0:f0:d2:08:43:b3:d4:
                    a8:5a:14:b3:99:be:55:8f:e7:7e:cc:1d:9d:bd:9a:
                    08:79:1a:29:a9:3a:76:83:6b:ec:c0:fb:58:d8:d3:
                    37:35:35:d0:14:6f:a1:91:37:2a:17:e5:bb:a4:0e:
                    f0:e1:b9:75:19:d4:41:76:b2:84:9c:9b:9f:ce:2e:
                    67:74:d3:2e:46:24:c2:8f:ab:b4:f4:3a:2b:04:bc:
                    be:04:6c:40:08:28:9b:29:c7:da:ea:fe:6a:d3:fa:
                    ee:25:dd:f4:a5:23:b7:fc:41:e9:c8:b5:17:15:6d:
                    47:c2:8c:a5:1e:8c:5c:7d:cf:60:6f:29:c9:a4:78:
                    c0:2f:32:a6:86:a2:27:9c:11:e9:9c:ac:ba:03:dc:
                    73:13:e1:26:cc:93:63:06:4a:f6:53:0e:20:c1:d8:
                    70:5a:3d:79:9b:ba:ea:e1:be:57:2d:3c:d2:75:04:
                    ac:ff:85:60:c9:a8:9d:2e:d2:de:0b:ee:80:5c:6f:
                    65:43:da:cb:c1:bc:23:f9:9f:53:c6:53:d9:b7:03:
                    b0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F1:37:65:06:9B:6B:45:B9:DA:83:CA:BF:1E:54:7A:89:A1:73:93
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3f280348-57b9-438a-910e-07f8901b5e1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:c7:fb:5b:2c:4f:05:c7:cd:6e:ad:4c:3e:ec:8f:da:5b:33:
         f3:5d:51:03:30:39:e7:fe:31:0e:f0:51:5f:d0:34:c2:a0:de:
         aa:bc:a0:27:0f:07:48:c4:7d:96:66:c5:ec:18:06:8f:e6:66:
         34:f3:82:a3:57:d6:a8:59:78:c7:6f:72:f1:33:9f:86:92:b3:
         cb:b3:14:4b:31:e2:b7:59:eb:fe:b5:56:9c:07:f9:4a:21:d4:
         05:2e:83:6e:35:33:ed:dc:bd:fb:42:06:c2:68:05:71:ba:d2:
         41:dc:66:d4:51:b8:28:12:73:50:a6:22:cb:ca:d3:31:6f:7c:
         c4:70:68:f0:47:3c:65:93:df:a9:52:9d:b4:de:bc:9f:55:36:
         06:76:fd:ec:05:a9:3c:72:c5:97:83:6a:6f:a5:d3:e4:78:b7:
         f5:de:54:41:b8:01:a7:19:23:f8:d5:4f:ce:75:02:6a:eb:ed:
         85:4d:da:3c:c6:bc:7d:ac:c3:e5:ef:ab:cb:26:25:63:1d:4c:
         68:e4:3f:06:23:03:81:5a:f3:4b:10:78:1b:ad:e2:1a:7b:a1:
         ae:8f:1b:48:3e:97:40:33:5d:af:c6:c9:e8:7c:55:cb:79:d5:
         ef:72:ae:3e:1a:96:35:14:43:e3:eb:95:3b:92:45:3c:e5:d4:
         60:7e:ef:fe
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUG1/tAoWg7RqMiZKKdFbXoRyasokwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI2MDAwMDAwWhcNMjMwNTI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDZhNzNjYmNhYzFhYTRiMzY2YzMyNjA5ZGY4NTUzOTUy
YjgwYjQ0MzQ4YTZjMjczMTJhYmJjNzY0Zjc2MGEyMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOjlq9Pg6F1GEAueGjgPDkVwTsrp5hTP8r56CerrHvyLhvvypOyI
S2u3mCQC9w+SnHOpMwLg8NIIQ7PUqFoUs5m+VY/nfswdnb2aCHkaKak6doNr7MD7
WNjTNzU10BRvoZE3Khflu6QO8OG5dRnUQXayhJybn84uZ3TTLkYkwo+rtPQ6KwS8
vgRsQAgomynH2ur+atP67iXd9KUjt/xB6ci1FxVtR8KMpR6MXH3PYG8pyaR4wC8y
poaiJ5wR6ZysugPccxPhJsyTYwZK9lMOIMHYcFo9eZu66uG+Vy080nUErP+FYMmo
nS7S3gvugFxvZUPay8G8I/mfU8ZT2bcDsD8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTk8TdlBptrRbnag8q/HlR6iaFzkzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2YyODAzNDgtNTdiOS00MzhhLTkxMGUtMDdmODkwMWI1ZTFlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACjH+1ssTwXHzW6t
TD7sj9pbM/NdUQMwOef+MQ7wUV/QNMKg3qq8oCcPB0jEfZZmxewYBo/mZjTzgqNX
1qhZeMdvcvEzn4aSs8uzFEsx4rdZ6/61VpwH+Uoh1AUug241M+3cvftCBsJoBXG6
0kHcZtRRuCgSc1CmIsvK0zFvfMRwaPBHPGWT36lSnbTevJ9VNgZ2/ewFqTxyxZeD
am+l0+R4t/XeVEG4AacZI/jVT851Amrr7YVN2jzGvH2sw+Xvq8smJWMdTGjkPwYj
A4Fa80sQeBut4hp7oa6PG0g+l0AzXa/Gyeh8Vct51e9yrj4aljUUQ+PrlTuSRTzl
1GB+7/4=
-----END CERTIFICATE-----