Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/40fcf161-634a-40ed-9dcc-d214df0b1191.roa
File:                     40fcf161-634a-40ed-9dcc-d214df0b1191.roa (raw, json)
Hash identifier:          +fOhghYAAhxKfsogev2QNSvAfzQyr795Zzo/R+Fbbpo=
Subject key identifier:   EC:A4:B2:25:73:31:B0:2B:48:83:C1:83:A6:32:19:AE:6E:1E:82:64
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       528CF274C2A40BA6D445CEB2A955604DD1BB5FD8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/40fcf161-634a-40ed-9dcc-d214df0b1191.roa
Signing time:             Tue 28 Mar 2023 00:00:00 +0000
ROA not before:           Tue 28 Mar 2023 00:00:00 +0000
ROA not after:            Fri 31 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:8c:f2:74:c2:a4:0b:a6:d4:45:ce:b2:a9:55:60:4d:d1:bb:5f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 28 00:00:00 2023 GMT
            Not After : Mar 31 23:59:59 2023 GMT
        Subject: serialNumber=73c0878fb7803befe8a3d9ef2ebf8791ec192e271a49b623c0374d0606421481, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2d:18:ff:a4:bd:b9:46:46:59:ce:f5:09:2e:
                    8e:ba:9c:02:76:24:a1:2c:2c:ee:cf:d3:ce:c6:b5:
                    6d:81:04:8d:64:ef:3a:39:a5:df:e0:ce:27:78:d1:
                    1b:31:f9:7e:fc:cf:31:53:a1:bc:6d:aa:f1:80:35:
                    cf:3a:76:73:df:c9:75:3a:d5:2f:68:84:8a:48:95:
                    d9:b1:57:7a:2a:e1:e1:36:3e:06:0e:0d:83:c7:aa:
                    ea:d6:a9:02:f4:80:1a:3a:50:ed:96:7a:c4:20:c2:
                    e6:92:3f:34:1a:0d:63:47:ab:9f:6d:c2:cb:43:0b:
                    0e:ee:1a:75:a6:93:d2:0d:e1:2d:a9:c2:14:9f:5a:
                    e3:9e:00:78:7c:bb:30:ae:cd:d3:95:6e:bb:c3:04:
                    53:92:9d:6f:1d:29:9f:6e:a0:f8:51:1d:c7:d4:53:
                    e7:7d:e7:78:e7:b8:0c:03:fd:84:04:42:4e:73:35:
                    96:31:c7:da:62:70:6a:67:ee:50:85:86:51:9b:2d:
                    be:f7:c2:8b:36:f0:41:16:87:90:72:ce:82:d7:06:
                    46:b7:be:ef:1b:b3:46:21:cb:6a:46:46:45:40:0b:
                    f7:98:1c:00:ee:86:b8:f8:b4:56:8f:ef:5d:88:a8:
                    58:ff:d4:4b:d6:83:bc:cf:ed:59:38:21:2f:4a:5d:
                    fb:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:A4:B2:25:73:31:B0:2B:48:83:C1:83:A6:32:19:AE:6E:1E:82:64
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/40fcf161-634a-40ed-9dcc-d214df0b1191.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:0b:ea:75:06:2a:25:01:af:d7:e9:d0:f9:a0:2f:22:f4:0f:
         54:4a:99:fb:12:2c:f6:37:1b:46:75:12:f5:af:ce:d3:5a:3a:
         58:42:57:ef:6d:5f:02:38:9b:4c:f3:84:26:8e:05:7e:d1:f1:
         75:6d:83:85:27:cc:d2:a4:6d:e3:b7:5a:ba:9e:fa:2f:f0:b6:
         c9:69:25:c4:ea:0c:39:7c:87:58:06:99:93:d0:86:cb:9a:c0:
         fd:49:26:bd:3b:64:98:ab:57:02:b8:a2:af:20:e8:cf:29:ee:
         4f:e4:be:63:4d:ae:47:f1:f6:94:59:69:f8:6e:58:8d:b4:76:
         6d:3d:8b:ad:2c:b0:5a:3f:c6:56:63:4a:24:3d:f7:fd:ed:6b:
         3f:56:2c:40:d2:6d:3c:5c:0e:f2:37:0c:3f:b8:ca:44:46:4a:
         64:1b:eb:6e:93:0b:84:41:26:f0:1a:76:f4:14:bc:d8:90:9e:
         5c:c9:37:76:61:62:44:14:9f:e1:88:85:25:d1:7e:74:1c:85:
         0f:e9:ef:3d:e8:39:cc:51:24:f0:f3:4a:9f:15:ca:f4:75:be:
         d4:5e:0e:77:ec:f9:fc:99:19:51:9e:84:e7:ab:67:ec:0a:4a:
         28:ea:04:c6:2e:8a:2a:0a:82:8c:91:fa:0e:c6:66:f9:b9:79:
         dd:f0:78:40
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUozydMKkC6bURc6yqVVgTdG7X9gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI4MDAwMDAwWhcNMjMwMzMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzNjMDg3OGZiNzgwM2JlZmU4YTNkOWVmMmViZjg3OTFl
YzE5MmUyNzFhNDliNjIzYzAzNzRkMDYwNjQyMTQ4MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJYtGP+kvblGRlnO9QkujrqcAnYkoSws7s/Tzsa1bYEEjWTvOjml
3+DOJ3jRGzH5fvzPMVOhvG2q8YA1zzp2c9/JdTrVL2iEikiV2bFXeirh4TY+Bg4N
g8eq6tapAvSAGjpQ7ZZ6xCDC5pI/NBoNY0ern23Cy0MLDu4adaaT0g3hLanCFJ9a
454AeHy7MK7N05Vuu8MEU5Kdbx0pn26g+FEdx9RT533neOe4DAP9hARCTnM1ljHH
2mJwamfuUIWGUZstvvfCizbwQRaHkHLOgtcGRre+7xuzRiHLakZGRUAL95gcAO6G
uPi0Vo/vXYioWP/US9aDvM/tWTghL0pd+28CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTspLIlczGwK0iDwYOmMhmubh6CZDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDBmY2YxNjEtNjM0YS00MGVkLTlkY2MtZDIxNGRmMGIxMTkxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEEL6nUGKiUBr9fp
0PmgLyL0D1RKmfsSLPY3G0Z1EvWvztNaOlhCV+9tXwI4m0zzhCaOBX7R8XVtg4Un
zNKkbeO3Wrqe+i/wtslpJcTqDDl8h1gGmZPQhsuawP1JJr07ZJirVwK4oq8g6M8p
7k/kvmNNrkfx9pRZafhuWI20dm09i60ssFo/xlZjSiQ99/3taz9WLEDSbTxcDvI3
DD+4ykRGSmQb626TC4RBJvAadvQUvNiQnlzJN3ZhYkQUn+GIhSXRfnQchQ/p7z3o
OcxRJPDzSp8VyvR1vtReDnfs+fyZGVGehOerZ+wKSijqBMYuiioKgoyR+g7GZvm5
ed3weEA=
-----END CERTIFICATE-----