Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/46bbd82a-39df-437c-9bf1-10014898d463.roa
File:                     46bbd82a-39df-437c-9bf1-10014898d463.roa (raw, json)
Hash identifier:          PZ5XGdrPwm4rYXffL8uoBrWBfX8AxULF4sNy616ytlw=
Subject key identifier:   AF:07:E7:7A:8A:95:5D:FE:C2:A8:BF:D2:A4:0D:04:DB:0C:3A:99:98
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6CFAE9B1EE4D94C1EAF0FA8F9AA6B39428091153
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/46bbd82a-39df-437c-9bf1-10014898d463.roa
Signing time:             Mon 29 May 2023 00:00:00 +0000
ROA not before:           Mon 29 May 2023 00:00:00 +0000
ROA not after:            Thu 01 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:fa:e9:b1:ee:4d:94:c1:ea:f0:fa:8f:9a:a6:b3:94:28:09:11:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 29 00:00:00 2023 GMT
            Not After : Jun  1 23:59:59 2023 GMT
        Subject: serialNumber=d0ec75dbd79b6c6f375706a4ce558f90d5a1981793899f40ed7314dc20e57195, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:76:2e:83:bd:a2:48:16:94:ca:d4:12:1f:8c:
                    e3:80:71:b3:f1:e2:54:44:59:00:4f:31:56:ed:1c:
                    62:11:22:bc:02:c2:c9:1a:40:0c:4d:ae:79:93:b6:
                    91:04:13:ae:f0:5f:14:28:31:ea:98:06:00:a9:dd:
                    ec:f0:20:c8:f1:e6:bc:4b:11:2a:52:b2:fb:d9:50:
                    f1:a6:e6:14:6b:ed:45:f0:6c:c5:7a:50:61:b3:08:
                    af:f7:71:d3:a9:ed:5c:5e:71:a5:99:d6:7d:67:5d:
                    6b:57:f6:60:9b:61:59:e5:09:50:50:6d:a7:a6:22:
                    a8:1a:0d:3a:98:b4:3f:f6:b6:c7:2b:92:52:b0:60:
                    43:e8:fb:52:c3:ab:ae:6c:e3:d3:af:a7:76:11:a4:
                    02:50:68:3c:46:13:6d:eb:63:28:92:ca:4f:c5:97:
                    c1:d6:55:75:f7:71:3d:b1:1e:19:d0:cc:52:34:97:
                    8d:2a:d8:35:e0:5f:8e:b1:69:dc:53:62:06:7f:de:
                    93:22:45:00:e4:68:09:97:32:e4:d7:f2:9e:3a:83:
                    70:be:96:ac:1d:20:d8:bd:4c:7c:b2:cd:db:27:22:
                    da:f6:67:40:00:b1:95:58:f1:a6:43:b8:c8:95:79:
                    de:6f:09:1a:bb:dd:12:ba:2e:e3:91:5d:17:3d:0b:
                    0c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:07:E7:7A:8A:95:5D:FE:C2:A8:BF:D2:A4:0D:04:DB:0C:3A:99:98
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/46bbd82a-39df-437c-9bf1-10014898d463.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:3b:fa:22:aa:fb:b3:ad:a9:c5:96:4d:5b:b1:44:5e:f3:d8:
         a2:81:0a:84:e8:49:f4:7c:58:37:ff:2b:63:04:1f:43:f2:ba:
         0e:c5:0d:c9:8f:4e:e7:79:22:84:73:60:2f:d6:d4:ec:07:cb:
         74:83:65:15:b0:04:60:aa:75:a9:b2:34:90:60:3c:ac:ee:fb:
         23:1e:02:5c:75:64:82:ff:3b:b6:a3:e9:fc:01:23:49:ab:f3:
         0c:df:65:ac:41:6d:bd:61:36:12:7f:3e:c3:0e:37:cb:80:61:
         c0:26:af:d7:7e:db:4a:9e:ce:d9:e8:23:dc:62:63:5c:75:c4:
         71:46:01:51:6c:3e:03:ec:67:d5:3c:d0:03:59:70:55:df:86:
         02:04:07:dc:f2:72:6c:1d:37:cc:15:d8:1f:95:58:b6:16:b8:
         9b:e6:e9:27:a0:92:14:f1:de:e2:41:d2:82:9a:00:86:4d:99:
         8b:35:a4:87:75:79:99:a1:78:4e:3a:98:df:09:9e:1c:7b:e4:
         b3:35:6e:3e:43:00:4b:85:dc:9b:1d:3d:82:4a:d4:8f:09:e5:
         22:62:ca:7f:80:1b:a4:3f:d6:0c:88:91:ac:f8:eb:5f:cf:82:
         91:94:08:cf:95:fb:2e:71:b4:77:40:4f:d0:71:ee:cc:50:01:
         f9:52:95:d6
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbPrpse5NlMHq8PqPmqazlCgJEVMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI5MDAwMDAwWhcNMjMwNjAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDBlYzc1ZGJkNzliNmM2ZjM3NTcwNmE0Y2U1NThmOTBk
NWExOTgxNzkzODk5ZjQwZWQ3MzE0ZGMyMGU1NzE5NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPt2LoO9okgWlMrUEh+M44Bxs/HiVERZAE8xVu0cYhEivALCyRpA
DE2ueZO2kQQTrvBfFCgx6pgGAKnd7PAgyPHmvEsRKlKy+9lQ8abmFGvtRfBsxXpQ
YbMIr/dx06ntXF5xpZnWfWdda1f2YJthWeUJUFBtp6YiqBoNOpi0P/a2xyuSUrBg
Q+j7UsOrrmzj06+ndhGkAlBoPEYTbetjKJLKT8WXwdZVdfdxPbEeGdDMUjSXjSrY
NeBfjrFp3FNiBn/ekyJFAORoCZcy5NfynjqDcL6WrB0g2L1MfLLN2yci2vZnQACx
lVjxpkO4yJV53m8JGrvdErou45FdFz0LDMMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSvB+d6ipVd/sKov9KkDQTbDDqZmDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDZiYmQ4MmEtMzlkZi00MzdjLTliZjEtMTAwMTQ4OThkNDYzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADo7+iKq+7OtqcWW
TVuxRF7z2KKBCoToSfR8WDf/K2MEH0Pyug7FDcmPTud5IoRzYC/W1OwHy3SDZRWw
BGCqdamyNJBgPKzu+yMeAlx1ZIL/O7aj6fwBI0mr8wzfZaxBbb1hNhJ/PsMON8uA
YcAmr9d+20qeztnoI9xiY1x1xHFGAVFsPgPsZ9U80ANZcFXfhgIEB9zycmwdN8wV
2B+VWLYWuJvm6SegkhTx3uJB0oKaAIZNmYs1pId1eZmheE46mN8Jnhx75LM1bj5D
AEuF3JsdPYJK1I8J5SJiyn+AG6Q/1gyIkaz461/PgpGUCM+V+y5xtHdAT9Bx7sxQ
AflSldY=
-----END CERTIFICATE-----