Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4e132ded-c31c-4941-9706-d7d1d70edbf5.roa
File:                     4e132ded-c31c-4941-9706-d7d1d70edbf5.roa (raw, json)
Hash identifier:          9vu2IdMhWYGj5rCFjIQFLS4QRoUTQ+EhUIhkCPMaMEI=
Subject key identifier:   75:A7:97:8B:32:0C:99:CE:6D:ED:34:C2:D8:BE:FD:EA:4E:98:49:90
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       404ADAAB39916B98CE53CE25F7AD481DD09B06C2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4e132ded-c31c-4941-9706-d7d1d70edbf5.roa
Signing time:             Sun 12 Mar 2023 00:00:00 +0000
ROA not before:           Sun 12 Mar 2023 00:00:00 +0000
ROA not after:            Wed 15 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:4a:da:ab:39:91:6b:98:ce:53:ce:25:f7:ad:48:1d:d0:9b:06:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 12 00:00:00 2023 GMT
            Not After : Mar 15 23:59:59 2023 GMT
        Subject: serialNumber=b03d2db602b524d6a20a0d1d40d8ac785fe24294b494832dd720a12ba28272b4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:19:ea:f1:f1:43:b5:75:a7:b9:39:19:48:4c:
                    b5:a0:d0:33:f3:03:52:98:ec:e0:6b:d6:11:8d:5b:
                    35:77:d8:7b:69:74:35:c7:b7:8e:15:6b:bd:10:ed:
                    30:64:eb:00:b7:b9:df:9c:d1:6a:fa:e6:7a:98:eb:
                    1f:3f:36:49:d8:04:d9:86:13:23:b9:c7:87:e7:da:
                    03:98:5c:03:23:30:e5:14:a3:62:0a:1c:45:e4:6b:
                    ac:59:2d:0d:36:d0:52:b2:ee:53:90:0b:df:88:fc:
                    d1:43:85:b1:f2:56:21:3f:21:bd:2a:96:3d:3f:49:
                    88:48:b4:b4:ec:fe:5b:3d:80:b1:07:39:f9:30:0b:
                    64:98:f3:22:b1:33:3a:de:a1:64:3a:42:55:4c:1d:
                    cd:71:78:7c:5d:3c:80:be:42:4e:53:95:e3:0e:c9:
                    26:e5:8a:74:c7:9c:2f:0a:05:74:ec:9e:ce:bb:a0:
                    40:53:3d:81:8b:8e:fb:73:da:1e:e9:67:f2:f9:f1:
                    75:6a:7e:3b:82:86:60:5c:34:d9:af:7c:e4:43:f4:
                    ae:e0:d2:fa:27:bb:dc:1e:ae:e5:45:88:96:10:79:
                    f4:1d:b5:f7:60:02:2d:16:dd:fd:7d:56:04:77:19:
                    29:85:5e:14:19:0e:25:c5:84:1c:9c:a4:0f:dc:0d:
                    9c:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:A7:97:8B:32:0C:99:CE:6D:ED:34:C2:D8:BE:FD:EA:4E:98:49:90
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4e132ded-c31c-4941-9706-d7d1d70edbf5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:4f:46:45:b8:24:9e:94:74:31:52:fc:1b:87:3a:f3:88:ad:
         2f:e5:cc:10:61:ae:3e:9f:aa:fb:0f:fc:fd:60:89:18:72:cc:
         95:ee:a0:75:13:94:25:9f:f8:d3:55:b6:6f:c1:53:94:5c:88:
         3a:d1:88:7c:88:d2:0a:74:b9:6c:f6:75:2e:b1:e8:10:c6:c2:
         4a:2e:ba:aa:b0:2a:93:35:21:a6:2f:c4:8e:10:fd:27:4d:7b:
         30:64:7d:d7:86:db:02:70:6a:d1:af:8e:a3:bc:d1:bb:cb:81:
         a0:09:2b:76:87:3a:4d:22:df:6e:0a:6d:e9:8b:0a:f7:10:ff:
         fd:41:96:9c:35:2b:d2:2a:52:44:61:5d:3d:7c:21:ac:96:44:
         ce:e0:fd:70:fc:ea:bc:ca:82:4f:cd:f5:8d:de:ff:67:be:12:
         30:c4:86:a0:82:05:c1:5b:24:98:74:98:ec:fc:6a:4a:e0:ee:
         fe:95:e6:4b:07:03:ed:e0:38:0d:29:c3:3d:9a:67:7b:6d:38:
         b2:45:cb:16:aa:e8:34:e2:f0:6d:15:a8:5c:df:76:49:54:c4:
         1a:d8:f2:f5:b7:36:1b:24:a4:ed:95:af:51:54:46:c4:9b:8d:
         8b:05:d4:db:b5:61:b6:33:ea:d9:47:9b:1b:c2:94:0f:8f:21:
         39:b9:6c:76
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQEraqzmRa5jOU84l961IHdCbBsIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEyMDAwMDAwWhcNMjMwMzE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjAzZDJkYjYwMmI1MjRkNmEyMGEwZDFkNDBkOGFjNzg1
ZmUyNDI5NGI0OTQ4MzJkZDcyMGExMmJhMjgyNzJiNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANoZ6vHxQ7V1p7k5GUhMtaDQM/MDUpjs4GvWEY1bNXfYe2l0Nce3
jhVrvRDtMGTrALe535zRavrmepjrHz82SdgE2YYTI7nHh+faA5hcAyMw5RSjYgoc
ReRrrFktDTbQUrLuU5AL34j80UOFsfJWIT8hvSqWPT9JiEi0tOz+Wz2AsQc5+TAL
ZJjzIrEzOt6hZDpCVUwdzXF4fF08gL5CTlOV4w7JJuWKdMecLwoFdOyezrugQFM9
gYuO+3PaHuln8vnxdWp+O4KGYFw02a985EP0ruDS+ie73B6u5UWIlhB59B2192AC
LRbd/X1WBHcZKYVeFBkOJcWEHJykD9wNnNMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR1p5eLMgyZzm3tNMLYvv3qTphJkDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNGUxMzJkZWQtYzMxYy00OTQxLTk3MDYtZDdkMWQ3MGVkYmY1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJlPRkW4JJ6UdDFS
/BuHOvOIrS/lzBBhrj6fqvsP/P1giRhyzJXuoHUTlCWf+NNVtm/BU5RciDrRiHyI
0gp0uWz2dS6x6BDGwkouuqqwKpM1IaYvxI4Q/SdNezBkfdeG2wJwatGvjqO80bvL
gaAJK3aHOk0i324KbemLCvcQ//1Blpw1K9IqUkRhXT18IayWRM7g/XD86rzKgk/N
9Y3e/2e+EjDEhqCCBcFbJJh0mOz8akrg7v6V5ksHA+3gOA0pwz2aZ3ttOLJFyxaq
6DTi8G0VqFzfdklUxBrY8vW3NhskpO2Vr1FURsSbjYsF1Nu1YbYz6tlHmxvClA+P
ITm5bHY=
-----END CERTIFICATE-----