Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/57896fc1-36b5-4260-977f-8ffcaf40b1b6.roa
File:                     57896fc1-36b5-4260-977f-8ffcaf40b1b6.roa (raw, json)
Hash identifier:          5T4jPKdvICkRD2zgPxSwokX4Y1xEpoRRvLM1AjT5Bf4=
Subject key identifier:   1A:3C:E5:2C:59:EB:A2:6B:69:53:C1:B4:71:05:79:88:AF:62:0B:33
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       62B7DD00864A2CA42FF564FF7E262DD5CBF684C5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/57896fc1-36b5-4260-977f-8ffcaf40b1b6.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:b7:dd:00:86:4a:2c:a4:2f:f5:64:ff:7e:26:2d:d5:cb:f6:84:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=4a4e2930e1fa3933b2b6bf2bd2fad42ffa4ed5a128fe4afd028a00b35361045f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:91:9c:11:e9:f4:0b:c4:cf:be:94:63:57:20:
                    50:9f:29:4c:af:bf:70:39:4b:20:fa:71:85:84:ce:
                    c7:bc:52:5e:18:a7:b2:b8:d6:19:0c:df:90:32:ab:
                    ed:5b:7b:2e:61:68:a7:c7:55:12:e2:6b:bf:f3:2e:
                    ef:d6:e2:05:c4:3f:79:e7:7c:97:d6:1c:82:a6:e2:
                    1b:ef:22:bc:bb:d6:a9:71:19:ac:1f:41:01:78:e9:
                    aa:cf:a5:50:6d:46:73:a1:5d:67:28:5e:9c:e9:2f:
                    14:3b:8c:ad:93:e0:2e:13:d1:78:85:6c:8c:47:4d:
                    d7:dd:67:1f:25:53:5a:1d:db:42:c1:cf:96:d2:10:
                    8a:5e:dd:b1:ae:ab:ff:1b:97:ef:ba:7d:ca:e1:7a:
                    73:9f:ad:21:87:15:6e:d9:37:2a:3d:d9:6a:c9:b8:
                    73:2c:a9:24:8f:68:b0:30:4e:74:7c:ee:6d:70:0d:
                    e5:6e:81:3c:4b:85:85:57:e7:6d:7f:45:ec:31:83:
                    e9:3f:37:b3:c7:11:c7:3a:22:5a:7e:25:4e:8c:b8:
                    f4:ca:2d:ad:24:cc:9e:0c:44:dd:b3:a0:d6:a8:20:
                    84:6b:1b:ed:54:66:97:58:06:88:75:6a:5b:ef:f9:
                    2b:85:3f:f0:e4:ad:33:66:47:a2:c9:52:f5:84:a6:
                    2d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:3C:E5:2C:59:EB:A2:6B:69:53:C1:B4:71:05:79:88:AF:62:0B:33
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/57896fc1-36b5-4260-977f-8ffcaf40b1b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:21:55:ad:c6:af:27:b2:ec:71:9b:de:12:d7:99:74:b1:07:
         cf:90:24:2d:e8:08:64:28:14:7b:25:bd:85:a0:24:7d:18:6c:
         80:12:ee:fb:ed:86:d7:8f:28:26:ae:c5:4a:3e:f7:ff:f2:ff:
         3b:92:3d:11:da:4b:fb:24:f6:61:5f:52:ae:10:49:5d:78:ed:
         92:f2:72:e7:41:47:5e:d9:37:20:2c:58:2e:94:5e:4e:e6:dd:
         3a:7b:ba:82:9d:f0:37:f6:97:46:43:ed:13:b1:1e:61:93:34:
         71:7e:ca:f6:02:96:4e:25:84:96:92:3a:fe:a4:62:85:62:9a:
         2a:ac:e9:60:3e:d4:97:d7:38:e3:73:e9:c0:2a:96:70:b2:14:
         53:0c:8e:79:d4:03:bb:18:e8:cc:7b:dd:85:bc:b8:f1:10:5b:
         b7:56:29:6e:48:13:8c:ac:17:bc:b6:a7:91:31:c5:a8:52:cf:
         0c:ad:f0:cc:b0:d8:9e:cb:17:19:2c:89:5f:4f:a3:16:b6:22:
         23:75:48:d9:20:20:6a:f3:6a:fe:20:5b:e5:89:70:e5:7f:a6:
         4c:c9:47:5e:04:5f:ec:03:1a:10:d5:f1:06:6c:3d:65:68:e6:
         c2:fd:fb:0c:81:b6:e1:ad:6c:ef:2c:fa:91:d3:76:ec:02:70:
         ba:84:67:37
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYrfdAIZKLKQv9WT/fiYt1cv2hMUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANGE0ZTI5MzBlMWZhMzkzM2IyYjZiZjJiZDJmYWQ0MmZm
YTRlZDVhMTI4ZmU0YWZkMDI4YTAwYjM1MzYxMDQ1ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANCRnBHp9AvEz76UY1cgUJ8pTK+/cDlLIPpxhYTOx7xSXhinsrjW
GQzfkDKr7Vt7LmFop8dVEuJrv/Mu79biBcQ/eed8l9YcgqbiG+8ivLvWqXEZrB9B
AXjpqs+lUG1Gc6FdZyhenOkvFDuMrZPgLhPReIVsjEdN191nHyVTWh3bQsHPltIQ
il7dsa6r/xuX77p9yuF6c5+tIYcVbtk3Kj3Zasm4cyypJI9osDBOdHzubXAN5W6B
PEuFhVfnbX9F7DGD6T83s8cRxzoiWn4lToy49MotrSTMngxE3bOg1qgghGsb7VRm
l1gGiHVqW+/5K4U/8OStM2ZHoslS9YSmLScCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQaPOUsWeuia2lTwbRxBXmIr2ILMzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTc4OTZmYzEtMzZiNS00MjYwLTk3N2YtOGZmY2FmNDBiMWI2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH0hVa3Gryey7HGb
3hLXmXSxB8+QJC3oCGQoFHslvYWgJH0YbIAS7vvthtePKCauxUo+9//y/zuSPRHa
S/sk9mFfUq4QSV147ZLycudBR17ZNyAsWC6UXk7m3Tp7uoKd8Df2l0ZD7ROxHmGT
NHF+yvYClk4lhJaSOv6kYoVimiqs6WA+1JfXOONz6cAqlnCyFFMMjnnUA7sY6Mx7
3YW8uPEQW7dWKW5IE4ysF7y2p5ExxahSzwyt8Myw2J7LFxksiV9Poxa2IiN1SNkg
IGrzav4gW+WJcOV/pkzJR14EX+wDGhDV8QZsPWVo5sL9+wyBtuGtbO8s+pHTduwC
cLqEZzc=
-----END CERTIFICATE-----