Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/58603ca7-5313-4e9c-a867-a0f71f61daf5.roa
File:                     58603ca7-5313-4e9c-a867-a0f71f61daf5.roa (raw, json)
Hash identifier:          ZDDaEKsCiW5V9boi2mooFW/hU/8oNZVVmmQV+07bgGw=
Subject key identifier:   32:67:FE:10:0D:9F:49:9B:DD:A2:28:D3:8F:15:46:64:2A:D4:87:CE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       20AF1DBFEAA6690A0691AE65C96C379A068D89CA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/58603ca7-5313-4e9c-a867-a0f71f61daf5.roa
Signing time:             Fri 27 Jan 2023 00:00:00 +0000
ROA not before:           Fri 27 Jan 2023 00:00:00 +0000
ROA not after:            Mon 30 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:af:1d:bf:ea:a6:69:0a:06:91:ae:65:c9:6c:37:9a:06:8d:89:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 27 00:00:00 2023 GMT
            Not After : Jan 30 23:59:59 2023 GMT
        Subject: serialNumber=e74b7dea655d1304bd3f7fcafc60d94b31c8bb30ba84781478dfe76a51f29883, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5a:57:39:74:a1:3b:97:16:f1:78:e9:79:3b:
                    87:9d:b1:b1:d7:fe:20:44:0c:9c:07:1e:29:a7:f7:
                    82:6a:ea:87:6b:54:e4:f7:9e:31:2c:ee:b8:a7:13:
                    80:e3:fa:75:b4:2e:03:77:11:0f:3e:bb:68:d1:af:
                    e4:e4:46:81:29:bc:58:88:34:ed:3a:9e:ee:14:cd:
                    fe:bb:87:02:42:55:b4:d2:2f:3d:7d:3d:28:64:6d:
                    b4:d4:b7:10:09:da:9b:0b:6d:17:8e:73:c0:cb:08:
                    e7:bd:cb:12:b1:1c:21:3a:4b:4e:7a:6c:22:c3:b3:
                    a2:50:ed:eb:41:2f:68:f9:89:62:15:35:79:0f:fb:
                    9e:6a:c6:28:21:49:02:bb:5d:75:9b:c0:1b:a4:15:
                    64:57:02:07:cb:cd:0a:76:c6:87:8e:fc:25:b1:70:
                    c1:64:20:4f:fa:4f:de:33:1b:2d:05:03:2a:a5:fb:
                    eb:49:32:af:7c:55:9c:7c:3b:9e:88:60:bb:1e:6b:
                    23:14:14:f8:2c:31:e8:0a:03:a0:e0:a8:17:ea:41:
                    29:2a:64:66:92:cb:c8:42:62:52:be:2d:5b:da:16:
                    a6:82:76:f5:cd:83:f3:83:2e:65:fa:03:10:b9:6b:
                    81:48:b8:4d:70:46:ab:80:51:34:dc:2e:1a:66:97:
                    2c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:67:FE:10:0D:9F:49:9B:DD:A2:28:D3:8F:15:46:64:2A:D4:87:CE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/58603ca7-5313-4e9c-a867-a0f71f61daf5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:b6:d5:14:fb:ef:8c:8a:45:ce:7f:d1:3e:ff:41:f7:0e:8c:
         24:b2:7a:ea:42:2d:ff:fe:14:bc:80:17:3f:99:6d:f1:bd:f3:
         29:60:e3:22:d9:06:36:b3:b0:30:78:2b:1f:4b:97:44:fe:c6:
         93:96:c8:9d:b0:bb:3a:80:43:4c:57:a9:04:51:ed:e8:e2:e2:
         a7:da:c0:56:0e:3e:c9:38:55:fe:b0:0f:7b:2c:ea:55:e4:0a:
         49:f5:80:55:12:a7:81:6a:9e:28:62:bf:16:25:4c:02:e9:82:
         3d:f5:d7:52:81:c0:12:79:b0:f2:c4:76:67:c5:b6:1a:fa:c8:
         18:44:4a:93:7e:0d:83:63:d5:c5:a6:d1:72:6b:7a:03:af:21:
         7d:8d:7b:1d:f1:29:2c:2e:ca:8a:12:5f:19:21:39:23:f4:0c:
         20:41:72:63:ec:6e:dc:6b:2b:37:41:00:6b:66:a5:20:a7:14:
         6f:ec:74:aa:09:27:60:34:01:9a:b7:0a:19:b3:03:4e:10:5d:
         2b:7d:f7:88:14:60:31:3c:43:c7:b8:e7:d8:f8:83:1e:8a:06:
         60:2d:7d:b5:82:a1:14:67:5d:4e:7a:f5:1d:87:a8:cf:b2:76:
         eb:26:31:b0:d1:d5:7f:15:3e:88:5e:37:cc:d4:77:59:24:9e:
         8d:da:91:ee
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIK8dv+qmaQoGka5lyWw3mgaNicowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTI3MDAwMDAwWhcNMjMwMTMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTc0YjdkZWE2NTVkMTMwNGJkM2Y3ZmNhZmM2MGQ5NGIz
MWM4YmIzMGJhODQ3ODE0NzhkZmU3NmE1MWYyOTg4MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKJaVzl0oTuXFvF46Xk7h52xsdf+IEQMnAceKaf3gmrqh2tU5Pee
MSzuuKcTgOP6dbQuA3cRDz67aNGv5ORGgSm8WIg07Tqe7hTN/ruHAkJVtNIvPX09
KGRttNS3EAnamwttF45zwMsI573LErEcITpLTnpsIsOzolDt60EvaPmJYhU1eQ/7
nmrGKCFJArtddZvAG6QVZFcCB8vNCnbGh478JbFwwWQgT/pP3jMbLQUDKqX760ky
r3xVnHw7nohgux5rIxQU+Cwx6AoDoOCoF+pBKSpkZpLLyEJiUr4tW9oWpoJ29c2D
84MuZfoDELlrgUi4TXBGq4BRNNwuGmaXLGkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQyZ/4QDZ9Jm92iKNOPFUZkKtSHzjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTg2MDNjYTctNTMxMy00ZTljLWE4NjctYTBmNzFmNjFkYWY1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACi21RT774yKRc5/
0T7/QfcOjCSyeupCLf/+FLyAFz+ZbfG98ylg4yLZBjazsDB4Kx9Ll0T+xpOWyJ2w
uzqAQ0xXqQRR7eji4qfawFYOPsk4Vf6wD3ss6lXkCkn1gFUSp4FqnihivxYlTALp
gj3111KBwBJ5sPLEdmfFthr6yBhESpN+DYNj1cWm0XJregOvIX2Nex3xKSwuyooS
XxkhOSP0DCBBcmPsbtxrKzdBAGtmpSCnFG/sdKoJJ2A0AZq3ChmzA04QXSt994gU
YDE8Q8e459j4gx6KBmAtfbWCoRRnXU569R2HqM+ydusmMbDR1X8VPoheN8zUd1kk
no3ake4=
-----END CERTIFICATE-----