Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5ef6d0ae-0168-4535-b1cc-c5db74589121.roa
File:                     5ef6d0ae-0168-4535-b1cc-c5db74589121.roa (raw, json)
Hash identifier:          EK2FGiWPdQVmpNde7X0UdWpsqDMTk4x1Fyhvs/UWDZ8=
Subject key identifier:   CE:A2:CC:4E:AE:DA:60:E4:CF:63:88:AB:C5:D3:B1:8D:E8:75:72:E4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       35F5BB438CDC4E3223318EDDB095E510053FE9C2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5ef6d0ae-0168-4535-b1cc-c5db74589121.roa
Signing time:             Tue 11 Apr 2023 00:00:00 +0000
ROA not before:           Tue 11 Apr 2023 00:00:00 +0000
ROA not after:            Fri 14 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:f5:bb:43:8c:dc:4e:32:23:31:8e:dd:b0:95:e5:10:05:3f:e9:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 11 00:00:00 2023 GMT
            Not After : Apr 14 23:59:59 2023 GMT
        Subject: serialNumber=83cfacb4def44aed75bf4beac253f1ff05922500fe86e33257c58fae95abe4f0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2a:99:fd:0f:6d:65:1d:80:09:d2:bd:b8:b8:
                    f6:fb:95:75:d5:22:0c:f3:82:0f:25:41:a0:91:01:
                    25:e9:0b:4e:f0:c3:02:03:79:1e:9d:02:4d:7b:1a:
                    fe:bd:92:21:42:a9:09:c1:bd:9e:50:4a:c5:f8:6b:
                    34:7d:24:3e:21:bb:36:68:a5:7d:59:00:f0:50:cc:
                    08:dd:02:15:a5:ee:a0:6f:1b:8b:51:34:19:45:93:
                    34:cd:3d:93:73:4d:34:e2:1d:2e:3e:2c:05:89:cf:
                    07:cb:22:dc:2c:4b:1a:57:4e:9a:99:38:27:61:8d:
                    0c:96:f4:44:21:f2:63:64:b8:36:73:64:34:e0:45:
                    81:5c:f7:ff:ef:64:85:e2:72:dc:ab:08:0d:98:33:
                    3d:87:60:1b:2e:e5:1c:6d:fe:da:d7:f0:fb:0e:11:
                    02:ea:e5:4b:cc:73:c4:9a:3c:17:fa:71:94:49:f2:
                    c5:8b:bc:3c:f5:4b:09:bb:0d:92:b3:fa:bf:4d:8e:
                    6a:93:94:45:7a:61:26:50:8c:84:4d:95:d5:66:de:
                    c9:de:dd:30:25:6f:d1:96:76:4b:0d:2c:c2:65:44:
                    99:4f:1f:a3:d3:e7:c6:d2:61:8a:85:e1:b1:ac:98:
                    8a:7a:09:d7:70:5f:96:49:a6:30:1b:bc:12:f1:0c:
                    d7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A2:CC:4E:AE:DA:60:E4:CF:63:88:AB:C5:D3:B1:8D:E8:75:72:E4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5ef6d0ae-0168-4535-b1cc-c5db74589121.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:4d:ae:d2:14:24:51:13:56:9f:d0:52:8e:59:85:c6:10:3b:
         7d:e6:b1:cf:19:3e:0a:e9:e1:21:67:93:9b:c2:47:0c:39:d0:
         20:55:77:cc:8e:e5:a1:4c:41:0e:ec:7f:bf:02:43:07:4f:0d:
         30:25:0b:a4:a6:b1:fb:48:ae:80:f2:5c:f4:95:05:96:5e:1d:
         a0:47:60:74:35:6f:8b:cd:12:45:ba:ab:55:6b:8d:28:85:e3:
         f0:e7:7d:6f:65:9f:4f:dc:85:89:71:e2:c2:c6:e4:9e:7b:d2:
         8c:7a:9d:72:fd:71:b1:05:7b:24:64:0b:23:db:53:17:96:e7:
         df:48:c4:13:cb:59:0b:49:05:fa:de:2e:8a:2b:41:d7:5c:05:
         14:d1:d6:e1:ef:58:bf:64:2c:b6:19:9e:6c:bf:26:f5:6b:66:
         74:d4:a8:e5:15:70:88:00:f5:cd:32:6a:ca:fe:17:14:56:b0:
         54:7d:b5:31:07:f8:c3:b5:9b:e4:e7:0e:33:67:dc:96:40:36:
         7d:26:97:9f:a9:8c:e0:d3:b0:81:f3:44:7a:d9:6a:16:eb:ef:
         08:9c:6e:fe:b6:37:f7:eb:6c:7b:22:1b:31:b7:24:db:6d:67:
         fd:e0:d1:3d:19:ec:c1:da:9c:8e:1e:82:e6:f7:27:01:d2:74:
         76:ec:e0:92
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNfW7Q4zcTjIjMY7dsJXlEAU/6cIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDExMDAwMDAwWhcNMjMwNDE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODNjZmFjYjRkZWY0NGFlZDc1YmY0YmVhYzI1M2YxZmYw
NTkyMjUwMGZlODZlMzMyNTdjNThmYWU5NWFiZTRmMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM4qmf0PbWUdgAnSvbi49vuVddUiDPOCDyVBoJEBJekLTvDDAgN5
Hp0CTXsa/r2SIUKpCcG9nlBKxfhrNH0kPiG7NmilfVkA8FDMCN0CFaXuoG8bi1E0
GUWTNM09k3NNNOIdLj4sBYnPB8si3CxLGldOmpk4J2GNDJb0RCHyY2S4NnNkNOBF
gVz3/+9kheJy3KsIDZgzPYdgGy7lHG3+2tfw+w4RAurlS8xzxJo8F/pxlEnyxYu8
PPVLCbsNkrP6v02OapOURXphJlCMhE2V1Wbeyd7dMCVv0ZZ2Sw0swmVEmU8fo9Pn
xtJhioXhsayYinoJ13BflkmmMBu8EvEM18cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTOosxOrtpg5M9jiKvF07GN6HVy5DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNWVmNmQwYWUtMDE2OC00NTM1LWIxY2MtYzVkYjc0NTg5MTIxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHpNrtIUJFETVp/Q
Uo5ZhcYQO33msc8ZPgrp4SFnk5vCRww50CBVd8yO5aFMQQ7sf78CQwdPDTAlC6Sm
sftIroDyXPSVBZZeHaBHYHQ1b4vNEkW6q1VrjSiF4/DnfW9ln0/chYlx4sLG5J57
0ox6nXL9cbEFeyRkCyPbUxeW599IxBPLWQtJBfreLoorQddcBRTR1uHvWL9kLLYZ
nmy/JvVrZnTUqOUVcIgA9c0yasr+FxRWsFR9tTEH+MO1m+TnDjNn3JZANn0ml5+p
jODTsIHzRHrZahbr7wicbv62N/frbHsiGzG3JNttZ/3g0T0Z7MHanI4egub3JwHS
dHbs4JI=
-----END CERTIFICATE-----