Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/618f6b89-74df-451a-8156-4dcf04ececd5.roa
File:                     618f6b89-74df-451a-8156-4dcf04ececd5.roa (raw, json)
Hash identifier:          BqHW0zP9h1SnDu+dXM6OfGgEwzJgQHbNEHYotRYjwOE=
Subject key identifier:   2B:FF:F9:EC:B4:FE:CF:10:F3:F8:08:E5:49:FC:40:B0:9D:9A:15:FB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       19B2A9706067CA7496ECC87DE093703524BAB196
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/618f6b89-74df-451a-8156-4dcf04ececd5.roa
Signing time:             Tue 25 Apr 2023 00:00:00 +0000
ROA not before:           Tue 25 Apr 2023 00:00:00 +0000
ROA not after:            Fri 28 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:b2:a9:70:60:67:ca:74:96:ec:c8:7d:e0:93:70:35:24:ba:b1:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 25 00:00:00 2023 GMT
            Not After : Apr 28 23:59:59 2023 GMT
        Subject: serialNumber=ed7618bbe8ae61a5511e02d8cf594a800b877ca8eeea69443e573988addde301, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:bc:7f:e6:90:1b:98:6c:86:d9:2d:ec:8c:52:
                    6c:0e:28:5d:e9:ca:18:a5:a3:7a:da:07:cf:8c:cc:
                    5a:a5:62:25:b7:ee:cc:81:cb:0a:47:43:1d:69:88:
                    05:3e:e6:dc:44:66:9e:97:e4:4a:c5:6f:98:eb:b9:
                    62:5a:47:63:a6:56:31:1d:85:d7:5d:85:55:28:32:
                    18:8e:5c:d7:df:9b:73:68:bb:c8:62:c9:53:90:01:
                    b5:0e:38:cc:52:7b:59:1d:cd:6a:f5:6b:fd:e7:50:
                    e9:47:b0:ba:f7:6f:74:c8:e3:b4:ea:99:47:c3:e2:
                    70:66:57:c3:fa:ab:3d:08:50:ab:a2:cf:29:f6:8b:
                    97:a4:36:cb:80:09:7f:fd:ad:0e:52:e6:e8:7f:8f:
                    80:28:04:ba:75:56:55:12:5d:c3:fa:d5:51:e6:f3:
                    35:b6:c3:8f:d9:3f:78:ef:5c:bf:63:aa:7d:2d:5d:
                    b3:a8:34:a0:85:ac:c1:e0:da:26:b4:1e:67:02:b6:
                    8a:1b:fa:9d:6b:3c:85:03:ab:30:e8:a7:75:a4:06:
                    71:3b:8a:26:ff:c9:76:a3:88:ca:62:c1:60:ca:01:
                    2e:91:f6:bf:c6:f6:39:c1:b7:93:d7:0f:2d:b8:b8:
                    99:66:fb:67:a7:d3:14:91:fc:5d:d4:8f:b7:59:dc:
                    0b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:FF:F9:EC:B4:FE:CF:10:F3:F8:08:E5:49:FC:40:B0:9D:9A:15:FB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/618f6b89-74df-451a-8156-4dcf04ececd5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:fe:02:8e:f0:62:5c:3e:88:39:4f:36:46:f2:e5:3d:69:4b:
         d9:0b:d8:97:40:e8:ff:83:e8:76:db:7f:97:ae:cc:86:82:88:
         ee:2d:b2:73:f8:f0:3b:da:cb:7b:e6:66:b8:f2:6c:80:c0:0a:
         e1:90:b4:b9:fd:60:88:8c:ca:6a:2a:7e:cb:f0:43:8b:7c:71:
         60:5e:8d:dd:f7:87:5c:25:b8:48:f4:98:cd:a9:8c:de:cc:d8:
         2a:7a:9e:63:24:d6:27:6b:52:72:04:0f:a7:87:17:e7:fc:5b:
         c6:e2:d4:1a:f5:05:07:3d:a6:3a:f6:66:b9:58:7a:c6:bf:db:
         27:cd:38:c7:bc:8b:05:d5:8a:5a:97:7b:22:94:64:4a:6c:63:
         e3:1d:91:44:1d:d2:87:a8:d4:0b:1e:a9:45:8a:56:a8:6e:be:
         e3:fd:2f:7c:67:6c:43:1e:d2:04:83:9c:ea:f3:3a:9c:60:f2:
         94:1b:8f:c3:60:99:9c:44:2b:b9:d9:b9:84:0b:ee:15:dc:4a:
         d4:9b:8f:2c:bf:ff:3a:5c:f4:67:7e:d2:88:0b:da:7b:38:5f:
         23:d9:08:44:83:85:28:a9:e1:75:0b:13:12:08:17:e2:ea:1a:
         b0:a8:79:db:f4:6e:34:fc:24:15:2e:c5:f9:0d:87:f5:bc:18:
         1e:a7:11:33
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGbKpcGBnynSW7Mh94JNwNSS6sZYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI1MDAwMDAwWhcNMjMwNDI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZWQ3NjE4YmJlOGFlNjFhNTUxMWUwMmQ4Y2Y1OTRhODAw
Yjg3N2NhOGVlZWE2OTQ0M2U1NzM5ODhhZGRkZTMwMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOi8f+aQG5hshtkt7IxSbA4oXenKGKWjetoHz4zMWqViJbfuzIHL
CkdDHWmIBT7m3ERmnpfkSsVvmOu5YlpHY6ZWMR2F112FVSgyGI5c19+bc2i7yGLJ
U5ABtQ44zFJ7WR3NavVr/edQ6UewuvdvdMjjtOqZR8PicGZXw/qrPQhQq6LPKfaL
l6Q2y4AJf/2tDlLm6H+PgCgEunVWVRJdw/rVUebzNbbDj9k/eO9cv2OqfS1ds6g0
oIWsweDaJrQeZwK2ihv6nWs8hQOrMOindaQGcTuKJv/JdqOIymLBYMoBLpH2v8b2
OcG3k9cPLbi4mWb7Z6fTFJH8XdSPt1ncCzsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQr//nstP7PEPP4COVJ/ECwnZoV+zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjE4ZjZiODktNzRkZi00NTFhLTgxNTYtNGRjZjA0ZWNlY2Q1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA/+Ao7wYlw+iDlP
Nkby5T1pS9kL2JdA6P+D6Hbbf5euzIaCiO4tsnP48Dvay3vmZrjybIDACuGQtLn9
YIiMymoqfsvwQ4t8cWBejd33h1wluEj0mM2pjN7M2Cp6nmMk1idrUnIED6eHF+f8
W8bi1Br1BQc9pjr2ZrlYesa/2yfNOMe8iwXVilqXeyKUZEpsY+MdkUQd0oeo1Ase
qUWKVqhuvuP9L3xnbEMe0gSDnOrzOpxg8pQbj8NgmZxEK7nZuYQL7hXcStSbjyy/
/zpc9Gd+0ogL2ns4XyPZCESDhSip4XULExIIF+LqGrCoedv0bjT8JBUuxfkNh/W8
GB6nETM=
-----END CERTIFICATE-----