Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6203d322-a4da-4f9e-8ff8-3581ffc1ac96.roa
File:                     6203d322-a4da-4f9e-8ff8-3581ffc1ac96.roa (raw, json)
Hash identifier:          +6VPIvtYstYvo6D6Idzliyhu2fcndeSJTqANS1p6w+0=
Subject key identifier:   CF:30:27:DE:D3:60:39:55:03:6D:D1:FA:A6:B0:4A:ED:49:E0:38:7C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4DCD850EE22FD65283E7C311DEA0FD890BEEB1EE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6203d322-a4da-4f9e-8ff8-3581ffc1ac96.roa
Signing time:             Sun 16 Apr 2023 00:00:00 +0000
ROA not before:           Sun 16 Apr 2023 00:00:00 +0000
ROA not after:            Wed 19 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:cd:85:0e:e2:2f:d6:52:83:e7:c3:11:de:a0:fd:89:0b:ee:b1:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 16 00:00:00 2023 GMT
            Not After : Apr 19 23:59:59 2023 GMT
        Subject: serialNumber=aeed1cb9009f521115df5e5979c3d53b904370fd79b631535369eaf0c6821c07, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b9:5e:c5:5d:52:79:5e:57:c0:44:75:f0:a7:
                    dc:c2:67:34:31:33:b3:ea:f2:3c:60:e1:d8:29:d6:
                    a4:56:e0:a7:d3:94:d3:2c:53:80:1a:75:53:92:66:
                    59:a9:ad:4a:86:5f:c1:0a:23:d0:56:29:fa:8b:85:
                    33:53:07:15:8a:4e:0f:34:4a:cb:c4:0f:6d:d5:aa:
                    2e:30:f0:a9:4f:07:0b:46:31:72:55:e7:6a:34:2e:
                    3e:9b:cd:be:22:f7:7d:ab:ae:de:c6:95:22:92:66:
                    4f:11:0a:f8:07:38:af:e1:f2:20:d2:9e:fb:ed:f9:
                    b6:e6:de:35:fe:da:42:21:2a:c3:f3:1b:d1:df:63:
                    34:31:c2:57:71:5b:03:e4:2e:a2:23:6a:95:de:70:
                    f6:73:37:29:03:dd:d0:12:31:22:1b:b3:b3:fc:d2:
                    11:d8:77:54:29:13:e1:e6:82:f6:a3:29:86:66:cf:
                    bd:fa:5d:5b:44:3f:96:2a:ab:36:2e:44:99:3c:2a:
                    4d:0f:4b:57:0e:54:ff:88:bc:c1:7c:24:37:3b:ce:
                    41:77:1c:ba:e7:81:cc:b5:25:f5:a8:60:b4:49:2c:
                    f1:c9:c5:6e:4f:0f:1d:c6:8b:c8:c9:63:25:d1:86:
                    35:c1:53:c9:2b:20:59:b4:61:02:25:65:13:4e:4d:
                    d0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:30:27:DE:D3:60:39:55:03:6D:D1:FA:A6:B0:4A:ED:49:E0:38:7C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6203d322-a4da-4f9e-8ff8-3581ffc1ac96.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:7f:74:72:2f:9b:7a:41:d8:64:75:ba:03:2f:97:51:22:75:
         2c:ce:7d:97:c4:11:42:c6:96:29:b8:a0:ca:50:cb:a1:3f:5d:
         d2:b7:bd:65:37:12:67:cb:96:24:06:21:df:3c:c6:04:df:ba:
         13:d0:72:38:a2:97:e0:88:67:89:2f:ab:e1:91:42:f8:59:85:
         9e:bc:40:8c:11:a9:ea:ab:b9:e9:f6:61:aa:2a:61:12:d1:2e:
         c4:01:7d:50:7e:59:29:e6:90:a2:6b:45:32:4d:90:38:36:c8:
         91:e7:64:dc:a0:84:8b:52:5b:5f:35:16:04:fe:e7:04:41:66:
         14:8f:d8:32:3b:50:ba:ec:d3:96:2e:1f:b0:b4:f9:fa:d8:7f:
         84:4d:1e:6a:8e:65:1f:fd:17:d3:44:1e:32:9a:c9:f0:36:8b:
         40:6b:24:01:13:d3:e2:d2:fe:ff:89:4b:5d:9a:e6:ca:cd:44:
         c9:39:c2:59:21:93:2a:cd:13:a3:a9:9c:52:6a:3a:20:97:94:
         a7:45:2d:7f:06:ad:ac:df:31:fb:ee:bb:39:e4:cd:85:b4:d9:
         8e:98:d7:60:2d:ab:6b:4a:f4:62:e9:03:59:c4:ef:cd:c4:d7:
         69:ce:c8:26:ec:7c:a0:af:08:94:22:4f:07:92:f7:31:8c:ec:
         49:a9:b4:9b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTc2FDuIv1lKD58MR3qD9iQvuse4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE2MDAwMDAwWhcNMjMwNDE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWVlZDFjYjkwMDlmNTIxMTE1ZGY1ZTU5NzljM2Q1M2I5
MDQzNzBmZDc5YjYzMTUzNTM2OWVhZjBjNjgyMWMwNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMK5XsVdUnleV8BEdfCn3MJnNDEzs+ryPGDh2CnWpFbgp9OU0yxT
gBp1U5JmWamtSoZfwQoj0FYp+ouFM1MHFYpODzRKy8QPbdWqLjDwqU8HC0YxclXn
ajQuPpvNviL3fauu3saVIpJmTxEK+Ac4r+HyINKe++35tubeNf7aQiEqw/Mb0d9j
NDHCV3FbA+QuoiNqld5w9nM3KQPd0BIxIhuzs/zSEdh3VCkT4eaC9qMphmbPvfpd
W0Q/liqrNi5EmTwqTQ9LVw5U/4i8wXwkNzvOQXccuueBzLUl9ahgtEks8cnFbk8P
HcaLyMljJdGGNcFTySsgWbRhAiVlE05N0NECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTPMCfe02A5VQNt0fqmsErtSeA4fDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjIwM2QzMjItYTRkYS00ZjllLThmZjgtMzU4MWZmYzFhYzk2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACB/dHIvm3pB2GR1
ugMvl1EidSzOfZfEEULGlim4oMpQy6E/XdK3vWU3EmfLliQGId88xgTfuhPQcjii
l+CIZ4kvq+GRQvhZhZ68QIwRqeqruen2YaoqYRLRLsQBfVB+WSnmkKJrRTJNkDg2
yJHnZNyghItSW181FgT+5wRBZhSP2DI7ULrs05YuH7C0+frYf4RNHmqOZR/9F9NE
HjKayfA2i0BrJAET0+LS/v+JS12a5srNRMk5wlkhkyrNE6OpnFJqOiCXlKdFLX8G
razfMfvuuznkzYW02Y6Y12Atq2tK9GLpA1nE783E12nOyCbsfKCvCJQiTweS9zGM
7EmptJs=
-----END CERTIFICATE-----