Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6c71c514-a8b9-41b5-a284-19500834155a.roa
File:                     6c71c514-a8b9-41b5-a284-19500834155a.roa (raw, json)
Hash identifier:          LhwuhM5jX4jE0JOhJC2AfC/mhymxiUkLe9ZZH4M/3zQ=
Subject key identifier:   B4:5E:B1:3B:7D:EC:99:F4:FA:79:7A:C2:C8:FB:F8:6A:39:75:4A:4E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0EBBC101FAD07D1325498459F019695EC5E3A964
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6c71c514-a8b9-41b5-a284-19500834155a.roa
Signing time:             Mon 17 Apr 2023 00:00:00 +0000
ROA not before:           Mon 17 Apr 2023 00:00:00 +0000
ROA not after:            Thu 20 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:bb:c1:01:fa:d0:7d:13:25:49:84:59:f0:19:69:5e:c5:e3:a9:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 17 00:00:00 2023 GMT
            Not After : Apr 20 23:59:59 2023 GMT
        Subject: serialNumber=757733eefb54995974fe31d7793f5c56e30f5c9c80b9b4e709e28240e941c8e5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ac:38:e9:fd:82:fd:c3:81:7f:a1:95:2d:7a:
                    56:27:68:1c:71:42:2b:3b:f0:0d:2b:9b:74:96:d8:
                    07:a7:e5:ca:17:71:79:2b:a2:59:cc:00:d8:f5:95:
                    9d:e1:b2:a4:74:f5:67:49:73:03:a6:94:ee:65:78:
                    cc:45:90:15:50:f2:dd:73:68:95:49:af:f4:05:e7:
                    c2:5e:33:b6:7e:86:81:71:3c:eb:3e:c9:46:77:4b:
                    e9:ff:a0:f7:51:3d:4c:ea:ac:71:70:d7:7f:2b:1c:
                    f8:2d:24:4d:e6:95:95:02:02:72:55:41:3c:60:93:
                    15:44:3a:dc:f3:a3:de:20:52:45:10:0c:17:ac:e9:
                    d7:78:eb:c5:6f:71:a6:56:ea:c5:b9:89:99:33:47:
                    56:33:3b:a2:bd:90:16:2c:f0:b9:70:74:9c:c5:46:
                    49:c4:1f:1a:a1:91:72:75:f2:92:3a:93:1c:09:66:
                    a9:7f:63:58:bc:ce:e5:11:7a:bd:03:6c:15:0a:b5:
                    7d:b1:48:ea:28:cb:b4:0e:50:4a:58:95:a7:0a:e1:
                    3c:8d:33:bd:25:ea:0e:ec:b0:94:9b:b9:97:5a:85:
                    16:85:7f:b4:f0:a4:23:5e:80:94:9e:ca:e0:3d:0d:
                    51:05:89:c1:95:a3:4d:42:99:6e:e1:60:47:cf:64:
                    a9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5E:B1:3B:7D:EC:99:F4:FA:79:7A:C2:C8:FB:F8:6A:39:75:4A:4E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6c71c514-a8b9-41b5-a284-19500834155a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:d9:25:30:29:12:b8:13:17:b7:29:37:67:86:a7:e4:83:b3:
         24:34:cd:55:aa:44:73:0b:78:e4:7d:45:f1:38:7f:92:64:2a:
         76:c9:ee:4a:a1:dc:5f:56:95:7d:7f:55:f5:66:ca:2f:50:2d:
         bf:0b:d8:74:a2:98:19:48:4f:12:ed:2c:4c:27:54:a0:c5:83:
         ba:06:bb:3e:6e:da:df:f1:27:f4:fe:56:6c:93:4c:f2:e2:fe:
         02:e6:1d:87:5c:38:7d:1a:c1:f5:09:38:2b:9d:45:26:33:73:
         fb:b9:0b:0d:cc:5f:1e:a2:54:c0:eb:e6:6a:ba:8f:8e:64:88:
         ff:fd:f3:57:c2:d2:9e:3f:0a:5d:62:4e:55:6b:00:08:79:6f:
         c9:8b:bb:a4:44:0b:4b:df:b9:f3:99:86:f3:73:72:53:2d:4c:
         29:e3:74:e0:09:28:cc:3f:0f:03:df:04:61:dd:e2:83:ee:52:
         4f:25:36:50:67:29:97:a7:76:56:76:fd:dd:24:f2:a8:c8:c6:
         5f:f6:55:03:4b:40:9d:7e:b3:01:ec:9b:c2:26:99:34:6a:ec:
         49:7e:e5:e4:66:e6:5d:5d:71:30:30:cf:d7:50:64:fe:2f:d1:
         b2:13:94:97:cd:38:b1:b7:0f:3b:e1:c3:2f:41:00:8b:e2:b9:
         d3:73:0d:ce
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDrvBAfrQfRMlSYRZ8BlpXsXjqWQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE3MDAwMDAwWhcNMjMwNDIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzU3NzMzZWVmYjU0OTk1OTc0ZmUzMWQ3NzkzZjVjNTZl
MzBmNWM5YzgwYjliNGU3MDllMjgyNDBlOTQxYzhlNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANGsOOn9gv3DgX+hlS16VidoHHFCKzvwDSubdJbYB6flyhdxeSui
WcwA2PWVneGypHT1Z0lzA6aU7mV4zEWQFVDy3XNolUmv9AXnwl4ztn6GgXE86z7J
RndL6f+g91E9TOqscXDXfysc+C0kTeaVlQICclVBPGCTFUQ63POj3iBSRRAMF6zp
13jrxW9xplbqxbmJmTNHVjM7or2QFizwuXB0nMVGScQfGqGRcnXykjqTHAlmqX9j
WLzO5RF6vQNsFQq1fbFI6ijLtA5QSliVpwrhPI0zvSXqDuywlJu5l1qFFoV/tPCk
I16AlJ7K4D0NUQWJwZWjTUKZbuFgR89kqacCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS0XrE7feyZ9Pp5esLI+/hqOXVKTjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNmM3MWM1MTQtYThiOS00MWI1LWEyODQtMTk1MDA4MzQxNTVhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAzZJTApErgTF7cp
N2eGp+SDsyQ0zVWqRHMLeOR9RfE4f5JkKnbJ7kqh3F9WlX1/VfVmyi9QLb8L2HSi
mBlITxLtLEwnVKDFg7oGuz5u2t/xJ/T+VmyTTPLi/gLmHYdcOH0awfUJOCudRSYz
c/u5Cw3MXx6iVMDr5mq6j45kiP/981fC0p4/Cl1iTlVrAAh5b8mLu6REC0vfufOZ
hvNzclMtTCnjdOAJKMw/DwPfBGHd4oPuUk8lNlBnKZendlZ2/d0k8qjIxl/2VQNL
QJ1+swHsm8ImmTRq7El+5eRm5l1dcTAwz9dQZP4v0bITlJfNOLG3Dzvhwy9BAIvi
udNzDc4=
-----END CERTIFICATE-----