Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/763ba116-2478-449b-a311-7b878ae9b8e3.roa
File:                     763ba116-2478-449b-a311-7b878ae9b8e3.roa (raw, json)
Hash identifier:          ya505ce2PjyQLASEMfBXGnfeu2YH3OzUJpB2eDwQZ/M=
Subject key identifier:   D7:DD:30:9A:1B:B3:ED:13:F6:31:0E:63:5B:17:C1:B2:E0:E4:50:BC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0AD5ED4F291010DB03C3B06BA28346A74B678A91
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/763ba116-2478-449b-a311-7b878ae9b8e3.roa
Signing time:             Mon 27 Mar 2023 00:00:00 +0000
ROA not before:           Mon 27 Mar 2023 00:00:00 +0000
ROA not after:            Thu 30 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:d5:ed:4f:29:10:10:db:03:c3:b0:6b:a2:83:46:a7:4b:67:8a:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 27 00:00:00 2023 GMT
            Not After : Mar 30 23:59:59 2023 GMT
        Subject: serialNumber=52008b7bb3e36bb6d9a8ea9081df7fcf19f73472b6f7d4193eb6f30476e53c3e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:02:b3:9d:2e:7e:e5:59:b7:34:15:58:a6:90:
                    57:46:e2:d2:28:97:1a:dd:03:e1:ee:ef:6f:98:5a:
                    c8:64:ff:0b:12:24:9a:17:f7:de:86:82:e9:36:20:
                    cc:fe:12:c6:4c:75:dd:79:d0:7a:ee:5b:eb:d5:e2:
                    09:0c:49:b9:eb:91:7a:c5:53:93:68:e5:34:e1:b1:
                    d8:84:83:6e:96:b2:e1:3b:dd:e6:f7:cb:cd:c6:a1:
                    2b:ac:aa:e9:19:9f:8d:ad:de:8e:bf:47:79:6e:77:
                    a1:95:51:ea:e4:f4:70:d7:4d:37:a3:64:b9:79:e3:
                    ef:6d:23:8f:10:cf:83:a7:3c:24:57:49:f2:3e:26:
                    13:46:51:7d:e1:02:de:ab:de:1d:32:3d:cc:6b:6b:
                    30:62:c6:ad:6a:4d:68:c3:ea:f1:21:e0:c8:0e:4c:
                    cb:09:bc:dc:0a:94:cb:88:ae:d1:b3:c1:ae:b2:ee:
                    c2:83:aa:a3:35:78:11:c1:26:ea:78:33:72:e7:a8:
                    88:9f:87:a8:d5:3f:4a:94:6a:e1:0e:56:f1:ec:43:
                    17:74:f7:0d:50:4b:1e:ae:b0:38:89:3a:46:83:7a:
                    50:98:36:7c:88:91:4f:c7:9c:14:94:a2:45:be:b0:
                    70:86:d0:30:31:6a:00:d3:f3:62:93:e5:0d:c8:c4:
                    f5:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:DD:30:9A:1B:B3:ED:13:F6:31:0E:63:5B:17:C1:B2:E0:E4:50:BC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/763ba116-2478-449b-a311-7b878ae9b8e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:f2:72:98:a2:41:50:f4:e1:ea:49:dc:60:85:78:1c:76:fd:
         06:21:32:24:17:39:2c:f9:8e:ad:3a:b7:cb:0e:66:6f:d7:b3:
         40:5a:a2:67:81:8d:d1:e9:a6:d7:ca:73:98:f7:4b:31:ec:6f:
         b9:86:29:41:a0:f1:22:16:1f:de:17:59:c2:b4:49:e5:0d:98:
         f1:84:53:2b:58:cc:e4:3e:e3:fb:8b:26:1e:b4:71:ee:52:6c:
         b9:f1:26:77:4f:49:5a:80:20:0c:c4:a9:86:3a:b7:49:5b:40:
         cf:43:fa:28:29:67:1d:84:42:f7:3c:4a:33:b0:31:45:3c:38:
         c1:f3:45:35:2b:ca:0a:f3:f3:70:15:4c:0e:bc:bb:ca:36:b2:
         e4:8c:71:63:62:22:d6:d7:66:a1:3a:9d:0e:2f:48:68:3a:76:
         65:a9:0f:28:2f:74:d2:1a:64:94:18:e8:15:33:ed:d8:f7:35:
         fb:40:d5:08:be:24:1b:b7:84:76:f7:59:ab:71:0b:e1:93:23:
         29:b3:b1:22:c9:bf:e5:92:9a:37:8f:26:cc:08:54:cd:6b:bd:
         b7:8f:bb:de:e0:0b:b0:30:50:e0:ec:c1:1a:bc:1a:92:f9:d5:
         c9:e8:22:cc:33:ff:d3:52:83:80:14:8e:54:aa:dc:30:ea:11:
         21:b2:0d:07
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCtXtTykQENsDw7BrooNGp0tnipEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI3MDAwMDAwWhcNMjMwMzMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANTIwMDhiN2JiM2UzNmJiNmQ5YThlYTkwODFkZjdmY2Yx
OWY3MzQ3MmI2ZjdkNDE5M2ViNmYzMDQ3NmU1M2MzZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALECs50ufuVZtzQVWKaQV0bi0iiXGt0D4e7vb5hayGT/CxIkmhf3
3oaC6TYgzP4Sxkx13XnQeu5b69XiCQxJueuResVTk2jlNOGx2ISDbpay4Tvd5vfL
zcahK6yq6Rmfja3ejr9HeW53oZVR6uT0cNdNN6NkuXnj720jjxDPg6c8JFdJ8j4m
E0ZRfeEC3qveHTI9zGtrMGLGrWpNaMPq8SHgyA5Mywm83AqUy4iu0bPBrrLuwoOq
ozV4EcEm6ngzcueoiJ+HqNU/SpRq4Q5W8exDF3T3DVBLHq6wOIk6RoN6UJg2fIiR
T8ecFJSiRb6wcIbQMDFqANPzYpPlDcjE9XUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTX3TCaG7PtE/YxDmNbF8Gy4ORQvDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzYzYmExMTYtMjQ3OC00NDliLWEzMTEtN2I4NzhhZTliOGUzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI/ycpiiQVD04epJ
3GCFeBx2/QYhMiQXOSz5jq06t8sOZm/Xs0BaomeBjdHpptfKc5j3SzHsb7mGKUGg
8SIWH94XWcK0SeUNmPGEUytYzOQ+4/uLJh60ce5SbLnxJndPSVqAIAzEqYY6t0lb
QM9D+igpZx2EQvc8SjOwMUU8OMHzRTUrygrz83AVTA68u8o2suSMcWNiItbXZqE6
nQ4vSGg6dmWpDygvdNIaZJQY6BUz7dj3NftA1Qi+JBu3hHb3WatxC+GTIymzsSLJ
v+WSmjePJswIVM1rvbePu97gC7AwUODswRq8GpL51cnoIswz/9NSg4AUjlSq3DDq
ESGyDQc=
-----END CERTIFICATE-----