Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7852da94-0e6d-4137-a014-38af2a56df95.roa
File:                     7852da94-0e6d-4137-a014-38af2a56df95.roa (raw, json)
Hash identifier:          XkYDdV4FLAriYQ4kioH3hukkjG0nbJs8RubSdxYvCvs=
Subject key identifier:   83:36:B7:D3:0C:D5:BE:32:83:09:63:F5:5D:E5:72:90:AA:4C:9A:88
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4074E3E24E29C38B75D6F1E8072674E38F7F6C1F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7852da94-0e6d-4137-a014-38af2a56df95.roa
Signing time:             Sat 18 Feb 2023 00:00:00 +0000
ROA not before:           Sat 18 Feb 2023 00:00:00 +0000
ROA not after:            Tue 21 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:74:e3:e2:4e:29:c3:8b:75:d6:f1:e8:07:26:74:e3:8f:7f:6c:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 18 00:00:00 2023 GMT
            Not After : Feb 21 23:59:59 2023 GMT
        Subject: serialNumber=1a01c64cd43510be10b5b58058d3030021d5d63b86f224d4ef163358cd603b66, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:38:f3:9d:6b:b7:55:96:73:11:58:9e:38:41:
                    55:35:88:a3:91:13:e7:64:e3:31:e2:b1:11:c9:e1:
                    25:53:7c:eb:ec:6e:5b:ae:7a:b1:8f:67:31:92:09:
                    ec:dd:c6:d8:ea:6f:a5:4f:23:8f:48:70:ec:2e:fc:
                    50:dd:2f:9c:47:5d:d9:af:a1:bc:53:75:1f:0a:2c:
                    b2:d9:28:1e:45:42:9f:93:b3:df:d6:0d:9a:a2:a9:
                    45:19:ad:f2:0d:17:e9:dd:a7:57:1e:9a:6a:ab:2c:
                    a5:bd:29:15:d7:7a:90:ff:31:c0:61:ed:5b:7b:ca:
                    9f:5a:e4:57:c8:7b:60:9b:ba:dc:2e:a7:3b:52:e1:
                    5a:26:4b:7d:bc:02:ad:a7:69:bb:8e:c8:06:f2:a0:
                    4c:97:9b:05:ad:f6:fa:b4:5d:0c:09:29:3b:03:a6:
                    88:05:e6:23:fa:41:0c:bf:73:1c:63:13:b4:da:56:
                    a6:e7:36:76:11:79:2b:8c:75:a0:ac:13:40:49:53:
                    d6:35:c6:1f:78:65:69:73:da:66:8e:8a:81:6e:8d:
                    c9:5d:58:3e:e6:5f:3b:d8:1d:24:10:aa:64:88:6f:
                    d5:61:c0:b8:78:5f:6e:df:35:53:a5:cc:19:24:00:
                    ce:70:4b:b4:ae:47:39:e5:9e:4c:ff:50:a4:e8:f5:
                    57:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:36:B7:D3:0C:D5:BE:32:83:09:63:F5:5D:E5:72:90:AA:4C:9A:88
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7852da94-0e6d-4137-a014-38af2a56df95.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:c4:fe:52:e5:7c:63:1b:c9:26:44:a6:f5:a9:ad:b6:0c:d6:
         52:19:3f:7c:b3:cc:bd:57:13:2d:33:fd:1b:04:d6:de:ad:4a:
         5f:38:f8:8e:0e:be:5a:ec:68:85:01:c7:76:b8:86:ea:31:5e:
         97:65:e7:c4:2a:3b:5a:19:c8:65:d6:60:7b:54:8d:29:b1:03:
         be:ca:71:74:3b:42:f2:b5:2d:59:7d:53:31:82:15:8b:86:0a:
         03:64:77:93:65:33:b1:65:c7:1e:fe:c6:1d:5c:6d:d3:65:20:
         ad:9a:69:82:b6:7c:61:24:45:b7:a0:53:1f:10:d0:d9:c3:51:
         1f:6a:04:18:eb:5f:99:8c:2e:06:a6:93:b9:25:c4:f2:7c:72:
         23:db:d4:7f:27:b9:db:14:14:8a:f7:a4:9a:1f:58:c5:7f:67:
         d7:30:0a:d6:f7:3d:c9:34:ee:a6:30:7c:c3:36:a7:5c:16:62:
         a5:c5:f5:61:03:e1:ee:5b:17:88:29:b0:8b:37:3a:15:3d:65:
         5c:ca:bd:bc:39:ed:7a:9f:9c:f8:14:8c:2b:77:c8:4c:0e:89:
         d9:8b:82:5d:c5:b8:b8:b5:7c:13:df:33:29:f5:75:01:03:8a:
         cc:d7:d2:90:71:2d:8b:74:65:16:1d:26:92:cd:45:8b:bf:82:
         fe:7c:5d:f8
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQHTj4k4pw4t11vHoByZ0449/bB8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE4MDAwMDAwWhcNMjMwMjIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWEwMWM2NGNkNDM1MTBiZTEwYjViNTgwNThkMzAzMDAy
MWQ1ZDYzYjg2ZjIyNGQ0ZWYxNjMzNThjZDYwM2I2NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOI4851rt1WWcxFYnjhBVTWIo5ET52TjMeKxEcnhJVN86+xuW656
sY9nMZIJ7N3G2OpvpU8jj0hw7C78UN0vnEdd2a+hvFN1HwosstkoHkVCn5Oz39YN
mqKpRRmt8g0X6d2nVx6aaqsspb0pFdd6kP8xwGHtW3vKn1rkV8h7YJu63C6nO1Lh
WiZLfbwCradpu47IBvKgTJebBa32+rRdDAkpOwOmiAXmI/pBDL9zHGMTtNpWpuc2
dhF5K4x1oKwTQElT1jXGH3hlaXPaZo6KgW6NyV1YPuZfO9gdJBCqZIhv1WHAuHhf
bt81U6XMGSQAznBLtK5HOeWeTP9QpOj1V1kCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSDNrfTDNW+MoMJY/Vd5XKQqkyaiDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzg1MmRhOTQtMGU2ZC00MTM3LWEwMTQtMzhhZjJhNTZkZjk1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFrE/lLlfGMbySZE
pvWprbYM1lIZP3yzzL1XEy0z/RsE1t6tSl84+I4OvlrsaIUBx3a4huoxXpdl58Qq
O1oZyGXWYHtUjSmxA77KcXQ7QvK1LVl9UzGCFYuGCgNkd5NlM7Flxx7+xh1cbdNl
IK2aaYK2fGEkRbegUx8Q0NnDUR9qBBjrX5mMLgamk7klxPJ8ciPb1H8nudsUFIr3
pJofWMV/Z9cwCtb3Pck07qYwfMM2p1wWYqXF9WED4e5bF4gpsIs3OhU9ZVzKvbw5
7XqfnPgUjCt3yEwOidmLgl3FuLi1fBPfMyn1dQEDiszX0pBxLYt0ZRYdJpLNRYu/
gv58Xfg=
-----END CERTIFICATE-----