Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/796f9949-548a-4fd9-8892-634213ec9def.roa
File:                     796f9949-548a-4fd9-8892-634213ec9def.roa (raw, json)
Hash identifier:          stRMaTd+LCjbKXngdkFW/XJ9EsLcTYLu3XM6lWs+Qlo=
Subject key identifier:   09:EA:F8:4F:2C:A3:7D:C1:9C:53:DC:1F:C8:0C:4D:46:8F:95:4F:36
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       577095145CFFFAD0E52C73F235236DCDF952DA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/796f9949-548a-4fd9-8892-634213ec9def.roa
Signing time:             Mon 30 Jan 2023 00:00:00 +0000
ROA not before:           Mon 30 Jan 2023 00:00:00 +0000
ROA not after:            Thu 02 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:70:95:14:5c:ff:fa:d0:e5:2c:73:f2:35:23:6d:cd:f9:52:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 30 00:00:00 2023 GMT
            Not After : Feb  2 23:59:59 2023 GMT
        Subject: serialNumber=06513e7d7906d47760936a2e7101c87d7318de0c22ff1fdd37bee36dfd4977e4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d3:76:49:58:52:9c:0d:19:3d:89:80:2c:62:
                    c3:b4:f9:23:b1:ac:21:61:e5:bf:53:b0:01:7a:f5:
                    bc:d7:38:49:8b:cc:2f:cb:bf:b8:ca:9b:06:c4:ee:
                    52:85:fb:33:41:b8:af:3b:76:fc:e0:25:2c:c0:cd:
                    89:c6:d2:2f:ed:f4:5a:5b:31:64:26:33:d5:e8:93:
                    c7:20:f3:5f:2c:41:cb:02:db:31:56:16:e0:be:63:
                    ef:67:c6:2e:bb:90:a2:95:7a:01:69:ec:43:e1:ce:
                    d6:c8:f5:73:40:6d:21:64:6f:16:ad:e0:4b:aa:8f:
                    ea:a7:cd:c2:0d:36:fa:4b:05:cb:4a:fc:e0:b8:d4:
                    89:28:7a:08:77:41:aa:cf:9f:84:38:32:81:09:89:
                    e9:6c:2a:67:f8:ea:a3:22:f0:8c:1d:8f:82:ca:1c:
                    0e:f7:89:10:de:a0:12:8b:8b:8f:3d:df:5b:d6:28:
                    c8:63:a5:9b:ed:3d:14:47:44:a6:5d:2f:db:1d:41:
                    cc:97:bb:14:e8:1b:ae:dc:dd:72:2e:12:0e:c8:d6:
                    a8:51:53:55:35:71:c0:fd:87:4e:c9:22:4b:08:e0:
                    c3:4d:93:8b:0a:c7:36:35:c1:2b:d2:85:64:52:c3:
                    44:1e:02:31:3b:5f:e1:52:9a:41:21:79:09:35:dd:
                    00:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:EA:F8:4F:2C:A3:7D:C1:9C:53:DC:1F:C8:0C:4D:46:8F:95:4F:36
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/796f9949-548a-4fd9-8892-634213ec9def.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:9f:4a:0d:a7:1e:40:2b:78:65:86:b3:d1:c2:f3:32:55:fc:
         14:c9:ea:ff:8f:fd:f0:64:77:19:5b:07:d1:bd:ce:99:26:4b:
         b9:61:08:7e:49:b6:da:fc:6b:85:39:51:9c:1e:37:c5:ce:f3:
         94:d6:6b:eb:51:48:2a:28:77:05:5c:df:a2:30:bd:e1:a2:66:
         07:f5:64:04:59:e4:43:af:46:66:f9:0f:d9:bf:21:c6:c4:bf:
         fd:98:45:e4:e8:2a:84:d6:35:d3:e4:91:80:da:b1:d3:dc:89:
         3c:be:fd:44:49:7d:e2:40:1e:9f:58:d9:f5:29:95:6f:11:bd:
         ad:50:f6:c8:78:e8:6a:bb:0b:83:a7:bd:9f:d6:3a:ae:bc:f1:
         2a:09:f5:9f:5e:9c:a0:d8:18:8f:46:a2:76:67:f9:d7:ac:00:
         49:c5:92:e9:e2:e7:90:df:6d:57:39:ba:23:41:0d:a6:a6:b4:
         48:a0:8a:bb:94:a8:00:ec:b4:83:4a:ab:23:90:3c:d1:b2:d1:
         00:10:98:6b:41:da:2b:50:3a:7b:de:48:35:cf:54:9a:64:78:
         0b:c2:0c:eb:80:4b:8d:18:9e:ab:34:92:04:3a:0f:35:07:5d:
         a8:1a:b4:6e:f9:8a:0b:61:7a:a0:53:0d:c0:cf:af:24:cf:74:
         dd:d9:34:b9
-----BEGIN CERTIFICATE-----
MIIGMDCCBRigAwIBAgITV3CVFFz/+tDlLHPyNSNtzflS2jANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5NGIwOTJkODZm
YjFkN2EwZjc0ZTI4MTYxMTAeFw0yMzAxMzAwMDAwMDBaFw0yMzAyMDIyMzU5NTla
MIGlMUkwRwYDVQQFE0AwNjUxM2U3ZDc5MDZkNDc3NjA5MzZhMmU3MTAxYzg3ZDcz
MThkZTBjMjJmZjFmZGQzN2JlZTM2ZGZkNDk3N2U0MS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMxFDASBgNVBAsTC0FtYXpvbiBS
UEtJMRMwEQYDVQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEArdN2SVhSnA0ZPYmALGLDtPkjsawhYeW/U7ABevW81zhJi8wvy7+4
ypsGxO5ShfszQbivO3b84CUswM2JxtIv7fRaWzFkJjPV6JPHIPNfLEHLAtsxVhbg
vmPvZ8Yuu5CilXoBaexD4c7WyPVzQG0hZG8WreBLqo/qp83CDTb6SwXLSvzguNSJ
KHoId0Gqz5+EODKBCYnpbCpn+OqjIvCMHY+CyhwO94kQ3qASi4uPPd9b1ijIY6Wb
7T0UR0SmXS/bHUHMl7sU6Buu3N1yLhIOyNaoUVNVNXHA/YdOySJLCODDTZOLCsc2
NcEr0oVkUsNEHgIxO1/hUppBIXkJNd0A6wIDAQABo4ICvjCCArowHQYDVR0OBBYE
FAnq+E8so33BnFPcH8gMTUaPlU82MB8GA1UdIwQYMBaAFJFE7cekDumQt/o2b/bh
fXmtxIOXMA4GA1UdDwEB/wQEAwIHgDCB8wYIKwYBBQUHAQEEgeYwgeMwgeAGCCsG
AQUFBzAChoHTcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1y
cGtpLXRhLzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8wMzU3
MjcyYy1hNzlhLTQ1YmYtOTU4Ni05MmRkNDllZjMyMjMvNzNmMjFjMmItODgyMy00
YzI0LWIyNWItNDNjODBjYjZkMWJiLzI3OGFhYjg3OGYyODMxYmIxODIzYjU4Nzk0
YjA5MmQ4NmZiMWQ3YTBmNzRlMjgxNjExLmNlcjCBngYIKwYBBQUHAQsEgZEwgY4w
gYsGCCsGAQUFBzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNkLTFhNWJlNzQ4
YmZlYS83OTZmOTk0OS01NDhhLTRmZDktODg5Mi02MzQyMTNlYzlkZWYucm9hMIGV
BgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2Qt
MWE1YmU3NDhiZmVhLzRiYjhhZTVjLTEyNGMtNDJmMy04N2ZiLTRmMzRlNzRlM2Rh
Mi5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAMckeDANBgkqhkiG9w0BAQsFAAOCAQEAkp9KDaceQCt4ZYaz
0cLzMlX8FMnq/4/98GR3GVsH0b3OmSZLuWEIfkm22vxrhTlRnB43xc7zlNZr61FI
Kih3BVzfojC94aJmB/VkBFnkQ69GZvkP2b8hxsS//ZhF5OgqhNY10+SRgNqx09yJ
PL79REl94kAen1jZ9SmVbxG9rVD2yHjoarsLg6e9n9Y6rrzxKgn1n16coNgYj0ai
dmf516wAScWS6eLnkN9tVzm6I0ENpqa0SKCKu5SoAOy0g0qrI5A80bLRABCYa0Ha
K1A6e95INc9UmmR4C8IM64BLjRieqzSSBDoPNQddqBq0bvmKC2F6oFMNwM+vJM90
3dk0uQ==
-----END CERTIFICATE-----