Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7f481ab8-acfe-4c1d-9419-43a439fe1811.roa
File:                     7f481ab8-acfe-4c1d-9419-43a439fe1811.roa (raw, json)
Hash identifier:          REy3f6nmEh9Gi4lI76GWM+CIvRXvsIuTcxEySngl6m4=
Subject key identifier:   63:87:A5:17:D5:FC:2B:87:D7:62:10:D9:38:81:95:24:0D:A8:97:08
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1DFFDD2098D4E232D3A6283AB046F5032D235F7E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7f481ab8-acfe-4c1d-9419-43a439fe1811.roa
Signing time:             Fri 26 May 2023 00:00:00 +0000
ROA not before:           Fri 26 May 2023 00:00:00 +0000
ROA not after:            Mon 29 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:ff:dd:20:98:d4:e2:32:d3:a6:28:3a:b0:46:f5:03:2d:23:5f:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 26 00:00:00 2023 GMT
            Not After : May 29 23:59:59 2023 GMT
        Subject: serialNumber=3f09256f175a2e6d2eef04b1f978411aad1f13194510600df0129efe03624793, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d8:e2:60:65:c7:08:83:83:3d:fa:e2:af:24:
                    d2:ef:d9:81:63:d9:c7:77:ca:25:9d:34:78:31:2a:
                    06:8c:26:0e:45:e2:16:0f:98:24:3c:6c:dc:1a:7a:
                    11:02:40:4b:bf:bb:df:a3:0f:e8:47:ec:74:e2:d9:
                    76:a4:ea:23:31:98:59:fb:ef:0d:43:76:29:8b:2e:
                    04:1a:8b:ab:3d:6b:73:3c:ca:e8:c5:8e:2b:c5:ad:
                    6c:b9:44:2b:ba:64:34:5a:b9:aa:e6:c3:4f:e4:b3:
                    c2:4e:d1:49:62:87:b3:b2:c9:fd:c2:29:e1:23:ef:
                    51:85:41:eb:b5:8b:71:29:87:a0:0a:ce:9b:0b:52:
                    b1:86:9d:44:19:de:a9:ae:14:77:65:e1:ce:23:8a:
                    36:b8:4e:f8:c2:3b:cb:39:3e:dc:35:e1:45:32:a8:
                    de:22:db:12:31:40:70:47:10:1f:65:4a:d5:c5:70:
                    5d:6b:75:dc:3f:8d:fc:89:ab:97:4d:d7:82:81:53:
                    5b:f9:9e:c9:23:ad:20:ef:51:46:d9:63:35:4c:83:
                    28:87:33:ba:76:08:da:9d:52:2f:8d:60:55:46:6b:
                    a4:86:66:c9:17:9b:c9:9e:e2:61:a9:65:8b:3f:af:
                    b4:f8:c9:58:d3:70:b1:0a:dc:d7:49:0c:ad:aa:44:
                    c6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:87:A5:17:D5:FC:2B:87:D7:62:10:D9:38:81:95:24:0D:A8:97:08
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7f481ab8-acfe-4c1d-9419-43a439fe1811.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:2e:a7:21:d2:c9:cb:6c:af:c3:57:38:5d:6f:97:57:34:4f:
         12:27:3c:4a:52:50:51:38:fc:61:51:5d:99:cc:d3:67:5e:95:
         63:85:52:ca:18:c3:f5:e4:0b:05:b0:ef:1e:34:d9:ee:77:91:
         a3:0c:b6:1d:15:c5:33:f6:19:15:d8:dd:d5:77:da:17:08:85:
         01:79:d7:79:6f:f2:d3:a0:00:3e:e7:b5:7f:52:6c:33:2e:2a:
         ea:cf:cd:e9:96:82:6e:c0:e6:21:b6:86:02:b0:b4:af:b9:d4:
         85:05:7e:52:f8:4c:e4:d8:f7:3e:15:54:b9:5e:47:45:01:52:
         ba:81:7d:5c:c8:74:60:25:54:df:40:28:19:91:91:5d:0c:6c:
         87:3c:36:d2:5f:4a:17:6e:5c:76:9c:a0:eb:f8:5e:d1:42:59:
         47:15:30:1a:87:ac:58:bf:d4:75:2b:4a:65:8a:da:46:49:cd:
         25:c2:ef:95:39:a2:24:53:6d:c5:29:d0:3f:f8:5d:ca:c9:17:
         d3:95:1b:41:51:b4:f6:52:f7:d3:c0:87:45:b8:76:ae:c5:f9:
         60:4a:f5:0b:ca:4a:2d:ab:9e:13:ce:9f:3f:6b:f5:63:21:62:
         d2:96:62:a6:7b:45:c4:61:be:ab:0e:95:fc:5a:d7:16:52:b1:
         6a:95:e8:69
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHf/dIJjU4jLTpig6sEb1Ay0jX34wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI2MDAwMDAwWhcNMjMwNTI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2YwOTI1NmYxNzVhMmU2ZDJlZWYwNGIxZjk3ODQxMWFh
ZDFmMTMxOTQ1MTA2MDBkZjAxMjllZmUwMzYyNDc5MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMbY4mBlxwiDgz364q8k0u/ZgWPZx3fKJZ00eDEqBowmDkXiFg+Y
JDxs3Bp6EQJAS7+736MP6EfsdOLZdqTqIzGYWfvvDUN2KYsuBBqLqz1rczzK6MWO
K8WtbLlEK7pkNFq5qubDT+Szwk7RSWKHs7LJ/cIp4SPvUYVB67WLcSmHoArOmwtS
sYadRBneqa4Ud2XhziOKNrhO+MI7yzk+3DXhRTKo3iLbEjFAcEcQH2VK1cVwXWt1
3D+N/Imrl03XgoFTW/meySOtIO9RRtljNUyDKIczunYI2p1SL41gVUZrpIZmyReb
yZ7iYalliz+vtPjJWNNwsQrc10kMrapExrUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRjh6UX1fwrh9diENk4gZUkDaiXCDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2Y0ODFhYjgtYWNmZS00YzFkLTk0MTktNDNhNDM5ZmUxODExLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF4upyHSyctsr8NX
OF1vl1c0TxInPEpSUFE4/GFRXZnM02delWOFUsoYw/XkCwWw7x402e53kaMMth0V
xTP2GRXY3dV32hcIhQF513lv8tOgAD7ntX9SbDMuKurPzemWgm7A5iG2hgKwtK+5
1IUFflL4TOTY9z4VVLleR0UBUrqBfVzIdGAlVN9AKBmRkV0MbIc8NtJfShduXHac
oOv4XtFCWUcVMBqHrFi/1HUrSmWK2kZJzSXC75U5oiRTbcUp0D/4XcrJF9OVG0FR
tPZS99PAh0W4dq7F+WBK9QvKSi2rnhPOnz9r9WMhYtKWYqZ7RcRhvqsOlfxa1xZS
sWqV6Gk=
-----END CERTIFICATE-----