Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8de6e303-a78d-419d-8c13-cb6e4f4e03b6.roa
File:                     8de6e303-a78d-419d-8c13-cb6e4f4e03b6.roa (raw, json)
Hash identifier:          z9CNrVZoPp50/7dS+gej4gthJFh/PXa0NO4VKhHvt8M=
Subject key identifier:   58:1B:9D:3A:50:02:4D:37:C6:43:94:8E:91:37:10:2F:4F:34:B8:E8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5FADF55F3164081C4C348BA474DB6EE34ABCE787
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8de6e303-a78d-419d-8c13-cb6e4f4e03b6.roa
Signing time:             Thu 23 Mar 2023 00:00:00 +0000
ROA not before:           Thu 23 Mar 2023 00:00:00 +0000
ROA not after:            Sun 26 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:ad:f5:5f:31:64:08:1c:4c:34:8b:a4:74:db:6e:e3:4a:bc:e7:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 23 00:00:00 2023 GMT
            Not After : Mar 26 23:59:59 2023 GMT
        Subject: serialNumber=b42954cf8c80fd0fd7649d61f8f3ee4208f63cc16b5bec12d7d4f6e8644f4f2a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c5:70:62:f5:22:d5:12:9b:d6:4d:44:d1:02:
                    1c:15:a7:c7:19:40:7d:d2:28:08:1c:f2:2a:d6:03:
                    f7:1f:d2:df:36:1e:21:03:f2:a0:8b:82:77:12:ab:
                    c7:a6:76:54:61:26:44:dd:4a:98:4a:78:f8:80:96:
                    4a:5a:07:ee:62:3c:37:6d:49:a0:84:68:09:b9:df:
                    d5:c4:5e:c6:d3:ae:9a:af:71:db:23:d9:0c:d8:2f:
                    c1:07:4f:fa:1d:07:db:5f:9b:c7:76:6f:2f:52:85:
                    14:76:25:2f:95:bf:62:47:3f:b8:87:f4:7c:c2:09:
                    8a:5a:91:3f:b6:09:cd:67:94:41:9f:35:11:cd:05:
                    74:12:5f:a9:3d:f2:ed:92:16:ec:9b:cc:00:07:16:
                    d5:53:a9:49:27:ad:40:f6:17:6a:bb:1b:23:e6:15:
                    6a:35:8d:b1:31:13:b1:57:04:2f:c7:aa:65:4a:b4:
                    ec:f9:a8:19:35:bf:b5:0e:ab:1b:c9:a7:f5:c0:fa:
                    d1:c6:27:9b:58:6e:c1:dc:40:29:e6:a3:6f:62:06:
                    f2:b6:fd:74:53:b8:35:e5:29:a5:52:43:e8:9e:e4:
                    26:92:ee:90:5e:4b:63:e5:7a:88:79:d6:80:68:df:
                    c9:aa:a5:51:44:00:da:7b:fe:c7:90:87:0c:7e:c2:
                    a8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:1B:9D:3A:50:02:4D:37:C6:43:94:8E:91:37:10:2F:4F:34:B8:E8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8de6e303-a78d-419d-8c13-cb6e4f4e03b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:3f:e9:a8:d8:2b:f8:94:46:b5:67:00:62:49:c8:77:ab:ef:
         91:42:f7:c8:b3:d0:14:08:f1:9f:75:49:04:6c:70:d7:7f:f9:
         1d:5d:ab:dd:1c:c4:12:2c:f3:98:37:a8:db:21:1d:1f:b1:62:
         75:d2:6d:ec:c3:8e:82:af:77:ac:cf:90:b1:94:d2:82:b4:71:
         b3:89:60:a3:b4:96:3f:fa:0d:18:34:1c:c7:8e:00:d5:23:65:
         57:b7:96:e4:58:d9:7b:3a:97:ab:84:f4:75:21:48:89:5b:53:
         b4:c7:53:73:fc:2c:34:dd:5a:ac:90:c2:d6:c8:b4:6d:e4:48:
         a8:b5:20:39:1c:2d:3b:44:a7:f0:94:58:3f:7c:b8:00:d2:4f:
         14:0e:f6:11:74:6c:c1:19:f1:94:ad:e9:7a:b7:0e:40:98:f3:
         af:3c:68:97:ae:db:f6:04:23:2e:2f:9e:5b:11:e4:65:cb:d5:
         35:9c:6d:8c:fb:88:73:eb:66:72:c1:c2:7f:17:22:95:6a:ff:
         ae:e1:28:2a:7e:27:61:f6:ed:10:db:64:73:75:e7:c8:30:60:
         8c:e6:94:c0:9c:aa:b8:1c:ca:42:dc:9f:13:81:c1:64:a5:17:
         d9:a1:0d:eb:55:1a:04:d5:a9:86:8a:33:67:f3:0e:5e:78:0c:
         f1:78:cb:4b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUX631XzFkCBxMNIukdNtu40q854cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIzMDAwMDAwWhcNMjMwMzI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjQyOTU0Y2Y4YzgwZmQwZmQ3NjQ5ZDYxZjhmM2VlNDIw
OGY2M2NjMTZiNWJlYzEyZDdkNGY2ZTg2NDRmNGYyYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALbFcGL1ItUSm9ZNRNECHBWnxxlAfdIoCBzyKtYD9x/S3zYeIQPy
oIuCdxKrx6Z2VGEmRN1KmEp4+ICWSloH7mI8N21JoIRoCbnf1cRextOumq9x2yPZ
DNgvwQdP+h0H21+bx3ZvL1KFFHYlL5W/Ykc/uIf0fMIJilqRP7YJzWeUQZ81Ec0F
dBJfqT3y7ZIW7JvMAAcW1VOpSSetQPYXarsbI+YVajWNsTETsVcEL8eqZUq07Pmo
GTW/tQ6rG8mn9cD60cYnm1huwdxAKeajb2IG8rb9dFO4NeUppVJD6J7kJpLukF5L
Y+V6iHnWgGjfyaqlUUQA2nv+x5CHDH7CqGECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRYG506UAJNN8ZDlI6RNxAvTzS46DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGRlNmUzMDMtYTc4ZC00MTlkLThjMTMtY2I2ZTRmNGUwM2I2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFc/6ajYK/iURrVn
AGJJyHer75FC98iz0BQI8Z91SQRscNd/+R1dq90cxBIs85g3qNshHR+xYnXSbezD
joKvd6zPkLGU0oK0cbOJYKO0lj/6DRg0HMeOANUjZVe3luRY2Xs6l6uE9HUhSIlb
U7THU3P8LDTdWqyQwtbItG3kSKi1IDkcLTtEp/CUWD98uADSTxQO9hF0bMEZ8ZSt
6Xq3DkCY8688aJeu2/YEIy4vnlsR5GXL1TWcbYz7iHPrZnLBwn8XIpVq/67hKCp+
J2H27RDbZHN158gwYIzmlMCcqrgcykLcnxOBwWSlF9mhDetVGgTVqYaKM2fzDl54
DPF4y0s=
-----END CERTIFICATE-----