Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8ec59c8b-984c-4ed6-8e2b-de8417678959.roa
File:                     8ec59c8b-984c-4ed6-8e2b-de8417678959.roa (raw, json)
Hash identifier:          H2wkjyNjahhTb7I/GxpDvkBjiJF65tYZRlu9zohIr3A=
Subject key identifier:   11:F5:96:0C:63:49:DA:37:F3:57:89:7C:41:4F:65:AE:E6:75:C7:6D
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       51ED64EDACD4875F3DE2754401BA277D6F55FD14
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8ec59c8b-984c-4ed6-8e2b-de8417678959.roa
Signing time:             Wed 15 Mar 2023 00:00:00 +0000
ROA not before:           Wed 15 Mar 2023 00:00:00 +0000
ROA not after:            Sat 18 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ed:64:ed:ac:d4:87:5f:3d:e2:75:44:01:ba:27:7d:6f:55:fd:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 15 00:00:00 2023 GMT
            Not After : Mar 18 23:59:59 2023 GMT
        Subject: serialNumber=68bb7cd7ff3f8b274781f89c6d7aa2807cc5c45363270d75f179ffa546167f55, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:47:fb:52:40:71:30:1e:e1:de:b6:c2:01:40:
                    37:2f:da:50:7f:45:52:5e:20:64:02:b6:57:2e:c8:
                    90:40:c6:84:73:69:fa:db:4c:8a:b7:cd:98:6c:1a:
                    4f:f0:56:13:64:13:77:02:e8:47:8a:b0:36:c4:5f:
                    e7:43:f8:9a:1c:61:91:c8:7f:b0:9c:c2:70:ec:07:
                    49:42:0d:f6:65:d3:15:79:7b:65:8f:cb:dd:21:3c:
                    3d:32:44:da:b0:f7:3a:cb:c1:27:36:b8:2a:50:75:
                    ec:f8:a5:60:c2:30:e0:5c:64:2f:d9:df:f1:60:ae:
                    f1:e5:ef:36:52:8c:18:a6:aa:67:1d:f7:e5:3e:1f:
                    8c:3f:51:c1:74:9c:95:0b:14:c0:82:6c:bb:f0:67:
                    1d:12:0c:d2:89:3e:66:f8:ae:74:b8:b8:88:ea:b1:
                    9f:38:79:7d:d7:ac:f7:4d:1b:ee:fb:66:14:d1:fa:
                    59:89:7a:fc:d0:68:f4:b8:50:c5:7b:59:29:90:04:
                    68:7e:5a:07:64:b9:05:10:5b:45:b0:2e:85:35:17:
                    bb:ab:08:5b:ab:e9:3d:8a:aa:a2:7d:1c:53:6f:29:
                    da:fe:6a:5f:35:08:05:8b:54:a5:75:f4:ab:ac:d2:
                    14:c9:67:e3:74:0f:e6:7b:69:ee:47:6e:e4:57:96:
                    c3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F5:96:0C:63:49:DA:37:F3:57:89:7C:41:4F:65:AE:E6:75:C7:6D
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8ec59c8b-984c-4ed6-8e2b-de8417678959.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:36:41:6b:e2:ff:f9:c1:f2:41:14:40:b8:98:da:73:44:17:
         29:c3:4c:ca:a6:15:a9:8b:95:7b:21:da:e8:64:ec:e1:17:4b:
         1b:59:d2:9e:0b:f1:7f:02:44:c2:38:0e:5a:e0:63:02:a3:73:
         aa:5a:12:06:d9:cd:22:09:d9:af:4e:34:df:f1:a0:34:ed:01:
         18:9b:a2:9c:d8:e2:b8:33:a5:d7:5f:c2:db:cb:ea:fb:1c:01:
         8f:78:24:b2:f9:74:6b:34:32:33:af:da:b4:0b:78:5f:09:63:
         ca:5b:c1:06:89:89:57:a7:c2:ef:9b:1c:6c:99:22:b4:e1:67:
         e2:d0:12:d2:9c:38:eb:57:63:3f:45:85:c1:8c:7e:0c:f4:eb:
         ec:78:7d:41:19:c5:84:46:8c:fe:95:53:2b:05:b5:75:e2:f6:
         0c:4d:c1:a4:04:95:79:a0:45:21:9b:a3:f9:08:9f:bb:83:94:
         64:5e:cb:65:3e:d3:f4:5a:f0:4a:a8:1b:66:a8:ff:2c:53:69:
         31:a2:6e:bf:e1:e7:3c:1a:55:f9:94:f6:2f:43:76:13:d4:3c:
         aa:1d:f5:49:3c:d1:6c:a4:51:f4:69:8d:7e:dc:a9:50:4d:bd:
         cc:fb:a3:db:bc:d0:db:9e:3a:ac:e1:3f:75:1b:e6:9d:4b:24:
         3e:67:6a:7f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUe1k7azUh1894nVEAbonfW9V/RQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE1MDAwMDAwWhcNMjMwMzE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjhiYjdjZDdmZjNmOGIyNzQ3ODFmODljNmQ3YWEyODA3
Y2M1YzQ1MzYzMjcwZDc1ZjE3OWZmYTU0NjE2N2Y1NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALZH+1JAcTAe4d62wgFANy/aUH9FUl4gZAK2Vy7IkEDGhHNp+ttM
irfNmGwaT/BWE2QTdwLoR4qwNsRf50P4mhxhkch/sJzCcOwHSUIN9mXTFXl7ZY/L
3SE8PTJE2rD3OsvBJza4KlB17PilYMIw4FxkL9nf8WCu8eXvNlKMGKaqZx335T4f
jD9RwXSclQsUwIJsu/BnHRIM0ok+ZviudLi4iOqxnzh5fdes900b7vtmFNH6WYl6
/NBo9LhQxXtZKZAEaH5aB2S5BRBbRbAuhTUXu6sIW6vpPYqqon0cU28p2v5qXzUI
BYtUpXX0q6zSFMln43QP5ntp7kdu5FeWwwECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQR9ZYMY0naN/NXiXxBT2Wu5nXHbTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGVjNTljOGItOTg0Yy00ZWQ2LThlMmItZGU4NDE3Njc4OTU5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG02QWvi//nB8kEU
QLiY2nNEFynDTMqmFamLlXsh2uhk7OEXSxtZ0p4L8X8CRMI4DlrgYwKjc6paEgbZ
zSIJ2a9ONN/xoDTtARibopzY4rgzpddfwtvL6vscAY94JLL5dGs0MjOv2rQLeF8J
Y8pbwQaJiVenwu+bHGyZIrThZ+LQEtKcOOtXYz9FhcGMfgz06+x4fUEZxYRGjP6V
UysFtXXi9gxNwaQElXmgRSGbo/kIn7uDlGRey2U+0/Ra8EqoG2ao/yxTaTGibr/h
5zwaVfmU9i9DdhPUPKod9Uk80WykUfRpjX7cqVBNvcz7o9u80NueOqzhP3Ub5p1L
JD5nan8=
-----END CERTIFICATE-----