Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/95dd2108-cda8-447e-bb27-429963875eef.roa
File:                     95dd2108-cda8-447e-bb27-429963875eef.roa (raw, json)
Hash identifier:          9qqHLx98I8CZVk5KKQsSewwr0mDDhMzkXGK5onP9/Kg=
Subject key identifier:   D8:06:E4:B1:45:90:C0:13:38:97:55:6C:D3:E1:5B:ED:8A:19:7F:31
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       28D86E65879596EB8916D43B04075A3FCA8B95CA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/95dd2108-cda8-447e-bb27-429963875eef.roa
Signing time:             Sat 04 Feb 2023 00:00:00 +0000
ROA not before:           Sat 04 Feb 2023 00:00:00 +0000
ROA not after:            Tue 07 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:d8:6e:65:87:95:96:eb:89:16:d4:3b:04:07:5a:3f:ca:8b:95:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb  4 00:00:00 2023 GMT
            Not After : Feb  7 23:59:59 2023 GMT
        Subject: serialNumber=3a62d35ac3f9d5bf2b823fe011bb95f1535418d3eced2530f006d0b867d15312, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:37:6c:ca:4f:1a:2a:cb:0d:fe:e3:c0:ae:f1:
                    37:b2:4a:6b:aa:86:b0:5b:78:07:f4:41:40:db:98:
                    b6:fa:2b:bd:f0:fd:69:e0:12:ee:d6:a5:75:b6:9a:
                    89:67:78:18:9f:f7:7c:73:9d:47:79:d4:98:60:da:
                    a2:3e:27:8c:a3:6a:76:3e:dd:8d:9c:4f:51:e7:de:
                    a7:c4:d9:63:d3:63:52:9d:f4:6a:f4:0e:cd:06:f5:
                    0f:91:ed:28:93:65:c7:12:e1:eb:b8:01:72:56:d7:
                    87:0c:50:cd:2f:19:be:06:36:18:d0:76:87:76:d2:
                    ff:35:31:dc:d7:51:c3:52:a8:e9:28:81:f5:35:11:
                    be:2e:b7:b1:79:ea:b3:f8:c1:02:6f:51:74:bb:96:
                    1a:33:be:de:b4:1d:ff:12:19:82:95:79:06:d8:04:
                    7f:3d:16:a5:ef:e7:80:80:ba:b0:a4:32:be:3e:3d:
                    f5:25:37:c2:7e:a5:97:16:8f:b4:b6:39:87:63:5c:
                    52:ad:63:bb:bb:81:11:37:03:e5:29:54:97:f0:b3:
                    0b:16:b7:c8:d3:a6:b9:33:eb:b0:8e:d1:fc:a0:a1:
                    1e:41:be:c0:d2:6a:b4:ac:b1:b8:33:23:00:25:3d:
                    7e:61:dc:71:4e:b1:ad:47:d1:d2:9b:ec:e4:cb:cd:
                    05:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:06:E4:B1:45:90:C0:13:38:97:55:6C:D3:E1:5B:ED:8A:19:7F:31
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/95dd2108-cda8-447e-bb27-429963875eef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:99:7d:88:41:09:0c:e8:c4:6f:9b:98:6f:c9:40:6e:5d:14:
         f9:ff:d3:8b:fe:c3:69:57:ef:f8:83:24:aa:2b:2d:42:ad:43:
         f0:c7:e3:5c:a6:68:68:d2:76:dd:ac:bf:94:69:bb:7a:5a:e9:
         5c:13:44:18:a9:6e:91:c5:06:55:0d:a2:15:8c:20:57:0f:41:
         da:ef:6b:04:a7:8f:0b:0c:47:f8:3d:45:ac:b7:17:86:cd:f7:
         2a:04:5d:72:b4:ec:ca:1a:c1:ff:cc:1f:d5:a8:f6:1f:81:1e:
         9f:0b:21:60:52:80:75:13:5a:58:69:ef:4a:8f:4a:37:08:1d:
         23:55:43:0a:3e:bf:c8:23:4b:fc:91:1d:12:36:cb:9e:e4:0a:
         88:f5:5b:c9:92:23:db:59:0d:9c:3c:83:e7:c1:9e:cf:e7:97:
         96:92:38:60:e7:86:e4:15:56:d2:3e:07:a0:a7:da:f5:97:d8:
         bf:15:90:2c:78:50:7d:3b:cc:dd:39:52:8c:d0:02:65:e6:b0:
         9a:5a:da:75:6f:bd:ae:4c:32:3a:e7:0c:ba:6c:5b:c7:32:47:
         8b:db:6d:12:c9:23:c4:6b:d1:4f:8b:4a:4a:2d:e9:d9:18:f6:
         23:81:b5:ee:70:6b:7f:4d:38:41:b5:69:a7:0d:67:ff:de:c0:
         b2:ca:73:38
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKNhuZYeVluuJFtQ7BAdaP8qLlcowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjA0MDAwMDAwWhcNMjMwMjA3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2E2MmQzNWFjM2Y5ZDViZjJiODIzZmUwMTFiYjk1ZjE1
MzU0MThkM2VjZWQyNTMwZjAwNmQwYjg2N2QxNTMxMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPU3bMpPGirLDf7jwK7xN7JKa6qGsFt4B/RBQNuYtvorvfD9aeAS
7taldbaaiWd4GJ/3fHOdR3nUmGDaoj4njKNqdj7djZxPUefep8TZY9NjUp30avQO
zQb1D5HtKJNlxxLh67gBclbXhwxQzS8ZvgY2GNB2h3bS/zUx3NdRw1Ko6SiB9TUR
vi63sXnqs/jBAm9RdLuWGjO+3rQd/xIZgpV5BtgEfz0Wpe/ngIC6sKQyvj499SU3
wn6llxaPtLY5h2NcUq1ju7uBETcD5SlUl/CzCxa3yNOmuTPrsI7R/KChHkG+wNJq
tKyxuDMjACU9fmHccU6xrUfR0pvs5MvNBSsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTYBuSxRZDAEziXVWzT4Vvtihl/MTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTVkZDIxMDgtY2RhOC00NDdlLWJiMjctNDI5OTYzODc1ZWVmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGeZfYhBCQzoxG+b
mG/JQG5dFPn/04v+w2lX7/iDJKorLUKtQ/DH41ymaGjSdt2sv5Rpu3pa6VwTRBip
bpHFBlUNohWMIFcPQdrvawSnjwsMR/g9Ray3F4bN9yoEXXK07Moawf/MH9Wo9h+B
Hp8LIWBSgHUTWlhp70qPSjcIHSNVQwo+v8gjS/yRHRI2y57kCoj1W8mSI9tZDZw8
g+fBns/nl5aSOGDnhuQVVtI+B6Cn2vWX2L8VkCx4UH07zN05UozQAmXmsJpa2nVv
va5MMjrnDLpsW8cyR4vbbRLJI8Rr0U+LSkot6dkY9iOBte5wa39NOEG1aacNZ//e
wLLKczg=
-----END CERTIFICATE-----