Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/98de140d-bd86-474e-acb9-c5b9081720c7.roa
File:                     98de140d-bd86-474e-acb9-c5b9081720c7.roa (raw, json)
Hash identifier:          RQ+RqusSZCxYkORfjOhtSe66Dle1exzgTG+hh1MWnW0=
Subject key identifier:   98:91:FF:70:60:90:16:6E:F8:0E:DE:C0:50:53:A4:40:33:EA:44:73
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0E97103428B1E2F394D44F0024CE6B4A1828854B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/98de140d-bd86-474e-acb9-c5b9081720c7.roa
Signing time:             Wed 22 Mar 2023 00:00:00 +0000
ROA not before:           Wed 22 Mar 2023 00:00:00 +0000
ROA not after:            Sat 25 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:97:10:34:28:b1:e2:f3:94:d4:4f:00:24:ce:6b:4a:18:28:85:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 22 00:00:00 2023 GMT
            Not After : Mar 25 23:59:59 2023 GMT
        Subject: serialNumber=a2038aa3ab2d752a7abd849563c3c0f8d7a81c9f8af1bb5ced0a9c802d90d567, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bf:43:5b:8f:ef:98:3f:d0:3d:7d:35:42:0a:
                    b3:bc:b7:4c:26:81:25:07:85:03:06:8d:6e:3f:33:
                    43:f2:c4:a2:a2:29:e3:a2:c0:05:70:4e:91:97:a1:
                    4d:9e:9b:c0:7c:91:d7:c4:84:4e:52:81:90:de:42:
                    f5:56:a0:f2:ed:0d:ef:15:e4:a5:ad:70:96:dc:99:
                    f0:4a:1d:d8:8c:4a:fc:82:3d:26:48:70:01:cb:53:
                    ef:b6:27:6e:42:ff:c7:b7:96:29:10:35:b5:f8:78:
                    ca:43:30:83:10:2b:e4:e1:73:32:fa:77:a4:3d:65:
                    2b:12:ae:ca:c4:9c:18:d8:c3:32:ae:28:fb:3b:13:
                    ce:ab:d9:fb:9d:f9:6b:c9:d9:2c:fb:f2:f9:e3:85:
                    fa:6c:d9:a9:77:4b:64:0d:7f:4f:e4:45:09:7f:01:
                    27:ef:fe:f7:ca:c8:e2:ad:68:d7:35:7d:00:7b:b8:
                    10:a7:85:a4:49:8e:97:b8:ec:62:37:e4:a7:f7:ff:
                    53:65:c3:23:47:5c:78:90:76:e1:f0:c0:ef:ab:3e:
                    de:ef:7e:83:7f:74:e0:ba:33:9c:41:af:aa:45:d8:
                    a1:b6:94:ef:e6:06:2a:78:99:e1:ca:c6:39:8a:4f:
                    10:c6:42:10:64:00:28:54:3e:89:53:33:84:91:24:
                    7e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:91:FF:70:60:90:16:6E:F8:0E:DE:C0:50:53:A4:40:33:EA:44:73
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/98de140d-bd86-474e-acb9-c5b9081720c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:b2:df:c3:5a:44:d5:a6:93:96:a3:be:cb:34:0b:34:cf:51:
         b2:4a:6c:82:70:c6:b2:22:1f:3b:84:88:c5:01:3c:77:35:35:
         5e:fe:36:4f:eb:d5:da:0d:cc:28:ec:91:24:61:e1:5c:b6:5d:
         9a:38:55:a5:89:64:5f:b3:ea:46:07:90:3e:1e:19:0a:6c:1a:
         1a:14:f6:8d:c5:ed:aa:ff:fc:84:6b:49:13:21:b8:b5:72:0e:
         91:fc:b2:dc:36:25:72:fb:d1:85:da:fe:90:9d:88:d8:e4:f8:
         c2:85:9d:ba:ee:94:ba:a8:47:2b:fc:68:67:7f:b2:55:a1:fb:
         15:22:f0:97:5e:76:b8:6e:1d:f6:68:8f:3b:6b:fa:3d:89:f4:
         b0:50:70:99:75:71:eb:4d:3b:5e:ca:f6:b7:7d:7f:07:b1:dd:
         8e:87:e1:49:a7:9d:ea:d9:23:70:6f:36:e0:a5:22:83:3b:c2:
         48:6c:4e:64:08:00:bd:54:5f:f3:d9:84:29:bd:30:e5:36:84:
         94:2e:e2:68:42:08:01:d7:c9:54:a0:41:f0:eb:3e:02:95:7d:
         b1:7d:0c:b4:4e:61:a0:fa:83:fe:1b:1b:b1:b9:57:a1:92:df:
         60:45:08:3e:51:2b:c2:e1:3f:44:81:1c:fe:29:9b:2a:c9:92:
         6e:d0:bc:4d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDpcQNCix4vOU1E8AJM5rShgohUswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIyMDAwMDAwWhcNMjMwMzI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTIwMzhhYTNhYjJkNzUyYTdhYmQ4NDk1NjNjM2MwZjhk
N2E4MWM5ZjhhZjFiYjVjZWQwYTljODAyZDkwZDU2NzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALK/Q1uP75g/0D19NUIKs7y3TCaBJQeFAwaNbj8zQ/LEoqIp46LA
BXBOkZehTZ6bwHyR18SETlKBkN5C9Vag8u0N7xXkpa1wltyZ8Eod2IxK/II9Jkhw
ActT77YnbkL/x7eWKRA1tfh4ykMwgxAr5OFzMvp3pD1lKxKuysScGNjDMq4o+zsT
zqvZ+535a8nZLPvy+eOF+mzZqXdLZA1/T+RFCX8BJ+/+98rI4q1o1zV9AHu4EKeF
pEmOl7jsYjfkp/f/U2XDI0dceJB24fDA76s+3u9+g3904LoznEGvqkXYobaU7+YG
KniZ4crGOYpPEMZCEGQAKFQ+iVMzhJEkfh8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSYkf9wYJAWbvgO3sBQU6RAM+pEczAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOThkZTE0MGQtYmQ4Ni00NzRlLWFjYjktYzViOTA4MTcyMGM3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJiy38NaRNWmk5aj
vss0CzTPUbJKbIJwxrIiHzuEiMUBPHc1NV7+Nk/r1doNzCjskSRh4Vy2XZo4VaWJ
ZF+z6kYHkD4eGQpsGhoU9o3F7ar//IRrSRMhuLVyDpH8stw2JXL70YXa/pCdiNjk
+MKFnbrulLqoRyv8aGd/slWh+xUi8JdedrhuHfZojztr+j2J9LBQcJl1cetNO17K
9rd9fwex3Y6H4UmnnerZI3BvNuClIoM7wkhsTmQIAL1UX/PZhCm9MOU2hJQu4mhC
CAHXyVSgQfDrPgKVfbF9DLROYaD6g/4bG7G5V6GS32BFCD5RK8LhP0SBHP4pmyrJ
km7QvE0=
-----END CERTIFICATE-----