Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a169fff4-b0ba-4608-ac66-57e3307d35f4.roa
File:                     a169fff4-b0ba-4608-ac66-57e3307d35f4.roa (raw, json)
Hash identifier:          5xS+Ad/bsg19KFJnheem4D743p4hadrMmXwxO2BcLss=
Subject key identifier:   33:97:E3:C9:EB:5D:47:83:22:76:C7:EC:D8:94:25:3F:A6:B7:A5:95
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4C72E740D93564CA33C8625D7FE3F580426246AE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a169fff4-b0ba-4608-ac66-57e3307d35f4.roa
Signing time:             Fri 20 Jan 2023 00:00:00 +0000
ROA not before:           Fri 20 Jan 2023 00:00:00 +0000
ROA not after:            Mon 23 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:72:e7:40:d9:35:64:ca:33:c8:62:5d:7f:e3:f5:80:42:62:46:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 20 00:00:00 2023 GMT
            Not After : Jan 23 23:59:59 2023 GMT
        Subject: serialNumber=95bcf12c33840a43b28580e6be6fbe21f955c67d8cf35bb17dd77aa4a8a97dc1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:16:d6:2c:ed:98:98:8b:c2:9c:5c:69:ab:ab:
                    61:20:7c:d3:3d:8b:1f:35:b3:20:39:67:1f:e5:1a:
                    3e:ff:99:ed:a7:18:8d:80:e4:1f:af:a3:98:5a:3e:
                    44:f6:49:a8:5b:7a:90:18:d7:66:df:b3:20:27:2f:
                    68:49:03:7c:2d:a3:2e:b7:57:9b:5d:85:74:d7:e1:
                    17:39:20:1d:eb:6b:ea:f7:ba:0a:a6:65:ff:7c:f7:
                    9a:d6:e3:55:db:d3:aa:a5:bb:88:08:78:d3:20:3b:
                    de:03:99:e5:20:4d:8f:b5:80:14:c3:10:ea:a4:04:
                    0a:49:82:25:a1:6e:10:48:e4:60:2b:f2:e3:87:83:
                    76:66:51:b4:90:89:2d:8e:f4:7f:99:ac:e8:b5:06:
                    56:bc:1d:57:b7:97:cf:df:db:a8:22:60:58:fb:d3:
                    7a:18:5f:4a:b4:9c:b2:ca:ee:9d:55:71:19:62:01:
                    a1:e5:01:09:03:8c:73:f0:fb:3c:0f:df:c8:b2:ad:
                    a7:09:4a:ec:d5:89:be:e9:b1:c4:3e:bd:fa:a7:c5:
                    77:3a:44:3d:0d:38:d3:d2:04:b8:a6:ba:39:64:d2:
                    1d:7d:88:c5:b5:60:7d:c2:5f:14:92:fa:bd:e4:d4:
                    70:5b:47:da:c7:fd:6f:ef:20:25:da:de:f4:59:ab:
                    bb:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:97:E3:C9:EB:5D:47:83:22:76:C7:EC:D8:94:25:3F:A6:B7:A5:95
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a169fff4-b0ba-4608-ac66-57e3307d35f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:e7:e8:3b:97:49:e7:7d:06:be:23:5a:88:a5:43:fb:f9:10:
         e3:f9:85:b3:9c:3d:ab:d5:49:80:bc:d6:3d:35:2a:a8:df:f4:
         a5:cf:d5:c9:84:86:61:53:e9:c1:4e:25:6f:14:98:38:ec:98:
         e3:5e:11:f6:bd:c4:f2:1d:d0:f0:a9:f2:6c:0c:4f:ca:63:3c:
         f0:04:72:d1:66:82:52:ed:ec:e8:95:e5:f0:1f:2f:6c:aa:7e:
         d2:06:73:17:41:1a:3b:85:da:88:8e:c0:8a:f0:e4:69:05:e6:
         70:38:10:4a:74:a2:48:83:79:ad:01:7f:e0:ba:6e:2b:c8:ba:
         ca:34:99:27:ae:9c:1f:c2:40:b2:53:a8:62:28:00:98:a6:86:
         ca:57:e3:5c:fe:2f:6b:ae:e8:cc:d0:e9:f0:aa:b8:5b:46:b9:
         b6:64:fa:64:66:f3:e8:d7:72:2b:f5:7c:91:ca:89:89:01:02:
         cd:58:f1:e7:36:77:52:3b:96:e7:fb:74:2b:3c:51:d5:df:7d:
         38:bf:ef:f1:94:05:c9:4e:a4:5a:cc:c8:c7:22:91:65:4d:3a:
         c2:9e:d4:42:75:27:80:05:88:ac:dc:2c:9f:27:19:f1:e3:65:
         cd:eb:80:24:30:a3:09:a3:95:a5:dc:6a:61:6e:9c:47:f1:5a:
         2b:91:e2:d7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTHLnQNk1ZMozyGJdf+P1gEJiRq4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTIwMDAwMDAwWhcNMjMwMTIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTViY2YxMmMzMzg0MGE0M2IyODU4MGU2YmU2ZmJlMjFm
OTU1YzY3ZDhjZjM1YmIxN2RkNzdhYTRhOGE5N2RjMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKMW1iztmJiLwpxcaaurYSB80z2LHzWzIDlnH+UaPv+Z7acYjYDk
H6+jmFo+RPZJqFt6kBjXZt+zICcvaEkDfC2jLrdXm12FdNfhFzkgHetr6ve6CqZl
/3z3mtbjVdvTqqW7iAh40yA73gOZ5SBNj7WAFMMQ6qQECkmCJaFuEEjkYCvy44eD
dmZRtJCJLY70f5ms6LUGVrwdV7eXz9/bqCJgWPvTehhfSrScssrunVVxGWIBoeUB
CQOMc/D7PA/fyLKtpwlK7NWJvumxxD69+qfFdzpEPQ0409IEuKa6OWTSHX2IxbVg
fcJfFJL6veTUcFtH2sf9b+8gJdre9FmruyMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQzl+PJ611HgyJ2x+zYlCU/prellTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTE2OWZmZjQtYjBiYS00NjA4LWFjNjYtNTdlMzMwN2QzNWY0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADTn6DuXSed9Br4j
WoilQ/v5EOP5hbOcPavVSYC81j01Kqjf9KXP1cmEhmFT6cFOJW8UmDjsmONeEfa9
xPId0PCp8mwMT8pjPPAEctFmglLt7OiV5fAfL2yqftIGcxdBGjuF2oiOwIrw5GkF
5nA4EEp0okiDea0Bf+C6bivIuso0mSeunB/CQLJTqGIoAJimhspX41z+L2uu6MzQ
6fCquFtGubZk+mRm8+jXciv1fJHKiYkBAs1Y8ec2d1I7luf7dCs8UdXffTi/7/GU
BclOpFrMyMcikWVNOsKe1EJ1J4AFiKzcLJ8nGfHjZc3rgCQwowmjlaXcamFunEfx
WiuR4tc=
-----END CERTIFICATE-----