Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/af83fe45-a972-4949-8324-8f812ceb8d06.roa
File:                     af83fe45-a972-4949-8324-8f812ceb8d06.roa (raw, json)
Hash identifier:          0j9UzzpRaz9p5GT51qI6Kv1DuXNJdRPshGdKUO13qLc=
Subject key identifier:   06:11:C1:C8:C4:78:B4:DF:84:4C:03:BE:53:90:F9:02:35:1E:06:63
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       69734B1B3D1EA6D54E813E86F723922F9E619DEB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/af83fe45-a972-4949-8324-8f812ceb8d06.roa
Signing time:             Mon 06 Mar 2023 00:00:00 +0000
ROA not before:           Mon 06 Mar 2023 00:00:00 +0000
ROA not after:            Thu 09 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:73:4b:1b:3d:1e:a6:d5:4e:81:3e:86:f7:23:92:2f:9e:61:9d:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  6 00:00:00 2023 GMT
            Not After : Mar  9 23:59:59 2023 GMT
        Subject: serialNumber=ffca9ce3f427ff936595192ccddd8ef886113e4533bf1a4f4b6c784f7de30329, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:62:6d:c6:ba:b1:f5:a3:bb:eb:ee:3a:46:00:
                    d8:24:ce:4a:6c:b0:d6:2c:fe:6a:86:15:ad:b0:f6:
                    9c:5d:e2:14:19:e1:88:88:70:ab:7f:fe:5d:55:fb:
                    a7:38:f6:6f:57:32:c6:78:21:12:5c:e4:b5:b7:03:
                    82:3a:00:fc:34:9e:e2:9b:63:ab:a5:01:8b:1e:1d:
                    85:08:01:32:52:cf:d3:ac:ba:d4:09:79:37:67:8e:
                    be:f0:03:5f:69:60:54:ee:5f:bc:76:f8:4c:75:5e:
                    ba:0e:d5:b9:91:6a:6a:99:cd:05:2b:71:7d:f9:fb:
                    8a:d3:a5:02:11:e7:07:eb:6d:8d:00:d4:5e:fe:08:
                    ef:74:b5:33:ce:31:f6:12:cf:ce:91:c2:72:d2:58:
                    3e:ea:cb:8c:bc:ba:79:ea:14:f7:f6:60:25:86:c1:
                    3b:cb:2c:c0:73:b5:7b:4e:49:ef:39:a8:ab:02:cc:
                    bb:c2:59:ab:f6:86:b2:b7:99:49:de:bc:59:26:68:
                    0f:3f:4d:bc:d3:0d:1c:07:fd:d0:64:11:19:ba:c1:
                    31:29:a4:74:93:91:c9:ab:70:51:d3:82:df:1a:1d:
                    70:28:81:b2:8c:76:b4:84:7b:bc:9c:bc:af:70:9f:
                    a0:f2:75:df:f6:9f:6f:5d:8e:6b:60:a7:f4:bc:d6:
                    80:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:11:C1:C8:C4:78:B4:DF:84:4C:03:BE:53:90:F9:02:35:1E:06:63
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/af83fe45-a972-4949-8324-8f812ceb8d06.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:cf:bf:4e:a9:49:b3:62:f1:d1:8b:81:b7:97:32:60:86:5b:
         25:c5:67:9e:42:bd:6a:29:9a:3b:37:45:b0:02:20:57:44:f0:
         c8:37:c1:f8:f0:81:80:d4:37:99:a3:24:7e:0a:e8:2e:19:2d:
         93:0a:e3:4f:15:37:15:0e:f9:7c:df:71:4d:9f:5d:86:9c:e0:
         59:7d:84:f7:5b:9d:b1:16:8a:1e:4d:90:4c:2c:c8:eb:58:c8:
         60:93:ab:85:a0:f8:c6:d9:68:45:c5:b0:74:cc:45:4b:71:39:
         8b:27:3d:c3:bd:19:6b:d1:29:c4:fd:e3:c5:22:fb:8b:40:4e:
         29:b2:ff:df:30:3b:82:76:27:45:ad:e5:d2:f9:8d:86:6d:8d:
         42:bc:94:99:cc:b2:fb:11:fd:b2:41:2b:a4:51:df:e2:8d:45:
         bf:b3:16:f5:93:10:49:b0:57:53:1b:6b:1f:46:87:61:fa:9b:
         7e:c9:85:4b:29:b9:d0:4e:51:c2:47:9f:66:f2:23:38:a2:e6:
         04:ee:68:41:bf:fd:db:ca:a7:04:04:de:e9:61:4f:dd:cd:10:
         22:ba:81:0a:f7:43:0a:9a:df:0c:63:9f:b3:d5:5b:f3:36:0f:
         f2:27:ab:b7:87:d5:5b:0f:81:15:2f:a4:38:91:45:78:a4:df:
         ae:a7:bc:81
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUaXNLGz0eptVOgT6G9yOSL55hneswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA2MDAwMDAwWhcNMjMwMzA5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmZjYTljZTNmNDI3ZmY5MzY1OTUxOTJjY2RkZDhlZjg4
NjExM2U0NTMzYmYxYTRmNGI2Yzc4NGY3ZGUzMDMyOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJpibca6sfWju+vuOkYA2CTOSmyw1iz+aoYVrbD2nF3iFBnhiIhw
q3/+XVX7pzj2b1cyxnghElzktbcDgjoA/DSe4ptjq6UBix4dhQgBMlLP06y61Al5
N2eOvvADX2lgVO5fvHb4THVeug7VuZFqapnNBStxffn7itOlAhHnB+ttjQDUXv4I
73S1M84x9hLPzpHCctJYPurLjLy6eeoU9/ZgJYbBO8sswHO1e05J7zmoqwLMu8JZ
q/aGsreZSd68WSZoDz9NvNMNHAf90GQRGbrBMSmkdJORyatwUdOC3xodcCiBsox2
tIR7vJy8r3CfoPJ13/afb12Oa2Cn9LzWgCMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQGEcHIxHi034RMA75TkPkCNR4GYzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWY4M2ZlNDUtYTk3Mi00OTQ5LTgzMjQtOGY4MTJjZWI4ZDA2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEbPv06pSbNi8dGL
gbeXMmCGWyXFZ55CvWopmjs3RbACIFdE8Mg3wfjwgYDUN5mjJH4K6C4ZLZMK408V
NxUO+XzfcU2fXYac4Fl9hPdbnbEWih5NkEwsyOtYyGCTq4Wg+MbZaEXFsHTMRUtx
OYsnPcO9GWvRKcT948Ui+4tATimy/98wO4J2J0Wt5dL5jYZtjUK8lJnMsvsR/bJB
K6RR3+KNRb+zFvWTEEmwV1Mbax9Gh2H6m37JhUspudBOUcJHn2byIzii5gTuaEG/
/dvKpwQE3ulhT93NECK6gQr3Qwqa3wxjn7PVW/M2D/Inq7eH1VsPgRUvpDiRRXik
366nvIE=
-----END CERTIFICATE-----