Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b5a58d65-dd69-4227-873f-e984bbf8469b.roa
File:                     b5a58d65-dd69-4227-873f-e984bbf8469b.roa (raw, json)
Hash identifier:          YzyYUdc0gqtxougsDTgQ0ksA1k7OboOCHUEwmXorfgM=
Subject key identifier:   9F:8D:91:D7:8E:69:69:C5:CC:6E:86:84:D5:E6:97:0A:D3:23:59:30
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       30A85FD13B7A4678CB17A065B6FC678011BBA41C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b5a58d65-dd69-4227-873f-e984bbf8469b.roa
Signing time:             Thu 18 May 2023 00:00:00 +0000
ROA not before:           Thu 18 May 2023 00:00:00 +0000
ROA not after:            Sun 21 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:a8:5f:d1:3b:7a:46:78:cb:17:a0:65:b6:fc:67:80:11:bb:a4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 18 00:00:00 2023 GMT
            Not After : May 21 23:59:59 2023 GMT
        Subject: serialNumber=d70ec38b5c1eb1b17d5e0d3ffb2f9d8f73274955dbbb57200e7828a25212e68a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f0:ca:79:e4:09:08:cd:6f:80:58:1b:cf:1d:
                    2f:16:ae:02:5a:4c:31:02:b3:df:c7:57:a4:28:e2:
                    6c:c0:71:44:aa:bd:10:41:1e:19:74:0c:09:69:a3:
                    05:de:fa:cc:af:a4:e4:56:3c:57:31:80:2b:16:5b:
                    20:a8:59:40:a4:26:80:af:2e:0c:25:0a:db:ce:3f:
                    92:02:6c:89:2e:ab:66:db:50:8f:71:94:30:df:5b:
                    2e:ba:2a:a3:a0:a5:9b:f6:36:92:68:f7:07:bd:50:
                    08:25:48:c9:05:7c:3c:99:2b:ae:e3:08:9b:6c:fd:
                    0f:67:42:5d:78:6b:ea:47:58:7c:13:40:ae:7f:bd:
                    52:7a:22:a8:ce:2e:6c:14:b0:ea:69:36:3d:79:ad:
                    d9:06:16:85:79:14:1f:cc:e9:b4:8e:5e:6f:3a:f2:
                    0d:b4:d5:06:d0:72:18:73:53:99:24:1c:6f:ab:e2:
                    ad:b9:be:c1:e4:93:96:af:41:de:53:4e:c8:35:bf:
                    81:00:af:dc:47:8d:ac:8a:12:37:46:7e:a8:5b:65:
                    56:22:18:10:c0:09:75:49:a7:1e:3f:a8:f4:6b:42:
                    73:64:68:91:0a:b3:cc:7e:af:ab:23:fd:21:88:3a:
                    73:91:3d:c2:14:3f:93:5b:fb:55:64:66:1c:bd:c3:
                    79:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:8D:91:D7:8E:69:69:C5:CC:6E:86:84:D5:E6:97:0A:D3:23:59:30
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b5a58d65-dd69-4227-873f-e984bbf8469b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:93:d5:b0:49:dd:49:98:55:65:7a:c7:5f:25:57:b7:4d:ff:
         91:01:8f:dc:cd:4b:d7:f0:5d:0f:55:15:da:90:67:9c:77:2d:
         6b:0b:8e:66:d4:b2:52:fc:4e:7c:26:c9:a9:6c:3a:9e:5d:d9:
         74:62:ea:ba:5a:9c:fb:f6:b2:c7:62:d4:30:6a:03:11:c3:61:
         b0:d1:50:09:89:ca:08:b7:b9:f6:26:28:ea:d6:df:5c:85:fd:
         63:f0:61:c2:3e:34:1d:37:27:e7:01:e3:16:6a:3c:3d:2d:8f:
         86:7e:6a:98:db:52:b2:f1:fb:16:41:79:fa:b9:c8:cb:0c:c8:
         c6:00:af:b3:b0:fe:8e:eb:7d:d4:28:82:87:f0:77:56:20:58:
         06:2c:0b:98:b4:9b:81:7d:bc:45:46:54:4f:a0:b1:08:92:ce:
         e8:f7:83:be:a9:07:f2:67:b1:b9:80:87:11:d0:55:65:46:b5:
         1e:aa:e6:d2:be:14:78:fe:ab:cf:16:5a:44:3f:51:2d:80:ca:
         f3:a7:4a:c0:35:f3:00:b6:db:36:d3:10:ab:91:5a:98:53:6f:
         e2:c1:a3:94:89:55:ba:83:af:fd:83:3d:46:c4:56:e1:40:63:
         0f:66:04:ca:7d:c9:b6:08:a7:da:dc:69:46:c4:5f:a0:57:80:
         01:ea:43:b0
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMKhf0Tt6RnjLF6BltvxngBG7pBwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE4MDAwMDAwWhcNMjMwNTIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDcwZWMzOGI1YzFlYjFiMTdkNWUwZDNmZmIyZjlkOGY3
MzI3NDk1NWRiYmI1NzIwMGU3ODI4YTI1MjEyZTY4YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJPwynnkCQjNb4BYG88dLxauAlpMMQKz38dXpCjibMBxRKq9EEEe
GXQMCWmjBd76zK+k5FY8VzGAKxZbIKhZQKQmgK8uDCUK284/kgJsiS6rZttQj3GU
MN9bLroqo6Clm/Y2kmj3B71QCCVIyQV8PJkrruMIm2z9D2dCXXhr6kdYfBNArn+9
UnoiqM4ubBSw6mk2PXmt2QYWhXkUH8zptI5ebzryDbTVBtByGHNTmSQcb6virbm+
weSTlq9B3lNOyDW/gQCv3EeNrIoSN0Z+qFtlViIYEMAJdUmnHj+o9GtCc2RokQqz
zH6vqyP9IYg6c5E9whQ/k1v7VWRmHL3DeUkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSfjZHXjmlpxcxuhoTV5pcK0yNZMDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjVhNThkNjUtZGQ2OS00MjI3LTg3M2YtZTk4NGJiZjg0NjliLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACmT1bBJ3UmYVWV6
x18lV7dN/5EBj9zNS9fwXQ9VFdqQZ5x3LWsLjmbUslL8TnwmyalsOp5d2XRi6rpa
nPv2ssdi1DBqAxHDYbDRUAmJygi3ufYmKOrW31yF/WPwYcI+NB03J+cB4xZqPD0t
j4Z+apjbUrLx+xZBefq5yMsMyMYAr7Ow/o7rfdQogofwd1YgWAYsC5i0m4F9vEVG
VE+gsQiSzuj3g76pB/JnsbmAhxHQVWVGtR6q5tK+FHj+q88WWkQ/US2AyvOnSsA1
8wC22zbTEKuRWphTb+LBo5SJVbqDr/2DPUbEVuFAYw9mBMp9ybYIp9rcaUbEX6BX
gAHqQ7A=
-----END CERTIFICATE-----