Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bd3949a3-a6f7-4528-af7c-ff16147f8468.roa
File:                     bd3949a3-a6f7-4528-af7c-ff16147f8468.roa (raw, json)
Hash identifier:          lPoLJE2vrHCHpTTDIv/24Pk+TFohSdCJAGq8CmzlQQw=
Subject key identifier:   26:C4:C9:2F:DB:40:68:06:24:45:72:DD:6B:1C:CA:7F:5B:47:11:85
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1E0AB4DC107AF4E4EA1EA7CBCCAEBFED061F76C1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bd3949a3-a6f7-4528-af7c-ff16147f8468.roa
Signing time:             Tue 23 May 2023 00:00:00 +0000
ROA not before:           Tue 23 May 2023 00:00:00 +0000
ROA not after:            Fri 26 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:0a:b4:dc:10:7a:f4:e4:ea:1e:a7:cb:cc:ae:bf:ed:06:1f:76:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 23 00:00:00 2023 GMT
            Not After : May 26 23:59:59 2023 GMT
        Subject: serialNumber=e9c22e07a1e99f5aea6607b0d8084f12885255f330c098a5404ec03cfd7592f2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:27:70:75:62:96:fe:e9:20:0f:5b:ad:4a:5c:
                    50:1e:f7:ac:3b:a5:60:d1:c2:ad:27:44:0c:0d:99:
                    2f:6e:fb:f6:a1:78:33:2a:22:80:1a:86:a3:d1:06:
                    5d:8a:ea:f8:3e:a6:30:f9:95:65:ca:96:8d:1f:e6:
                    b2:8e:3e:f3:33:90:39:23:ec:c9:d9:f4:ce:59:28:
                    09:38:da:3d:22:5f:c5:9a:f0:fa:87:ca:1b:a1:be:
                    76:08:68:65:d2:2b:bb:68:2a:26:6f:13:0f:b0:11:
                    04:a5:87:a8:55:3f:42:a5:b5:ed:59:11:8f:30:3b:
                    20:f1:15:27:b5:d6:e7:62:31:b5:5c:81:71:f4:e8:
                    28:b7:e5:a4:39:55:bf:c7:96:a2:f8:a2:df:24:83:
                    c0:34:d0:c6:bf:a0:c6:f7:8b:b7:c2:65:0f:17:50:
                    f8:ad:86:da:8e:7d:9a:a1:4b:bd:6a:99:61:69:8f:
                    46:57:de:16:31:63:fe:5a:2c:38:2b:86:8a:25:32:
                    80:69:7b:fd:c2:66:ce:30:76:c4:79:22:c2:c4:cd:
                    a7:7f:97:f6:a1:13:84:ef:c8:2b:b7:6a:bc:ec:75:
                    f5:68:86:0a:92:d7:66:23:00:a3:69:2d:88:3d:0b:
                    08:4e:8c:b5:f9:9a:01:35:19:f4:80:69:a6:4d:52:
                    a1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C4:C9:2F:DB:40:68:06:24:45:72:DD:6B:1C:CA:7F:5B:47:11:85
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bd3949a3-a6f7-4528-af7c-ff16147f8468.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:83:cf:65:1d:8d:08:da:21:c8:d6:e4:42:97:96:6b:7f:cf:
         fe:78:62:8f:c3:67:31:6f:d7:cd:8a:c8:6c:b9:75:03:9b:2e:
         7f:45:76:1b:5f:e0:ce:ba:fe:18:54:95:6c:47:39:33:fd:d9:
         04:a2:2b:5c:71:58:e1:ab:b8:61:43:82:46:c3:c5:7d:f3:07:
         bd:0b:43:61:2f:d4:7f:92:bf:16:4c:f3:6a:37:1c:1b:88:2c:
         dc:16:76:13:7e:a1:b6:c4:7d:d4:71:9c:c6:0d:bd:8a:4d:5d:
         ae:9d:ef:03:14:6d:3e:e3:f9:90:12:2b:8a:7d:ac:0c:2c:b8:
         68:14:76:91:4e:58:d3:5a:ad:e8:dc:c9:dd:6e:63:58:53:a2:
         1f:f5:4a:fb:fb:cd:67:b4:36:63:1a:cf:db:ec:94:c8:e9:da:
         84:ff:dd:b4:74:f8:c3:08:97:9c:a7:46:79:e7:2e:fc:d1:87:
         d7:86:e7:17:0e:6a:b7:0a:2c:1c:57:32:e6:b0:49:21:26:82:
         ed:89:9a:16:cd:07:b6:e7:44:55:43:2e:d4:22:45:92:e2:55:
         6e:b4:72:df:ad:8a:78:b8:89:47:a5:12:c8:cd:78:d1:cd:00:
         35:4b:96:ee:d3:82:a2:05:b1:ae:39:e7:fe:93:28:e5:28:0b:
         8b:b3:72:f8
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHgq03BB69OTqHqfLzK6/7QYfdsEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIzMDAwMDAwWhcNMjMwNTI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTljMjJlMDdhMWU5OWY1YWVhNjYwN2IwZDgwODRmMTI4
ODUyNTVmMzMwYzA5OGE1NDA0ZWMwM2NmZDc1OTJmMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALMncHVilv7pIA9brUpcUB73rDulYNHCrSdEDA2ZL2779qF4Myoi
gBqGo9EGXYrq+D6mMPmVZcqWjR/mso4+8zOQOSPsydn0zlkoCTjaPSJfxZrw+ofK
G6G+dghoZdIru2gqJm8TD7ARBKWHqFU/QqW17VkRjzA7IPEVJ7XW52IxtVyBcfTo
KLflpDlVv8eWovii3ySDwDTQxr+gxveLt8JlDxdQ+K2G2o59mqFLvWqZYWmPRlfe
FjFj/losOCuGiiUygGl7/cJmzjB2xHkiwsTNp3+X9qEThO/IK7dqvOx19WiGCpLX
ZiMAo2ktiD0LCE6MtfmaATUZ9IBppk1SoScCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQmxMkv20BoBiRFct1rHMp/W0cRhTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmQzOTQ5YTMtYTZmNy00NTI4LWFmN2MtZmYxNjE0N2Y4NDY4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG6Dz2UdjQjaIcjW
5EKXlmt/z/54Yo/DZzFv182KyGy5dQObLn9Fdhtf4M66/hhUlWxHOTP92QSiK1xx
WOGruGFDgkbDxX3zB70LQ2Ev1H+SvxZM82o3HBuILNwWdhN+obbEfdRxnMYNvYpN
Xa6d7wMUbT7j+ZASK4p9rAwsuGgUdpFOWNNarejcyd1uY1hToh/1Svv7zWe0NmMa
z9vslMjp2oT/3bR0+MMIl5ynRnnnLvzRh9eG5xcOarcKLBxXMuawSSEmgu2JmhbN
B7bnRFVDLtQiRZLiVW60ct+tini4iUelEsjNeNHNADVLlu7TgqIFsa455/6TKOUo
C4uzcvg=
-----END CERTIFICATE-----