Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c065e095-d139-4a17-aa67-5061db89df46.roa
File:                     c065e095-d139-4a17-aa67-5061db89df46.roa (raw, json)
Hash identifier:          MSK7OjGD9Plz+KfQzS6RJTBgLZjzkTnJXpTpIwkNfoY=
Subject key identifier:   ED:1D:B1:BC:13:8B:E4:2D:1B:0E:84:CA:62:FD:70:28:AF:48:14:C7
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6F2EB44886A377B639C6EC398FCBA7300EAD138E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c065e095-d139-4a17-aa67-5061db89df46.roa
Signing time:             Mon 06 Mar 2023 00:00:00 +0000
ROA not before:           Mon 06 Mar 2023 00:00:00 +0000
ROA not after:            Thu 09 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:2e:b4:48:86:a3:77:b6:39:c6:ec:39:8f:cb:a7:30:0e:ad:13:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  6 00:00:00 2023 GMT
            Not After : Mar  9 23:59:59 2023 GMT
        Subject: serialNumber=bc624d8c3ff3ada5af8366ad60155ae44641311687270ec952ec7806f1764095, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:84:a7:45:d0:88:7b:e1:ba:a2:3a:d8:de:08:
                    61:c0:48:e5:62:c1:2c:4c:ee:09:6d:58:43:f8:f7:
                    6a:7b:e0:02:c0:0e:56:65:4c:ae:61:29:38:0b:ff:
                    96:e8:e8:3d:cb:f0:09:f5:b8:87:98:cc:b5:ff:28:
                    e6:aa:5b:d6:b2:48:50:af:dd:51:01:3c:ab:06:ae:
                    9d:ae:07:ed:1d:a0:34:dc:b6:43:ca:da:02:26:fa:
                    b4:38:4a:d6:8e:53:7d:45:5d:9a:f4:64:d0:c7:79:
                    2f:ab:77:c5:a5:e8:61:b6:20:25:55:70:fb:50:f3:
                    f9:31:33:08:29:59:09:34:59:79:e4:3d:9d:7f:49:
                    35:c4:c1:7d:2c:66:58:a6:d9:0a:2e:07:5d:e7:d2:
                    c0:aa:ee:78:80:f3:ff:dd:20:9a:28:64:91:bd:c6:
                    21:14:25:f0:8e:6c:88:48:1b:02:c8:47:5a:f0:57:
                    49:2f:58:29:9b:0f:5f:37:28:13:38:3d:45:0c:8d:
                    de:79:2b:f2:81:d9:6e:17:3b:83:5b:6d:8f:78:e1:
                    c8:e6:35:b6:f5:dc:5b:14:f7:d6:4a:50:28:af:c3:
                    ff:33:1d:b5:fa:b2:5e:8e:7a:d1:da:48:03:bd:5a:
                    39:61:a5:44:56:c4:0e:30:99:9f:c6:01:5b:7e:60:
                    78:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:1D:B1:BC:13:8B:E4:2D:1B:0E:84:CA:62:FD:70:28:AF:48:14:C7
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c065e095-d139-4a17-aa67-5061db89df46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:94:c4:69:bd:6e:1e:87:63:64:65:b4:6f:39:2d:a1:ce:63:
         f4:48:14:00:cb:8a:72:d0:1f:e9:bb:63:1a:24:0a:72:10:4b:
         34:74:a1:45:f3:b9:43:45:46:33:14:71:83:8b:5a:da:de:4a:
         0f:79:5e:5b:6e:37:7c:95:20:46:9b:e1:70:6a:92:5e:9b:34:
         63:fa:18:89:ee:ea:31:69:e2:88:cf:79:4c:9c:11:4a:1d:15:
         e0:84:72:ae:99:4e:15:4b:76:ba:55:4b:e1:b3:9b:5d:5a:9c:
         b6:b7:9f:22:c8:56:25:72:0e:3a:12:13:2e:05:52:ab:5a:24:
         6a:95:aa:09:fa:11:71:ed:ef:9a:68:e5:2b:93:1c:db:ba:a2:
         21:f8:39:4b:3c:44:24:89:e5:5f:63:6c:3e:6d:2f:46:fd:3e:
         14:5b:79:c6:16:e4:a5:82:49:cb:8d:27:e6:07:da:9d:11:1c:
         f9:3d:5a:d8:ef:52:54:2e:db:99:fa:fc:25:f4:4a:b8:5e:6d:
         79:12:af:77:af:58:94:87:75:ca:cc:48:5a:22:dc:9d:d9:66:
         c8:71:26:15:2b:59:6c:e5:6e:b0:e8:51:61:52:9a:9e:e2:6f:
         2a:ab:5b:d1:7e:28:1b:2d:50:76:ae:6a:3f:0b:e5:8f:9c:50:
         5c:e4:ed:a0
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUby60SIajd7Y5xuw5j8unMA6tE44wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA2MDAwMDAwWhcNMjMwMzA5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmM2MjRkOGMzZmYzYWRhNWFmODM2NmFkNjAxNTVhZTQ0
NjQxMzExNjg3MjcwZWM5NTJlYzc4MDZmMTc2NDA5NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKKEp0XQiHvhuqI62N4IYcBI5WLBLEzuCW1YQ/j3anvgAsAOVmVM
rmEpOAv/lujoPcvwCfW4h5jMtf8o5qpb1rJIUK/dUQE8qwauna4H7R2gNNy2Q8ra
Aib6tDhK1o5TfUVdmvRk0Md5L6t3xaXoYbYgJVVw+1Dz+TEzCClZCTRZeeQ9nX9J
NcTBfSxmWKbZCi4HXefSwKrueIDz/90gmihkkb3GIRQl8I5siEgbAshHWvBXSS9Y
KZsPXzcoEzg9RQyN3nkr8oHZbhc7g1ttj3jhyOY1tvXcWxT31kpQKK/D/zMdtfqy
Xo560dpIA71aOWGlRFbEDjCZn8YBW35geLcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTtHbG8E4vkLRsOhMpi/XAor0gUxzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzA2NWUwOTUtZDEzOS00YTE3LWFhNjctNTA2MWRiODlkZjQ2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF2UxGm9bh6HY2Rl
tG85LaHOY/RIFADLinLQH+m7YxokCnIQSzR0oUXzuUNFRjMUcYOLWtreSg95Xltu
N3yVIEab4XBqkl6bNGP6GInu6jFp4ojPeUycEUodFeCEcq6ZThVLdrpVS+Gzm11a
nLa3nyLIViVyDjoSEy4FUqtaJGqVqgn6EXHt75po5SuTHNu6oiH4OUs8RCSJ5V9j
bD5tL0b9PhRbecYW5KWCScuNJ+YH2p0RHPk9WtjvUlQu25n6/CX0SrhebXkSr3ev
WJSHdcrMSFoi3J3ZZshxJhUrWWzlbrDoUWFSmp7ibyqrW9F+KBstUHauaj8L5Y+c
UFzk7aA=
-----END CERTIFICATE-----