Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c23b169d-f77c-4266-a200-ce8855b391f8.roa
File:                     c23b169d-f77c-4266-a200-ce8855b391f8.roa (raw, json)
Hash identifier:          Yq7oqVUtPPVu2lesctgElC43l+1qikNRFGsm307tGuU=
Subject key identifier:   13:1B:52:FE:6C:D4:A2:7E:24:AE:D7:5B:4D:8E:B2:97:85:75:03:22
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       23B62A76D5EEF5CC0D43476782A0F31C4F771CCD
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c23b169d-f77c-4266-a200-ce8855b391f8.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:b6:2a:76:d5:ee:f5:cc:0d:43:47:67:82:a0:f3:1c:4f:77:1c:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=d1768ca83352794196bf64450243d494ebb05620ff3d35ee2b083c7635a716cf, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:fb:84:e8:4b:42:7a:fc:b3:52:7a:92:20:12:
                    2c:c7:f6:22:3b:a5:c1:40:0b:a5:61:85:39:6b:3e:
                    18:22:dc:63:a0:23:cb:36:ee:7f:ea:db:95:63:3c:
                    d1:10:80:9e:20:85:02:62:7a:4a:af:f9:d5:7a:c5:
                    87:cb:64:b0:71:bf:88:08:22:f6:2c:8f:62:01:dd:
                    8e:51:cd:8d:84:d0:25:a9:50:15:3b:05:3b:32:f5:
                    83:eb:ee:48:65:4f:bb:81:80:fc:eb:d7:22:2d:7f:
                    a0:86:55:1c:40:e9:f6:2c:d1:d4:d9:d4:16:8f:cc:
                    68:ad:1a:37:d8:26:9e:f4:cc:0d:dc:df:d9:75:a8:
                    4f:d7:9b:53:d2:43:66:cd:a6:0b:47:ea:4d:e8:56:
                    94:e6:64:c6:b9:88:22:a1:c9:bc:b6:18:08:d2:9d:
                    70:ac:3c:22:ea:d2:35:3c:64:8a:f2:fa:ae:bf:4e:
                    1c:7d:f9:ad:9e:05:9a:43:91:99:18:5e:24:a2:94:
                    ac:f6:7d:83:e8:c5:b4:ee:e4:5e:92:2d:68:67:d5:
                    36:98:88:af:12:c2:c7:70:18:5f:b3:25:5f:7d:d4:
                    9a:13:9c:cd:bb:4e:ff:f9:5f:43:25:33:17:d1:53:
                    cc:8b:72:b5:84:d1:85:ee:04:e0:d4:09:5f:93:44:
                    14:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:1B:52:FE:6C:D4:A2:7E:24:AE:D7:5B:4D:8E:B2:97:85:75:03:22
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c23b169d-f77c-4266-a200-ce8855b391f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:9d:ab:87:1f:cb:1f:6b:a9:5f:38:67:c4:2c:df:10:94:aa:
         9e:af:e2:d9:02:48:7d:45:4f:da:86:b9:99:68:d5:a0:3a:5d:
         cc:88:d4:f6:6a:1b:68:df:04:14:46:4d:82:89:b0:ee:3e:60:
         ae:2e:af:8d:59:1b:51:bd:2c:df:f9:34:9e:77:f2:d0:5c:dd:
         f7:41:f7:76:74:62:ea:48:bd:ce:27:2d:7e:3b:0d:e3:82:89:
         2c:dd:d0:0e:89:37:0e:36:7d:2a:ed:0f:bf:af:93:a6:3e:c9:
         47:a8:6d:b8:c6:a2:26:05:99:13:12:2d:5f:24:02:3d:3e:c5:
         49:a6:bd:ac:fa:58:0d:46:44:a5:85:d2:d7:4f:67:0a:d8:72:
         e5:c3:f7:74:a5:e2:ba:a4:39:79:93:24:fa:9a:b7:6d:77:3c:
         e4:2f:6a:2d:fc:e9:a7:c4:d7:fe:9c:88:8f:a0:8d:42:e9:36:
         0a:99:3d:3f:c7:e9:24:fa:ce:5f:08:ec:35:a8:20:3e:5a:74:
         b6:1d:62:71:07:d4:04:ab:ae:d4:c8:3c:60:00:5c:40:01:69:
         d5:fe:f9:94:30:31:8c:6b:11:11:02:83:80:eb:b0:aa:50:3e:
         b0:c0:a9:92:cb:7e:00:4d:6f:ae:ec:f2:95:30:e2:2b:07:0d:
         5f:0a:ca:75
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUI7YqdtXu9cwNQ0dngqDzHE93HM0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDE3NjhjYTgzMzUyNzk0MTk2YmY2NDQ1MDI0M2Q0OTRl
YmIwNTYyMGZmM2QzNWVlMmIwODNjNzYzNWE3MTZjZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANr7hOhLQnr8s1J6kiASLMf2IjulwUALpWGFOWs+GCLcY6Ajyzbu
f+rblWM80RCAniCFAmJ6Sq/51XrFh8tksHG/iAgi9iyPYgHdjlHNjYTQJalQFTsF
OzL1g+vuSGVPu4GA/OvXIi1/oIZVHEDp9izR1NnUFo/MaK0aN9gmnvTMDdzf2XWo
T9ebU9JDZs2mC0fqTehWlOZkxrmIIqHJvLYYCNKdcKw8IurSNTxkivL6rr9OHH35
rZ4FmkORmRheJKKUrPZ9g+jFtO7kXpItaGfVNpiIrxLCx3AYX7MlX33UmhOczbtO
//lfQyUzF9FTzItytYTRhe4E4NQJX5NEFOkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQTG1L+bNSifiSu11tNjrKXhXUDIjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzIzYjE2OWQtZjc3Yy00MjY2LWEyMDAtY2U4ODU1YjM5MWY4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIidq4cfyx9rqV84
Z8Qs3xCUqp6v4tkCSH1FT9qGuZlo1aA6XcyI1PZqG2jfBBRGTYKJsO4+YK4ur41Z
G1G9LN/5NJ538tBc3fdB93Z0YupIvc4nLX47DeOCiSzd0A6JNw42fSrtD7+vk6Y+
yUeobbjGoiYFmRMSLV8kAj0+xUmmvaz6WA1GRKWF0tdPZwrYcuXD93Sl4rqkOXmT
JPqat213POQvai386afE1/6ciI+gjULpNgqZPT/H6ST6zl8I7DWoID5adLYdYnEH
1ASrrtTIPGAAXEABadX++ZQwMYxrERECg4DrsKpQPrDAqZLLfgBNb67s8pUw4isH
DV8KynU=
-----END CERTIFICATE-----