Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c47cac8a-b2f9-440e-8deb-dc1d12016253.roa
File:                     c47cac8a-b2f9-440e-8deb-dc1d12016253.roa (raw, json)
Hash identifier:          PyLai1I02rW5TaajMKfsOiu5TTZ4zlMIlL+8/KfpQYU=
Subject key identifier:   31:2D:D9:82:8E:25:1C:6F:D0:F5:0F:1A:C5:45:4B:8B:D7:EF:54:3F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       74A0CA7AD08B876801B24B0163492791CAF15400
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c47cac8a-b2f9-440e-8deb-dc1d12016253.roa
Signing time:             Wed 24 May 2023 00:00:00 +0000
ROA not before:           Wed 24 May 2023 00:00:00 +0000
ROA not after:            Sat 27 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:a0:ca:7a:d0:8b:87:68:01:b2:4b:01:63:49:27:91:ca:f1:54:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 24 00:00:00 2023 GMT
            Not After : May 27 23:59:59 2023 GMT
        Subject: serialNumber=1ea1cb20ce8fb511441a3958278ad71b6b10b45b35f1c49465fad8d97aa66a6c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a5:48:df:de:6f:24:fc:23:bc:81:91:a7:8b:
                    af:28:b5:93:a9:d5:46:68:24:40:ff:44:8d:5c:a4:
                    81:13:4e:a5:6b:fe:7b:1c:26:e6:d4:2c:fd:b7:6b:
                    64:2e:a7:98:bb:7a:a1:a5:a9:4b:61:1e:39:ea:0e:
                    6f:af:27:44:67:43:53:e1:ae:ff:46:57:15:04:2e:
                    39:e0:68:92:56:81:e9:a8:b8:61:68:0b:45:89:00:
                    b7:5f:df:6c:71:ee:83:4b:3d:3d:53:0f:fe:9d:3e:
                    b6:11:25:04:66:39:6d:16:15:ab:93:8b:5d:70:3b:
                    d5:cd:af:8a:20:8e:56:3b:4e:db:1b:ee:d0:70:cc:
                    31:4d:a2:af:b7:1d:f1:1a:a7:8f:1c:1b:0a:f8:ae:
                    c1:35:71:b3:b6:85:47:2e:d0:8e:6a:09:f4:00:ca:
                    35:3e:ae:7c:76:fe:15:c7:d8:8c:d2:b1:b0:dd:09:
                    dc:8b:ca:ca:63:d8:5a:ca:f3:2b:57:ba:dd:06:8d:
                    7b:af:93:5a:f6:79:81:7f:18:46:e3:79:71:6d:2f:
                    87:0e:b0:55:cc:71:85:b7:28:f2:2a:e1:64:a6:04:
                    fc:62:e1:54:99:0a:9f:78:cd:c1:81:44:09:7d:b3:
                    4e:d5:8b:71:6f:ad:15:b9:6a:ce:2c:ea:5c:be:38:
                    7f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:2D:D9:82:8E:25:1C:6F:D0:F5:0F:1A:C5:45:4B:8B:D7:EF:54:3F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c47cac8a-b2f9-440e-8deb-dc1d12016253.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:a4:29:d6:dd:48:38:f1:b9:fc:9a:9e:14:00:90:b5:19:6f:
         3f:72:af:2e:f0:6c:0d:8c:0d:39:bb:78:cf:c7:52:55:ac:59:
         1d:f5:bd:78:de:c9:47:58:e0:8f:76:c7:e2:71:15:4f:f6:70:
         f7:a8:a4:96:a1:cc:21:e5:ab:1d:42:63:14:3b:97:c6:8b:12:
         8c:16:08:f9:c1:dc:5b:a2:1b:6d:86:e2:8e:8b:ec:9e:ab:50:
         26:00:65:f2:20:9d:fd:77:d8:3b:a5:3c:7e:16:48:a0:ef:d2:
         1a:b7:71:58:e8:2a:be:c9:d8:55:52:53:2b:ac:e0:83:46:c8:
         f3:80:24:ce:ea:3c:79:ef:1b:32:b9:db:5c:19:c0:9a:c3:19:
         6b:6f:b8:cb:58:3b:18:c2:ef:cd:c6:29:b0:c8:8f:80:a0:37:
         4d:09:8b:83:d0:01:c7:0d:3c:14:41:84:d2:94:2c:b0:0c:f5:
         f2:47:ad:9b:b9:10:33:12:a0:b0:b5:9b:f3:a2:45:13:69:69:
         a2:1b:b6:ad:01:e8:71:72:7b:cf:cb:24:43:1f:91:98:9d:3a:
         e5:79:0e:9f:06:3f:72:a6:26:ca:94:57:e4:06:36:2f:3b:9b:
         c2:38:42:0d:8b:3b:c5:0e:54:2d:4d:ca:46:cf:49:77:f2:ef:
         d8:ae:a7:b0
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdKDKetCLh2gBsksBY0knkcrxVAAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI0MDAwMDAwWhcNMjMwNTI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWVhMWNiMjBjZThmYjUxMTQ0MWEzOTU4Mjc4YWQ3MWI2
YjEwYjQ1YjM1ZjFjNDk0NjVmYWQ4ZDk3YWE2NmE2YzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANWlSN/ebyT8I7yBkaeLryi1k6nVRmgkQP9EjVykgRNOpWv+exwm
5tQs/bdrZC6nmLt6oaWpS2EeOeoOb68nRGdDU+Gu/0ZXFQQuOeBoklaB6ai4YWgL
RYkAt1/fbHHug0s9PVMP/p0+thElBGY5bRYVq5OLXXA71c2viiCOVjtO2xvu0HDM
MU2ir7cd8RqnjxwbCviuwTVxs7aFRy7QjmoJ9ADKNT6ufHb+FcfYjNKxsN0J3IvK
ymPYWsrzK1e63QaNe6+TWvZ5gX8YRuN5cW0vhw6wVcxxhbco8irhZKYE/GLhVJkK
n3jNwYFECX2zTtWLcW+tFblqzizqXL44f5cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQxLdmCjiUcb9D1DxrFRUuL1+9UPzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzQ3Y2FjOGEtYjJmOS00NDBlLThkZWItZGMxZDEyMDE2MjUzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHSkKdbdSDjxufya
nhQAkLUZbz9yry7wbA2MDTm7eM/HUlWsWR31vXjeyUdY4I92x+JxFU/2cPeopJah
zCHlqx1CYxQ7l8aLEowWCPnB3FuiG22G4o6L7J6rUCYAZfIgnf132DulPH4WSKDv
0hq3cVjoKr7J2FVSUyus4INGyPOAJM7qPHnvGzK521wZwJrDGWtvuMtYOxjC783G
KbDIj4CgN00Ji4PQAccNPBRBhNKULLAM9fJHrZu5EDMSoLC1m/OiRRNpaaIbtq0B
6HFye8/LJEMfkZidOuV5Dp8GP3KmJsqUV+QGNi87m8I4Qg2LO8UOVC1NykbPSXfy
79iup7A=
-----END CERTIFICATE-----