Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cab57c42-7e79-45a5-9c54-4522d7a7609f.roa
File:                     cab57c42-7e79-45a5-9c54-4522d7a7609f.roa (raw, json)
Hash identifier:          C01yZX9dFLydhdLU8Edwgt0gTxyqEvvnrmHXf4IVqgs=
Subject key identifier:   F9:5B:B2:42:1F:E4:C9:C6:3B:5F:F6:CF:1D:F0:8F:12:22:28:7A:B9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0E584A85A019E1C8F4DD61330690C00BC9F7A15D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cab57c42-7e79-45a5-9c54-4522d7a7609f.roa
Signing time:             Sat 04 Mar 2023 00:00:00 +0000
ROA not before:           Sat 04 Mar 2023 00:00:00 +0000
ROA not after:            Tue 07 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:58:4a:85:a0:19:e1:c8:f4:dd:61:33:06:90:c0:0b:c9:f7:a1:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  4 00:00:00 2023 GMT
            Not After : Mar  7 23:59:59 2023 GMT
        Subject: serialNumber=79a565fbe828bcc4da1044b5daf60cc137a2c3e3e457633cf6274bccdb862d5c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f5:6c:75:b3:a7:60:1c:53:6b:31:59:0a:0a:
                    da:89:00:48:20:e9:bf:03:97:07:4a:f3:2f:56:f9:
                    28:b1:32:f6:b6:60:66:7d:05:75:7f:60:f4:3d:e4:
                    7e:80:a4:19:d5:51:94:06:03:d4:b6:f7:ba:b1:68:
                    1e:72:c0:f9:1f:29:93:8f:e2:4e:7a:6c:d5:9d:3c:
                    3b:eb:7e:fb:9b:8e:9a:34:e1:b7:da:77:76:33:c7:
                    64:1c:95:f6:2e:e9:e3:0e:52:5e:5f:57:29:9c:64:
                    79:ab:16:2f:2f:7c:6e:fe:c5:fc:12:15:ba:e4:98:
                    42:2a:78:7e:9c:0d:f0:63:23:d5:ae:2d:9c:3b:27:
                    13:0e:d2:46:bd:d1:bc:f9:3d:1b:92:8c:04:7c:6c:
                    58:54:60:fb:f9:dc:a8:0d:17:3f:ee:df:55:3f:29:
                    27:f5:1b:cc:0c:c6:65:15:08:46:a7:14:7d:82:38:
                    6d:31:c8:20:43:75:49:f9:9e:08:0b:a6:51:73:d5:
                    7a:b1:d2:2b:5b:4e:dc:6c:cd:b1:cc:98:f2:a4:42:
                    0e:49:a7:39:54:62:72:d1:3b:45:60:1f:f7:ec:53:
                    9e:c5:61:47:9a:4b:90:f9:43:e7:d7:5b:9f:1e:bd:
                    c6:41:76:8f:4c:66:37:47:bd:65:bf:de:fa:2c:f0:
                    06:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:5B:B2:42:1F:E4:C9:C6:3B:5F:F6:CF:1D:F0:8F:12:22:28:7A:B9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cab57c42-7e79-45a5-9c54-4522d7a7609f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:48:bd:cf:08:d9:ee:a6:ad:b0:a5:c8:af:4c:db:b2:34:18:
         22:76:01:d1:f9:b4:72:34:c1:b0:d7:d6:d9:19:f3:81:48:ae:
         06:59:6b:79:25:8a:ca:b2:aa:4e:fd:eb:ae:67:c3:ae:3a:fa:
         59:6a:bd:32:3b:23:15:36:ec:e3:4a:e7:66:82:1e:c5:12:95:
         70:07:ee:fc:f2:9e:9f:8d:42:73:63:5d:b8:13:0c:51:c0:0e:
         19:18:79:67:0e:47:f6:81:6b:10:f6:1f:76:d9:12:e9:95:78:
         35:1b:3b:2d:36:df:c0:d1:83:c9:55:82:7a:06:15:37:da:7e:
         12:f8:14:94:20:a6:42:9b:3a:32:65:05:87:58:af:c7:49:17:
         e2:ad:d6:7e:9e:f3:1c:02:10:6e:ae:cc:2a:9b:02:30:81:a3:
         76:88:da:4e:35:4a:b2:cc:2f:91:7a:fa:86:73:9a:d2:d7:2e:
         b1:d0:28:1d:58:03:77:55:d9:87:4e:70:cc:20:24:5f:cc:73:
         39:54:50:bf:ef:30:b4:20:64:fc:25:d3:11:7e:3b:67:b6:b4:
         98:fe:9a:de:43:b1:1e:d2:7f:0f:bc:ae:66:02:1d:55:45:4c:
         f9:54:46:46:32:81:83:1e:d6:cc:c5:5f:12:f1:4d:af:0e:c3:
         92:f8:75:44
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDlhKhaAZ4cj03WEzBpDAC8n3oV0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA0MDAwMDAwWhcNMjMwMzA3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzlhNTY1ZmJlODI4YmNjNGRhMTA0NGI1ZGFmNjBjYzEz
N2EyYzNlM2U0NTc2MzNjZjYyNzRiY2NkYjg2MmQ1YzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK71bHWzp2AcU2sxWQoK2okASCDpvwOXB0rzL1b5KLEy9rZgZn0F
dX9g9D3kfoCkGdVRlAYD1Lb3urFoHnLA+R8pk4/iTnps1Z08O+t++5uOmjTht9p3
djPHZByV9i7p4w5SXl9XKZxkeasWLy98bv7F/BIVuuSYQip4fpwN8GMj1a4tnDsn
Ew7SRr3RvPk9G5KMBHxsWFRg+/ncqA0XP+7fVT8pJ/UbzAzGZRUIRqcUfYI4bTHI
IEN1SfmeCAumUXPVerHSK1tO3GzNscyY8qRCDkmnOVRictE7RWAf9+xTnsVhR5pL
kPlD59dbnx69xkF2j0xmN0e9Zb/e+izwBvcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT5W7JCH+TJxjtf9s8d8I8SIih6uTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2FiNTdjNDItN2U3OS00NWE1LTljNTQtNDUyMmQ3YTc2MDlmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC5Ivc8I2e6mrbCl
yK9M27I0GCJ2AdH5tHI0wbDX1tkZ84FIrgZZa3klisqyqk79665nw646+llqvTI7
IxU27ONK52aCHsUSlXAH7vzynp+NQnNjXbgTDFHADhkYeWcOR/aBaxD2H3bZEumV
eDUbOy0238DRg8lVgnoGFTfafhL4FJQgpkKbOjJlBYdYr8dJF+Kt1n6e8xwCEG6u
zCqbAjCBo3aI2k41SrLML5F6+oZzmtLXLrHQKB1YA3dV2YdOcMwgJF/MczlUUL/v
MLQgZPwl0xF+O2e2tJj+mt5DsR7Sfw+8rmYCHVVFTPlURkYygYMe1szFXxLxTa8O
w5L4dUQ=
-----END CERTIFICATE-----