Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cfa14d30-82f9-4853-a084-d7c6ff904ea1.roa
File:                     cfa14d30-82f9-4853-a084-d7c6ff904ea1.roa (raw, json)
Hash identifier:          pKI4zMUYokpeM5mww26fUwg7Mx8rJlvhZS1/4yZoBYU=
Subject key identifier:   88:98:5E:92:A4:2A:30:AE:F6:A5:84:FD:73:C7:E1:20:2E:8A:CE:2E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0FDB37D1FE146361C5C13A2772518678C81398CC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cfa14d30-82f9-4853-a084-d7c6ff904ea1.roa
Signing time:             Fri 10 Mar 2023 00:00:00 +0000
ROA not before:           Fri 10 Mar 2023 00:00:00 +0000
ROA not after:            Mon 13 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:db:37:d1:fe:14:63:61:c5:c1:3a:27:72:51:86:78:c8:13:98:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 10 00:00:00 2023 GMT
            Not After : Mar 13 23:59:59 2023 GMT
        Subject: serialNumber=b8be06c27cce04d80a997f3b8ce44099666865a1357d2cc7500c57d9769e8bd3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1d:99:4a:43:30:b1:1c:d9:e1:4f:fc:f2:69:
                    3e:7a:5f:de:01:66:3a:ea:b5:2a:8f:2c:a4:43:f7:
                    e5:26:e1:8d:50:67:1e:09:c9:ff:1f:41:66:cf:fd:
                    5b:a6:d0:1c:5c:4b:72:4f:48:df:21:2e:9d:5a:94:
                    fd:9a:30:e9:3a:ae:33:f5:d8:3b:4e:20:dc:57:b0:
                    c2:d6:72:6d:ad:04:ab:d7:9c:48:8b:43:f8:68:8f:
                    4b:ec:50:46:4f:4c:3b:c8:95:51:43:96:8d:d5:2c:
                    0c:a4:25:76:66:23:10:ef:76:6d:57:4f:f4:f5:b0:
                    14:b8:53:a2:61:0e:6d:52:85:42:43:71:67:ee:1a:
                    ac:0c:de:e8:09:88:72:3f:e0:d3:c2:eb:d3:53:31:
                    67:a2:78:e4:4f:be:72:15:3a:ce:ed:99:9c:9a:87:
                    d3:c3:76:9f:c4:1d:8a:9e:ca:e7:6e:8e:56:7f:7b:
                    d2:8b:88:fa:32:b4:86:3b:22:3b:2e:26:b4:5d:6b:
                    d6:79:ed:6c:60:37:da:fa:d5:7c:14:62:fa:d6:4a:
                    d6:29:16:c5:c3:e0:8f:e4:2d:18:6a:90:5e:b7:fb:
                    d4:29:f9:c2:ac:d8:1f:6a:81:62:1d:e1:94:b7:c8:
                    c3:3e:40:a4:7e:0d:82:e7:e0:da:f4:c3:10:98:2c:
                    ea:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:98:5E:92:A4:2A:30:AE:F6:A5:84:FD:73:C7:E1:20:2E:8A:CE:2E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cfa14d30-82f9-4853-a084-d7c6ff904ea1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:d8:1c:d0:1b:f4:12:e9:d7:df:96:86:a0:13:b9:5b:40:9e:
         9a:fc:2f:aa:4c:84:b4:a0:07:ed:f7:89:bd:47:15:84:89:2a:
         4c:ee:91:c7:2d:e7:ea:66:a4:a1:98:78:6e:b2:16:74:ec:be:
         00:04:d2:a9:70:d4:41:5d:90:10:53:94:26:11:5d:6d:50:6e:
         a3:0e:8f:fb:4f:74:10:b3:63:c8:1f:a8:dc:d1:ed:0a:1f:ae:
         47:b6:30:c8:ca:96:9d:cd:c1:25:81:36:bc:32:4b:e6:1e:bb:
         49:94:60:b3:68:e6:ed:77:d2:39:b1:4b:b2:e7:b9:f5:76:4b:
         d3:73:e8:76:b8:30:e1:34:9d:3d:fa:e2:1e:34:dc:4d:97:cc:
         e9:3c:cf:22:f5:5a:ab:b8:83:f9:29:a1:75:ee:02:63:96:04:
         60:a8:c7:66:86:8a:5d:1c:ec:dd:c5:04:1c:66:2c:5c:de:d3:
         a9:0a:4d:72:c0:be:89:16:8f:2f:47:e1:a8:e5:bc:c2:47:3e:
         a3:be:9b:71:6a:e8:30:37:3a:52:b5:c8:b2:2a:bc:37:93:c8:
         64:de:14:22:8e:3c:0c:16:49:f3:83:2f:ca:58:35:83:4f:35:
         21:d8:48:9f:4e:7d:ed:81:b6:43:6f:fc:36:77:dd:d6:d9:92:
         b3:14:78:82
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUD9s30f4UY2HFwTonclGGeMgTmMwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEwMDAwMDAwWhcNMjMwMzEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjhiZTA2YzI3Y2NlMDRkODBhOTk3ZjNiOGNlNDQwOTk2
NjY4NjVhMTM1N2QyY2M3NTAwYzU3ZDk3NjllOGJkMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALUdmUpDMLEc2eFP/PJpPnpf3gFmOuq1Ko8spEP35SbhjVBnHgnJ
/x9BZs/9W6bQHFxLck9I3yEunVqU/Zow6TquM/XYO04g3FewwtZyba0Eq9ecSItD
+GiPS+xQRk9MO8iVUUOWjdUsDKQldmYjEO92bVdP9PWwFLhTomEObVKFQkNxZ+4a
rAze6AmIcj/g08Lr01MxZ6J45E++chU6zu2ZnJqH08N2n8Qdip7K526OVn970ouI
+jK0hjsiOy4mtF1r1nntbGA32vrVfBRi+tZK1ikWxcPgj+QtGGqQXrf71Cn5wqzY
H2qBYh3hlLfIwz5ApH4Ngufg2vTDEJgs6hUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSImF6SpCowrvalhP1zx+EgLorOLjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2ZhMTRkMzAtODJmOS00ODUzLWEwODQtZDdjNmZmOTA0ZWExLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF7YHNAb9BLp19+W
hqATuVtAnpr8L6pMhLSgB+33ib1HFYSJKkzukcct5+pmpKGYeG6yFnTsvgAE0qlw
1EFdkBBTlCYRXW1QbqMOj/tPdBCzY8gfqNzR7Qofrke2MMjKlp3NwSWBNrwyS+Ye
u0mUYLNo5u130jmxS7LnufV2S9Nz6Ha4MOE0nT364h403E2XzOk8zyL1Wqu4g/kp
oXXuAmOWBGCox2aGil0c7N3FBBxmLFze06kKTXLAvokWjy9H4ajlvMJHPqO+m3Fq
6DA3OlK1yLIqvDeTyGTeFCKOPAwWSfODL8pYNYNPNSHYSJ9Ofe2BtkNv/DZ33dbZ
krMUeII=
-----END CERTIFICATE-----