Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d1ad0f3f-0854-4a5b-901e-6002fb522cbd.roa
File:                     d1ad0f3f-0854-4a5b-901e-6002fb522cbd.roa (raw, json)
Hash identifier:          hgOd4zLgHXFeEJy8L2A0/m1QWCWs1+CDwuSrUGGrTyk=
Subject key identifier:   E9:37:5D:FB:84:A6:D7:73:E6:7A:D1:36:37:59:FF:80:8B:CD:42:91
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       051CB2F56AE00B55A68EA69B70CCD74127E3C504
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d1ad0f3f-0854-4a5b-901e-6002fb522cbd.roa
Signing time:             Sat 18 Mar 2023 00:00:00 +0000
ROA not before:           Sat 18 Mar 2023 00:00:00 +0000
ROA not after:            Tue 21 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:1c:b2:f5:6a:e0:0b:55:a6:8e:a6:9b:70:cc:d7:41:27:e3:c5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 18 00:00:00 2023 GMT
            Not After : Mar 21 23:59:59 2023 GMT
        Subject: serialNumber=d85f00c0e80f8d6665bb78717d3a3c73f92440406a60ed49770e45982122571f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:88:ea:c1:2b:3c:63:67:a8:ef:8b:7e:90:f8:
                    bf:3d:1b:ca:1e:51:d0:d2:3b:38:89:f2:2c:cb:f1:
                    9d:9d:61:e9:59:3a:d6:6a:ab:c6:5c:da:dd:79:ce:
                    2e:b3:a5:d1:6f:cb:c0:ab:20:f1:35:8c:3d:11:a9:
                    e9:21:8b:98:28:3d:49:d1:06:31:be:f1:b6:c0:b4:
                    88:65:dc:36:b2:fe:86:63:bb:db:99:03:8e:64:b2:
                    f0:e7:fb:9e:85:48:e1:54:a2:07:ae:df:64:a3:c1:
                    b6:50:24:42:0b:7a:88:18:d7:43:10:fe:80:bb:3b:
                    35:ad:68:d7:97:ec:ba:48:e7:24:90:a1:c4:45:dd:
                    95:3d:d3:76:af:9f:c0:e3:a7:4e:7d:7f:8b:19:a5:
                    af:8f:ab:c5:8d:e8:52:71:7f:7f:56:d4:9f:d8:71:
                    36:4e:bd:48:ba:3d:6c:ad:93:2f:00:2a:39:9c:06:
                    4c:88:ae:fa:77:cb:2a:6b:15:6e:77:1c:bf:39:75:
                    5e:dd:12:83:2e:e9:d5:9e:70:ab:b9:ce:94:4b:3b:
                    03:a6:55:c2:38:88:19:c2:10:f2:44:4a:ac:70:03:
                    25:b3:7e:4c:50:d8:ba:63:a9:9e:07:8e:f4:20:a9:
                    ee:3c:cf:7f:58:0b:11:cb:9a:a8:61:fc:43:6f:f1:
                    bf:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:37:5D:FB:84:A6:D7:73:E6:7A:D1:36:37:59:FF:80:8B:CD:42:91
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d1ad0f3f-0854-4a5b-901e-6002fb522cbd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:0f:5f:ef:dc:c6:58:d9:4b:2a:55:59:d0:31:a1:05:85:df:
         81:0d:1b:1a:cf:29:48:1a:24:e4:12:ee:9d:d6:22:93:bb:30:
         6d:58:f2:15:dd:e1:92:60:05:ca:e9:c5:9c:3e:8a:df:73:79:
         ac:58:03:09:93:be:9f:21:f7:24:4d:65:38:58:aa:5b:62:37:
         79:49:19:d9:29:f9:94:c3:df:d2:ae:08:3e:e2:a0:69:10:e9:
         85:08:39:2e:4e:8c:16:60:a2:3d:4f:12:b8:11:88:b2:67:ce:
         06:25:4b:59:f8:25:85:2b:3a:86:cd:73:cf:ec:4c:d0:76:80:
         32:0a:48:5c:93:5c:39:cc:e3:54:6f:cd:2f:35:5b:65:72:2e:
         49:70:32:b4:0d:4c:b6:36:c1:c0:9f:d6:6d:5f:45:b6:8f:d9:
         c2:bc:1c:cd:77:76:ee:32:d0:8d:0a:ad:87:38:aa:8c:6e:9e:
         69:2f:d0:9b:cf:8f:73:a0:ec:76:ba:24:69:53:f3:0d:f6:c6:
         b7:26:00:79:53:5f:e1:38:79:d2:97:cc:0d:ce:a8:cb:51:f9:
         49:f4:02:aa:e3:02:f2:c3:6f:cf:17:70:16:24:06:d0:d5:8a:
         59:5f:e2:58:2a:2f:55:76:c1:58:83:8a:b7:b0:ce:92:bc:5a:
         c1:25:be:7f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBRyy9WrgC1WmjqabcMzXQSfjxQQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE4MDAwMDAwWhcNMjMwMzIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDg1ZjAwYzBlODBmOGQ2NjY1YmI3ODcxN2QzYTNjNzNm
OTI0NDA0MDZhNjBlZDQ5NzcwZTQ1OTgyMTIyNTcxZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJmI6sErPGNnqO+LfpD4vz0byh5R0NI7OInyLMvxnZ1h6Vk61mqr
xlza3XnOLrOl0W/LwKsg8TWMPRGp6SGLmCg9SdEGMb7xtsC0iGXcNrL+hmO725kD
jmSy8Of7noVI4VSiB67fZKPBtlAkQgt6iBjXQxD+gLs7Na1o15fsukjnJJChxEXd
lT3Tdq+fwOOnTn1/ixmlr4+rxY3oUnF/f1bUn9hxNk69SLo9bK2TLwAqOZwGTIiu
+nfLKmsVbnccvzl1Xt0Sgy7p1Z5wq7nOlEs7A6ZVwjiIGcIQ8kRKrHADJbN+TFDY
umOpngeO9CCp7jzPf1gLEcuaqGH8Q2/xv+UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTpN137hKbXc+Z60TY3Wf+Ai81CkTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDFhZDBmM2YtMDg1NC00YTViLTkwMWUtNjAwMmZiNTIyY2JkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGAPX+/cxljZSypV
WdAxoQWF34ENGxrPKUgaJOQS7p3WIpO7MG1Y8hXd4ZJgBcrpxZw+it9zeaxYAwmT
vp8h9yRNZThYqltiN3lJGdkp+ZTD39KuCD7ioGkQ6YUIOS5OjBZgoj1PErgRiLJn
zgYlS1n4JYUrOobNc8/sTNB2gDIKSFyTXDnM41RvzS81W2VyLklwMrQNTLY2wcCf
1m1fRbaP2cK8HM13du4y0I0KrYc4qoxunmkv0JvPj3Og7Ha6JGlT8w32xrcmAHlT
X+E4edKXzA3OqMtR+Un0AqrjAvLDb88XcBYkBtDVillf4lgqL1V2wViDirewzpK8
WsElvn8=
-----END CERTIFICATE-----