Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d5c4ced4-167d-4dc0-819a-550446aa0c27.roa
File:                     d5c4ced4-167d-4dc0-819a-550446aa0c27.roa (raw, json)
Hash identifier:          wyQ2Oe44Ns8Fcv9O1evSlpdekbfl6HekAbbac5m8qgI=
Subject key identifier:   38:B0:08:B5:EC:DF:A8:AB:A0:9C:9F:24:A3:13:6E:EF:EE:A7:52:07
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       205339797770CE2FA0AD09B782A2D9B3AB3EAC0D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d5c4ced4-167d-4dc0-819a-550446aa0c27.roa
Signing time:             Sun 14 May 2023 00:00:00 +0000
ROA not before:           Sun 14 May 2023 00:00:00 +0000
ROA not after:            Wed 17 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:53:39:79:77:70:ce:2f:a0:ad:09:b7:82:a2:d9:b3:ab:3e:ac:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 14 00:00:00 2023 GMT
            Not After : May 17 23:59:59 2023 GMT
        Subject: serialNumber=5b4a8c7b1d1eb82e16a89c6e98c14f1eafa8bb55804d2681ae1c0338b9432b04, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:18:66:37:5d:5d:7c:87:4d:c5:5b:e8:59:60:
                    ec:a8:03:cb:02:dd:3c:e5:ef:d7:6f:21:7c:14:be:
                    69:f8:c6:9e:d8:b0:f7:d1:26:4f:09:13:7f:28:2f:
                    e9:31:37:ab:6b:b9:42:ad:5d:ce:de:d8:72:2d:50:
                    53:e1:44:ad:b0:ea:fd:31:f9:cd:f0:ea:99:0e:00:
                    9e:76:f6:8f:92:7c:12:b9:39:92:71:42:c4:b4:3f:
                    dd:75:af:46:88:e6:6a:3b:54:0f:e9:09:6b:26:5c:
                    da:5f:b5:c3:ef:a2:cb:b1:4c:6a:56:f1:2e:1f:d9:
                    ac:9b:0f:62:10:66:70:37:c8:f8:cd:57:69:48:19:
                    71:02:57:82:9c:18:5b:cc:7e:4f:e0:c8:9a:b1:50:
                    76:91:8e:60:98:cc:26:f8:75:09:1f:74:ff:15:6c:
                    13:7a:1f:0c:80:dd:c1:c6:02:19:07:7a:b3:af:c3:
                    39:23:f2:f6:f4:0a:02:1f:99:fb:b3:8b:a6:2c:8e:
                    d1:be:6c:63:03:ba:f2:7b:e3:79:d8:c4:36:08:cf:
                    55:22:df:5d:a4:35:90:74:a6:3e:0a:2f:e2:45:25:
                    71:28:f7:44:dc:a1:87:66:d1:90:d4:1d:86:ed:a0:
                    0e:ce:3d:7d:a0:3e:12:35:61:5f:8b:db:ca:38:3e:
                    81:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B0:08:B5:EC:DF:A8:AB:A0:9C:9F:24:A3:13:6E:EF:EE:A7:52:07
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d5c4ced4-167d-4dc0-819a-550446aa0c27.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:7a:0c:c6:62:2b:0f:21:2b:11:32:39:5f:f6:55:09:1b:95:
         f5:30:32:66:7b:64:2a:e5:74:c6:fd:68:8f:ef:73:69:51:e8:
         c7:02:e7:db:f3:41:55:f4:dc:07:79:f5:e6:b9:26:6a:42:bb:
         4e:f5:50:b9:8c:6c:ea:9b:04:75:5d:c2:7f:4a:77:07:b4:81:
         51:02:2d:55:e3:47:f3:99:07:53:24:f1:1e:bd:97:a8:94:53:
         b2:ca:b5:f0:d0:14:88:46:96:93:68:47:41:93:60:d2:e7:95:
         94:dd:c1:f0:45:9d:3b:ca:db:fe:db:23:bc:93:a2:fe:31:7d:
         24:e8:cd:17:57:62:ab:cc:a1:70:37:39:ac:be:7c:d9:66:36:
         b6:ac:17:65:c9:92:63:06:6e:c5:05:f8:b1:4a:d1:a3:55:96:
         45:f4:c8:07:b6:56:d1:88:62:3f:22:23:5b:b3:ac:3c:d2:9b:
         7c:a3:00:39:6e:1f:48:05:0e:c6:59:b5:2f:2e:b0:9e:98:4d:
         84:92:5d:1d:f2:c4:c1:10:57:37:4a:f0:99:0a:18:66:c4:b2:
         36:24:40:32:44:d4:18:3b:db:4d:4a:59:88:c6:3e:35:a4:40:
         1c:a4:81:8a:f0:76:2b:20:71:ff:de:d3:1a:cd:21:5b:3c:94:
         cc:ae:1c:1a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIFM5eXdwzi+grQm3gqLZs6s+rA0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE0MDAwMDAwWhcNMjMwNTE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANWI0YThjN2IxZDFlYjgyZTE2YTg5YzZlOThjMTRmMWVh
ZmE4YmI1NTgwNGQyNjgxYWUxYzAzMzhiOTQzMmIwNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI4YZjddXXyHTcVb6Flg7KgDywLdPOXv128hfBS+afjGntiw99Em
TwkTfygv6TE3q2u5Qq1dzt7Yci1QU+FErbDq/TH5zfDqmQ4Annb2j5J8Erk5knFC
xLQ/3XWvRojmajtUD+kJayZc2l+1w++iy7FMalbxLh/ZrJsPYhBmcDfI+M1XaUgZ
cQJXgpwYW8x+T+DImrFQdpGOYJjMJvh1CR90/xVsE3ofDIDdwcYCGQd6s6/DOSPy
9vQKAh+Z+7OLpiyO0b5sYwO68nvjedjENgjPVSLfXaQ1kHSmPgov4kUlcSj3RNyh
h2bRkNQdhu2gDs49faA+EjVhX4vbyjg+gXMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ4sAi17N+oq6CcnySjE27v7qdSBzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDVjNGNlZDQtMTY3ZC00ZGMwLTgxOWEtNTUwNDQ2YWEwYzI3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAl6DMZiKw8hKxEy
OV/2VQkblfUwMmZ7ZCrldMb9aI/vc2lR6McC59vzQVX03Ad59ea5JmpCu071ULmM
bOqbBHVdwn9Kdwe0gVECLVXjR/OZB1Mk8R69l6iUU7LKtfDQFIhGlpNoR0GTYNLn
lZTdwfBFnTvK2/7bI7yTov4xfSTozRdXYqvMoXA3Oay+fNlmNrasF2XJkmMGbsUF
+LFK0aNVlkX0yAe2VtGIYj8iI1uzrDzSm3yjADluH0gFDsZZtS8usJ6YTYSSXR3y
xMEQVzdK8JkKGGbEsjYkQDJE1Bg7201KWYjGPjWkQBykgYrwdisgcf/e0xrNIVs8
lMyuHBo=
-----END CERTIFICATE-----