Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d704d9ef-dc95-4485-9fe9-ac1d1b87d764.roa
File:                     d704d9ef-dc95-4485-9fe9-ac1d1b87d764.roa (raw, json)
Hash identifier:          JTUrjLwDR7YoBuEZFjA2X8bieYmcuLlhNClDJa0luN0=
Subject key identifier:   F6:5A:59:FB:E9:31:61:1C:07:59:DD:52:E3:42:88:06:97:32:84:66
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0BA6B892C4DB205B1D317D5A45C4C392D3614970
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d704d9ef-dc95-4485-9fe9-ac1d1b87d764.roa
Signing time:             Wed 15 Mar 2023 00:00:00 +0000
ROA not before:           Wed 15 Mar 2023 00:00:00 +0000
ROA not after:            Sat 18 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a6:b8:92:c4:db:20:5b:1d:31:7d:5a:45:c4:c3:92:d3:61:49:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 15 00:00:00 2023 GMT
            Not After : Mar 18 23:59:59 2023 GMT
        Subject: serialNumber=e28e785e649e1a59e0e3512b3e5e9b8e4fa72c8fcf1cf0687576f1acdb067314, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:2d:3b:e7:a3:e8:f1:86:08:03:48:9e:b9:97:
                    6f:1e:0b:c7:93:ed:3b:9b:cf:92:af:1c:fb:cb:34:
                    a0:f4:3b:4f:ae:6b:75:e8:44:a7:02:2d:42:99:4a:
                    3e:b8:f8:67:d4:49:b2:5b:72:1f:c5:bc:74:2e:94:
                    3f:08:76:bb:85:fd:31:8e:3f:4e:18:28:8a:69:04:
                    84:ae:70:fc:a3:46:e2:d3:c3:6a:59:92:7f:56:30:
                    65:6e:41:d6:ae:84:e1:5b:30:ee:1e:fc:07:bc:d3:
                    73:1e:6d:c0:0f:b8:a3:ba:90:11:5f:43:e4:1b:2a:
                    26:12:bc:06:06:87:6c:7f:be:56:97:38:f9:17:fe:
                    5f:02:46:08:e8:95:df:33:da:68:40:11:ec:db:a5:
                    41:b8:c1:0f:1d:4c:0c:df:4b:fa:b7:a3:7e:0a:ab:
                    f2:6d:81:2f:a1:8f:ab:fc:0e:c4:ac:53:40:cb:f4:
                    80:e6:c5:e7:54:8c:f2:83:7a:40:bb:ec:c9:0d:a1:
                    f3:24:af:7b:9d:64:5d:05:97:dd:40:d2:5f:ef:98:
                    fb:3e:a2:7d:98:b6:62:36:30:87:bf:68:25:a4:0d:
                    e7:f5:c4:71:de:1b:85:c2:ce:72:df:db:98:5b:69:
                    ad:37:e0:67:74:eb:bc:e1:58:8d:4d:db:7c:99:38:
                    3c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:5A:59:FB:E9:31:61:1C:07:59:DD:52:E3:42:88:06:97:32:84:66
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d704d9ef-dc95-4485-9fe9-ac1d1b87d764.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:ea:90:f5:a3:c7:c5:98:75:44:0a:2a:be:05:9f:65:cd:63:
         15:c3:bc:d2:da:48:e9:dd:ca:eb:98:2f:58:c7:ed:b0:ce:ba:
         a7:56:51:f2:c2:97:8d:ed:74:34:ba:e4:ad:94:59:77:9e:b2:
         31:7c:7b:e9:19:79:61:cc:39:15:d4:fa:3d:7b:e4:41:36:9d:
         ed:ab:2f:d6:46:94:05:ea:63:d2:43:9a:aa:a4:b9:99:bf:2b:
         e1:57:23:70:0e:10:69:a3:9e:8c:b2:5a:a7:b9:19:8d:cb:58:
         9b:8a:00:1b:f1:d0:1b:0b:69:8d:3c:3e:da:d7:65:02:ec:89:
         71:4d:e2:a3:fa:39:22:79:36:70:4e:62:2b:05:62:c1:ad:d6:
         95:1a:f4:3a:26:93:ab:5f:26:85:11:ac:b0:07:1b:14:c9:a0:
         4a:10:ce:8b:19:d8:e0:a7:6b:6b:2b:fd:58:39:59:54:54:84:
         68:80:c2:ad:98:fc:86:ea:2e:12:83:54:bd:03:95:93:16:a7:
         c5:3f:a2:2f:6c:c3:f3:11:b2:1e:71:16:b1:58:2f:52:b3:ce:
         a6:2b:7e:ae:1e:de:ef:2d:15:72:eb:20:30:2a:6b:f5:b2:4e:
         d5:1b:64:84:b5:b8:eb:63:81:46:f6:d9:4a:e4:f4:ae:52:f5:
         f1:9b:e7:bb
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUC6a4ksTbIFsdMX1aRcTDktNhSXAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE1MDAwMDAwWhcNMjMwMzE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTI4ZTc4NWU2NDllMWE1OWUwZTM1MTJiM2U1ZTliOGU0
ZmE3MmM4ZmNmMWNmMDY4NzU3NmYxYWNkYjA2NzMxNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN4tO+ej6PGGCANInrmXbx4Lx5PtO5vPkq8c+8s0oPQ7T65rdehE
pwItQplKPrj4Z9RJsltyH8W8dC6UPwh2u4X9MY4/ThgoimkEhK5w/KNG4tPDalmS
f1YwZW5B1q6E4Vsw7h78B7zTcx5twA+4o7qQEV9D5BsqJhK8BgaHbH++Vpc4+Rf+
XwJGCOiV3zPaaEAR7NulQbjBDx1MDN9L+rejfgqr8m2BL6GPq/wOxKxTQMv0gObF
51SM8oN6QLvsyQ2h8ySve51kXQWX3UDSX++Y+z6ifZi2YjYwh79oJaQN5/XEcd4b
hcLOct/bmFtprTfgZ3TrvOFYjU3bfJk4PO8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT2Wln76TFhHAdZ3VLjQogGlzKEZjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDcwNGQ5ZWYtZGM5NS00NDg1LTlmZTktYWMxZDFiODdkNzY0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG3qkPWjx8WYdUQK
Kr4Fn2XNYxXDvNLaSOndyuuYL1jH7bDOuqdWUfLCl43tdDS65K2UWXeesjF8e+kZ
eWHMORXU+j175EE2ne2rL9ZGlAXqY9JDmqqkuZm/K+FXI3AOEGmjnoyyWqe5GY3L
WJuKABvx0BsLaY08PtrXZQLsiXFN4qP6OSJ5NnBOYisFYsGt1pUa9Domk6tfJoUR
rLAHGxTJoEoQzosZ2OCna2sr/Vg5WVRUhGiAwq2Y/IbqLhKDVL0DlZMWp8U/oi9s
w/MRsh5xFrFYL1KzzqYrfq4e3u8tFXLrIDAqa/WyTtUbZIS1uOtjgUb22Urk9K5S
9fGb57s=
-----END CERTIFICATE-----