Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d93c3036-91a4-4418-b54f-addc7bc1940e.roa
File:                     d93c3036-91a4-4418-b54f-addc7bc1940e.roa (raw, json)
Hash identifier:          95I0NAnx96+mMYU6nBl0gD+rZtrhpVH3JeJDjs5Sj2Q=
Subject key identifier:   69:26:C0:80:06:ED:FE:DA:46:AC:7E:4C:A8:ED:F2:36:07:DF:B2:34
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1DF5C24928750B957CB2B24FBC2F01DF05AED731
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d93c3036-91a4-4418-b54f-addc7bc1940e.roa
Signing time:             Tue 18 Apr 2023 00:00:00 +0000
ROA not before:           Tue 18 Apr 2023 00:00:00 +0000
ROA not after:            Fri 21 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:f5:c2:49:28:75:0b:95:7c:b2:b2:4f:bc:2f:01:df:05:ae:d7:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 18 00:00:00 2023 GMT
            Not After : Apr 21 23:59:59 2023 GMT
        Subject: serialNumber=84f1aa137ceab32d46c23da2db76c67d2bfe3d299f39d0fa3444bdb965a549e9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:b7:0f:42:b9:e6:26:cb:a0:f5:f0:c6:ab:13:
                    8e:c0:35:f2:54:a6:14:bd:35:bc:f3:9d:62:45:c4:
                    fd:ae:a6:03:44:b4:dd:07:29:b9:4d:42:26:f0:69:
                    9f:06:2d:a6:f5:ad:5b:d1:74:4c:88:90:cc:ac:fc:
                    7e:75:99:41:53:ac:4e:bc:ec:78:5b:35:d4:b0:2d:
                    b7:05:8f:4a:5f:5d:88:b7:6e:52:86:59:1a:69:87:
                    67:23:38:63:22:08:5b:10:a2:da:3e:4b:89:f9:2b:
                    0d:dd:b0:28:57:19:85:b7:a0:a4:9d:c1:82:cf:73:
                    46:da:20:63:ab:df:a7:b4:05:96:05:5c:1d:f3:6f:
                    19:bb:72:41:72:d4:97:d3:33:5e:5d:c0:49:a1:42:
                    c4:52:45:b1:cf:48:12:34:b1:54:19:14:86:76:33:
                    01:22:ee:8e:6d:b2:6f:6f:b2:3c:f4:c1:bf:33:23:
                    89:63:75:da:93:12:f4:d3:4a:dc:b1:e9:2a:f7:5e:
                    64:28:36:0a:8c:fd:b7:be:8d:b2:26:ba:5e:d8:18:
                    d1:0d:96:d5:68:65:17:8f:ae:f8:0a:06:0a:5b:5a:
                    0c:22:2a:54:e3:71:61:d7:d2:8d:18:3e:fe:0c:b8:
                    c8:d4:f5:2e:14:27:7b:fa:fa:23:22:8f:72:9f:30:
                    60:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:26:C0:80:06:ED:FE:DA:46:AC:7E:4C:A8:ED:F2:36:07:DF:B2:34
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d93c3036-91a4-4418-b54f-addc7bc1940e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:31:37:0b:c8:21:63:1a:7a:ce:61:66:04:e0:12:d3:5e:3b:
         e9:dd:3e:e6:55:f3:20:79:8f:05:ff:79:b5:e3:44:51:cf:08:
         50:9f:78:f2:8b:8b:69:04:be:17:7a:cb:bb:ea:b2:28:cd:88:
         f9:e3:4b:c7:96:1e:08:1f:6e:6c:61:a5:be:f5:ae:41:4c:8e:
         2b:cf:28:45:59:b9:ba:40:eb:43:23:2e:a8:6a:3e:5f:33:b6:
         d0:13:73:5c:f8:9b:95:ea:35:06:0c:3c:d0:89:63:9e:2c:b2:
         aa:15:7b:18:f0:0b:08:fd:4f:05:5d:97:a9:0b:6a:f7:3c:fb:
         73:a5:b6:0f:5d:e8:98:80:d1:6d:41:52:36:b0:44:50:6e:4f:
         20:db:23:20:54:4e:1f:ad:c9:1f:a7:e6:4b:ad:0e:74:3a:d0:
         7b:5c:2e:7d:88:c1:ce:ad:6f:48:02:9a:35:b6:97:db:ec:9a:
         e1:18:ce:7d:fb:99:12:25:10:9c:f6:72:77:83:60:13:fe:15:
         ee:fb:7a:e3:79:60:58:87:e9:0d:8f:41:a4:1b:5a:e8:8e:c7:
         54:8f:b0:38:05:5c:cd:4e:20:c6:93:4a:16:55:3c:54:4c:c5:
         50:50:8b:e0:29:ce:b8:b3:47:ef:02:87:59:73:28:e1:cc:90:
         b7:6f:01:ce
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHfXCSSh1C5V8srJPvC8B3wWu1zEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE4MDAwMDAwWhcNMjMwNDIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAODRmMWFhMTM3Y2VhYjMyZDQ2YzIzZGEyZGI3NmM2N2Qy
YmZlM2QyOTlmMzlkMGZhMzQ0NGJkYjk2NWE1NDllOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPK3D0K55ibLoPXwxqsTjsA18lSmFL01vPOdYkXE/a6mA0S03Qcp
uU1CJvBpnwYtpvWtW9F0TIiQzKz8fnWZQVOsTrzseFs11LAttwWPSl9diLduUoZZ
GmmHZyM4YyIIWxCi2j5LifkrDd2wKFcZhbegpJ3Bgs9zRtogY6vfp7QFlgVcHfNv
GbtyQXLUl9MzXl3ASaFCxFJFsc9IEjSxVBkUhnYzASLujm2yb2+yPPTBvzMjiWN1
2pMS9NNK3LHpKvdeZCg2Coz9t76Nsia6XtgY0Q2W1WhlF4+u+AoGCltaDCIqVONx
YdfSjRg+/gy4yNT1LhQne/r6IyKPcp8wYB0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRpJsCABu3+2kasfkyo7fI2B9+yNDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDkzYzMwMzYtOTFhNC00NDE4LWI1NGYtYWRkYzdiYzE5NDBlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADIxNwvIIWMaes5h
ZgTgEtNeO+ndPuZV8yB5jwX/ebXjRFHPCFCfePKLi2kEvhd6y7vqsijNiPnjS8eW
Hggfbmxhpb71rkFMjivPKEVZubpA60MjLqhqPl8zttATc1z4m5XqNQYMPNCJY54s
sqoVexjwCwj9TwVdl6kLavc8+3Oltg9d6JiA0W1BUjawRFBuTyDbIyBUTh+tyR+n
5kutDnQ60HtcLn2Iwc6tb0gCmjW2l9vsmuEYzn37mRIlEJz2cneDYBP+Fe77euN5
YFiH6Q2PQaQbWuiOx1SPsDgFXM1OIMaTShZVPFRMxVBQi+ApzrizR+8Ch1lzKOHM
kLdvAc4=
-----END CERTIFICATE-----