Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/da068b53-e6e9-454d-81a2-64c24aae2afc.roa
File:                     da068b53-e6e9-454d-81a2-64c24aae2afc.roa (raw, json)
Hash identifier:          NKEuSBcSah6Ovynbo52Inckatrqn3mHZ0Vx7eJHRj/o=
Subject key identifier:   A2:15:12:07:F2:AB:9E:41:6D:5E:DB:28:DB:C0:DF:17:DD:0D:31:84
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5F9306E91B7DB952822D8711CD376DEBCFE1533C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/da068b53-e6e9-454d-81a2-64c24aae2afc.roa
Signing time:             Fri 19 May 2023 00:00:00 +0000
ROA not before:           Fri 19 May 2023 00:00:00 +0000
ROA not after:            Mon 22 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:93:06:e9:1b:7d:b9:52:82:2d:87:11:cd:37:6d:eb:cf:e1:53:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 19 00:00:00 2023 GMT
            Not After : May 22 23:59:59 2023 GMT
        Subject: serialNumber=2b900bf9efe79bb280b2775038827272fd0f8b9b77cd2c231cd83a56b8374c19, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:e8:00:44:14:56:1c:61:32:fc:83:7d:2c:f8:
                    d5:ea:d8:cc:25:15:b1:b7:4c:1e:26:b2:d2:41:e0:
                    a8:fd:69:e9:8a:27:f6:6d:5f:6e:3b:1a:6e:58:b0:
                    04:bf:d3:9b:cc:76:ae:ed:f4:59:35:55:06:ad:b3:
                    10:88:d3:7a:9a:b9:14:c1:41:ba:31:cd:cf:16:e5:
                    97:e4:8e:bb:9d:13:d1:87:a7:5f:d2:32:8b:4c:4a:
                    9d:49:41:0a:72:3f:83:87:52:56:34:a1:f1:ef:4f:
                    36:a3:fe:34:86:fa:b0:15:5b:54:5b:8a:e4:d7:ad:
                    b1:54:bf:4b:29:22:85:d2:cf:15:d6:d0:48:b4:de:
                    3a:b1:4e:c5:47:20:70:06:ee:dd:3b:72:71:f8:92:
                    36:cf:64:58:14:bd:ec:32:a2:b3:1c:1f:2d:f3:53:
                    c6:5b:e5:08:d0:d0:a9:d8:29:b5:4e:6b:bf:be:64:
                    e0:2e:7e:17:11:c8:0c:a8:da:97:e0:9a:77:77:cd:
                    ba:df:3c:c3:a4:2b:0e:76:5e:76:e8:9a:eb:1c:0e:
                    39:2b:a5:e2:08:aa:44:a2:89:26:d0:e0:41:bc:47:
                    05:85:38:58:5a:13:77:a0:80:58:ac:23:9e:c8:2a:
                    10:5a:fc:5b:9a:ec:20:c9:23:7f:ac:ff:d8:5f:eb:
                    c7:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:15:12:07:F2:AB:9E:41:6D:5E:DB:28:DB:C0:DF:17:DD:0D:31:84
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/da068b53-e6e9-454d-81a2-64c24aae2afc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:96:8d:15:c6:45:bd:75:e7:46:18:db:32:34:ea:e8:29:46:
         29:61:c5:be:33:ce:a4:56:5d:07:c1:23:d2:0a:5d:8f:0e:e8:
         89:77:c2:04:b0:7b:32:9c:40:5c:97:52:2f:70:1b:b5:3f:64:
         98:11:41:71:a5:6b:32:6f:d5:af:8f:8b:22:65:36:f2:81:e1:
         14:2a:da:f7:74:97:26:c7:4e:43:7a:a9:a9:2c:c9:95:5b:fc:
         42:41:e6:40:87:a4:10:fc:dc:9e:25:bf:19:ff:d6:40:6e:80:
         bf:fd:6d:18:d4:cf:8b:46:44:16:04:e7:62:71:f6:bc:86:b7:
         66:1f:f1:33:b9:04:ff:60:0f:44:13:1c:c3:6d:01:88:cd:b3:
         01:d4:db:07:90:e1:8e:4a:34:43:0a:7d:47:b1:2c:ed:2e:c1:
         85:25:10:ad:bc:63:00:da:b6:d3:fe:c5:47:0a:82:01:1d:40:
         59:96:94:eb:52:ea:79:f7:67:5b:15:f4:c4:ea:87:ba:1c:34:
         65:df:7d:80:91:71:92:72:94:a7:61:7b:c2:0e:76:1b:2e:58:
         fc:3f:d2:2d:55:80:4e:d5:4f:dc:82:7b:55:a5:3a:cd:92:ef:
         36:55:2a:e9:3f:b8:ca:ba:cc:23:20:9a:4c:a7:15:44:c4:d9:
         8a:5c:8f:4c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUX5MG6Rt9uVKCLYcRzTdt68/hUzwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE5MDAwMDAwWhcNMjMwNTIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmI5MDBiZjllZmU3OWJiMjgwYjI3NzUwMzg4MjcyNzJm
ZDBmOGI5Yjc3Y2QyYzIzMWNkODNhNTZiODM3NGMxOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPfoAEQUVhxhMvyDfSz41erYzCUVsbdMHiay0kHgqP1p6Yon9m1f
bjsabliwBL/Tm8x2ru30WTVVBq2zEIjTepq5FMFBujHNzxbll+SOu50T0YenX9Iy
i0xKnUlBCnI/g4dSVjSh8e9PNqP+NIb6sBVbVFuK5NetsVS/SykihdLPFdbQSLTe
OrFOxUcgcAbu3TtycfiSNs9kWBS97DKisxwfLfNTxlvlCNDQqdgptU5rv75k4C5+
FxHIDKjal+Cad3fNut88w6QrDnZeduia6xwOOSul4giqRKKJJtDgQbxHBYU4WFoT
d6CAWKwjnsgqEFr8W5rsIMkjf6z/2F/rxwcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSiFRIH8queQW1e2yjbwN8X3Q0xhDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGEwNjhiNTMtZTZlOS00NTRkLTgxYTItNjRjMjRhYWUyYWZjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACCWjRXGRb1150YY
2zI06ugpRilhxb4zzqRWXQfBI9IKXY8O6Il3wgSwezKcQFyXUi9wG7U/ZJgRQXGl
azJv1a+PiyJlNvKB4RQq2vd0lybHTkN6qaksyZVb/EJB5kCHpBD83J4lvxn/1kBu
gL/9bRjUz4tGRBYE52Jx9ryGt2Yf8TO5BP9gD0QTHMNtAYjNswHU2weQ4Y5KNEMK
fUexLO0uwYUlEK28YwDattP+xUcKggEdQFmWlOtS6nn3Z1sV9MTqh7ocNGXffYCR
cZJylKdhe8IOdhsuWPw/0i1VgE7VT9yCe1WlOs2S7zZVKuk/uMq6zCMgmkynFUTE
2Ypcj0w=
-----END CERTIFICATE-----