Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/db5740f3-1eeb-4a71-836e-1a2f8dbf6fcf.roa
File:                     db5740f3-1eeb-4a71-836e-1a2f8dbf6fcf.roa (raw, json)
Hash identifier:          kZLnyxz21xEWK1Ll3uCgaWchcPtg95se/fsUzmkZww4=
Subject key identifier:   8D:31:D4:5F:B5:C4:FA:47:F5:62:40:89:55:65:5F:42:A0:91:53:32
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4E3CCFA82D32D5573218491E40309A0475EB40E8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/db5740f3-1eeb-4a71-836e-1a2f8dbf6fcf.roa
Signing time:             Tue 14 Feb 2023 00:00:00 +0000
ROA not before:           Tue 14 Feb 2023 00:00:00 +0000
ROA not after:            Fri 17 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:3c:cf:a8:2d:32:d5:57:32:18:49:1e:40:30:9a:04:75:eb:40:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 14 00:00:00 2023 GMT
            Not After : Feb 17 23:59:59 2023 GMT
        Subject: serialNumber=0f68c7ad0505db4eb4694bee10c7d3a4d43693d6dd5b150cd251a751cb6de83a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f0:7d:2c:3f:50:ba:2c:e1:c1:c1:74:46:eb:
                    10:be:bb:03:58:2e:bd:c9:41:0c:65:b2:19:9b:9e:
                    ab:16:f5:39:ce:ed:89:fc:6e:42:c5:be:76:53:d2:
                    59:dc:8c:41:47:63:ec:55:f1:2c:d0:35:e1:ec:cf:
                    d0:a1:57:84:dc:d9:ef:96:bd:2a:9b:0d:c2:54:a2:
                    38:08:c3:4e:99:0b:78:d3:92:5e:4f:cb:db:42:7a:
                    d2:7a:5a:f1:15:10:43:85:f9:c1:7a:f3:0b:91:fe:
                    a3:5c:62:39:b3:f4:cf:21:a4:33:16:23:13:44:9f:
                    04:1a:a9:8c:a1:f1:b0:31:07:d5:f7:fd:de:b3:77:
                    0f:6a:00:d0:9b:ea:f0:4e:90:c5:9c:14:e9:eb:4b:
                    1e:bc:49:83:e6:f4:10:c9:6b:d2:6f:82:f9:bb:69:
                    d3:60:7a:a3:7d:a7:58:45:d1:75:96:95:e1:ff:5c:
                    7c:0d:08:89:09:69:6e:23:ed:3d:39:4b:6d:e4:1a:
                    43:62:b8:bd:49:10:fe:25:fb:56:c6:e8:59:a1:a6:
                    52:86:c3:a9:c3:78:08:80:ae:2b:ed:7b:dc:bd:b9:
                    8f:d7:e4:ed:99:6f:64:36:1d:b8:92:98:c3:ff:21:
                    5a:07:ac:46:8f:8d:7f:2f:2a:91:ce:6a:9d:e6:8c:
                    ce:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:31:D4:5F:B5:C4:FA:47:F5:62:40:89:55:65:5F:42:A0:91:53:32
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/db5740f3-1eeb-4a71-836e-1a2f8dbf6fcf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:87:3b:c5:fd:64:78:eb:f4:7a:fd:02:ba:5e:16:c2:ea:52:
         ee:e9:af:e4:51:11:1c:1d:d4:bb:7f:b2:62:5c:95:46:bc:6e:
         d7:00:31:32:ab:70:a7:d0:5d:e4:24:1a:dc:30:4d:f4:72:eb:
         2f:d3:0e:5a:bc:63:70:53:4a:8f:45:4a:3a:88:18:41:e4:b8:
         18:8b:fa:44:7c:ac:f9:9c:a2:6b:19:67:67:19:96:48:1e:7b:
         08:fc:65:bb:ae:6b:3f:8c:c5:fc:bd:97:17:19:87:e4:60:ff:
         c0:b4:08:71:3b:e9:69:6e:5b:d9:a3:11:f7:76:47:a6:56:41:
         e3:03:4e:6d:85:18:a4:8c:7c:09:dd:e3:f0:0f:b8:fa:a3:73:
         df:b4:b4:da:67:78:09:b4:1c:6b:b6:69:9a:a2:84:f4:15:66:
         21:ce:16:f1:10:03:48:90:1e:36:0f:dc:66:08:db:b6:a4:4a:
         7b:76:62:88:ed:33:3f:9a:9e:d1:3b:d6:6d:20:50:46:ad:c8:
         e9:dc:45:e7:e7:4c:3b:fc:8c:40:6e:da:d6:70:68:03:ce:a4:
         c0:cb:89:22:24:86:be:5d:77:8c:49:11:da:34:a4:0b:4d:bc:
         43:aa:45:c7:7f:0e:fa:c9:6e:4a:22:9c:e5:30:ef:16:9e:83:
         a4:c7:17:d2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTjzPqC0y1VcyGEkeQDCaBHXrQOgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE0MDAwMDAwWhcNMjMwMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGY2OGM3YWQwNTA1ZGI0ZWI0Njk0YmVlMTBjN2QzYTRk
NDM2OTNkNmRkNWIxNTBjZDI1MWE3NTFjYjZkZTgzYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMTwfSw/ULos4cHBdEbrEL67A1guvclBDGWyGZueqxb1Oc7tifxu
QsW+dlPSWdyMQUdj7FXxLNA14ezP0KFXhNzZ75a9KpsNwlSiOAjDTpkLeNOSXk/L
20J60npa8RUQQ4X5wXrzC5H+o1xiObP0zyGkMxYjE0SfBBqpjKHxsDEH1ff93rN3
D2oA0Jvq8E6QxZwU6etLHrxJg+b0EMlr0m+C+btp02B6o32nWEXRdZaV4f9cfA0I
iQlpbiPtPTlLbeQaQ2K4vUkQ/iX7VsboWaGmUobDqcN4CICuK+173L25j9fk7Zlv
ZDYduJKYw/8hWgesRo+Nfy8qkc5qneaMzicCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSNMdRftcT6R/ViQIlVZV9CoJFTMjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGI1NzQwZjMtMWVlYi00YTcxLTgzNmUtMWEyZjhkYmY2ZmNmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEqHO8X9ZHjr9Hr9
ArpeFsLqUu7pr+RRERwd1Lt/smJclUa8btcAMTKrcKfQXeQkGtwwTfRy6y/TDlq8
Y3BTSo9FSjqIGEHkuBiL+kR8rPmcomsZZ2cZlkgeewj8Zbuuaz+Mxfy9lxcZh+Rg
/8C0CHE76WluW9mjEfd2R6ZWQeMDTm2FGKSMfAnd4/APuPqjc9+0tNpneAm0HGu2
aZqihPQVZiHOFvEQA0iQHjYP3GYI27akSnt2YojtMz+antE71m0gUEatyOncRefn
TDv8jEBu2tZwaAPOpMDLiSIkhr5dd4xJEdo0pAtNvEOqRcd/DvrJbkoinOUw7xae
g6THF9I=
-----END CERTIFICATE-----