Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dde270c2-e384-45ac-b918-2d4415f47491.roa
File:                     dde270c2-e384-45ac-b918-2d4415f47491.roa (raw, json)
Hash identifier:          W41ob14crjR8FHFYSKi26YBJ94g+Hi/HzD9MwJID/LI=
Subject key identifier:   68:B1:79:4A:79:37:81:D5:38:5C:33:D6:FB:1E:67:CB:06:2E:03:BB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7BD02BF4254590057A305276FE0F6157236A4A8A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dde270c2-e384-45ac-b918-2d4415f47491.roa
Signing time:             Sat 20 May 2023 00:00:00 +0000
ROA not before:           Sat 20 May 2023 00:00:00 +0000
ROA not after:            Tue 23 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:d0:2b:f4:25:45:90:05:7a:30:52:76:fe:0f:61:57:23:6a:4a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 20 00:00:00 2023 GMT
            Not After : May 23 23:59:59 2023 GMT
        Subject: serialNumber=cf12a18397949e5170ff9f4e377d5f2470c6abbceb13c69159338eaf418e769e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:17:8a:a4:a4:c0:0d:ed:ff:aa:4c:68:a3:85:
                    0d:05:e3:74:1d:13:fa:17:5e:6f:58:79:a7:b4:7d:
                    8e:99:c4:f3:6a:73:65:cb:46:39:4b:b8:35:ce:cb:
                    eb:42:2e:95:c4:53:7b:93:91:35:db:a7:4d:44:d5:
                    b6:d2:eb:ff:91:4e:c6:35:b8:df:5c:ac:de:ba:d6:
                    a7:05:93:9e:29:8f:ff:12:25:71:12:43:fb:6f:94:
                    04:c9:dc:f6:11:04:a0:9f:79:2e:fa:af:d3:bd:9b:
                    4e:ed:3d:f7:45:6d:cf:1c:b9:bc:c6:01:d1:fe:5a:
                    75:8d:56:be:c8:eb:53:0b:33:bc:ac:4e:4c:6d:7a:
                    43:3d:5c:51:7a:96:35:c3:a0:8d:2c:d0:6e:8b:2b:
                    e5:ff:6e:b5:e8:57:f7:38:26:96:29:3b:9f:a3:13:
                    0c:0f:ad:af:fa:2c:46:c1:82:a2:db:0d:ad:d9:16:
                    83:de:ba:c3:eb:7b:90:4d:41:77:f4:eb:eb:7f:39:
                    c9:e3:0e:4a:87:7f:39:68:c2:45:eb:f1:c7:b7:7d:
                    5d:8d:82:f1:8c:8c:21:d1:c6:e1:13:a4:8b:15:64:
                    d6:dd:0b:df:c2:d2:a9:4f:fd:24:94:ff:08:83:d3:
                    03:b3:06:27:8b:66:19:ae:24:42:57:96:92:8c:df:
                    08:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:B1:79:4A:79:37:81:D5:38:5C:33:D6:FB:1E:67:CB:06:2E:03:BB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dde270c2-e384-45ac-b918-2d4415f47491.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:93:dc:c5:92:a9:3a:e1:ed:49:9f:e6:e2:76:86:67:20:13:
         78:9f:69:d0:06:69:26:c1:02:c8:12:82:8d:15:8a:1a:2a:44:
         c8:fd:26:c9:13:f8:82:fa:aa:76:3f:b2:56:72:b2:33:00:c7:
         ba:c2:20:5e:6e:42:e1:a3:94:f8:0e:07:fd:5f:a2:ef:46:65:
         0e:34:43:91:76:a0:b3:bb:4d:f7:da:cf:05:3f:fa:91:14:86:
         82:cc:88:83:f6:59:7e:74:85:b6:6c:8c:96:83:aa:12:e4:ef:
         e1:2c:ae:da:8e:62:4e:25:df:cc:1b:8e:e4:01:7d:d8:d9:45:
         db:37:5a:24:cc:d7:bc:fc:f0:92:21:da:3c:e9:94:2e:41:d2:
         35:12:72:31:21:75:22:41:ff:a7:21:0f:aa:56:8f:61:28:e3:
         ee:4b:3f:a2:8f:88:ed:ba:54:85:12:19:86:8d:4a:cc:df:b7:
         a9:06:3f:4a:95:43:dd:42:d3:71:b2:59:e7:d0:a3:85:1d:0e:
         d7:0f:ca:7b:11:56:d3:e8:5e:a9:2e:c6:4a:cf:73:4c:3b:c1:
         d0:64:00:a5:ba:6d:a6:22:f3:ce:6b:de:ac:13:98:50:09:65:
         ec:f3:98:90:d8:09:a3:2b:75:13:b4:bd:04:0c:59:18:36:db:
         ec:e6:62:a9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUe9Ar9CVFkAV6MFJ2/g9hVyNqSoowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIwMDAwMDAwWhcNMjMwNTIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2YxMmExODM5Nzk0OWU1MTcwZmY5ZjRlMzc3ZDVmMjQ3
MGM2YWJiY2ViMTNjNjkxNTkzMzhlYWY0MThlNzY5ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPYXiqSkwA3t/6pMaKOFDQXjdB0T+hdeb1h5p7R9jpnE82pzZctG
OUu4Nc7L60IulcRTe5ORNdunTUTVttLr/5FOxjW431ys3rrWpwWTnimP/xIlcRJD
+2+UBMnc9hEEoJ95Lvqv072bTu0990Vtzxy5vMYB0f5adY1WvsjrUwszvKxOTG16
Qz1cUXqWNcOgjSzQbosr5f9utehX9zgmlik7n6MTDA+tr/osRsGCotsNrdkWg966
w+t7kE1Bd/Tr6385yeMOSod/OWjCRevxx7d9XY2C8YyMIdHG4ROkixVk1t0L38LS
qU/9JJT/CIPTA7MGJ4tmGa4kQleWkozfCN0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRosXlKeTeB1ThcM9b7HmfLBi4DuzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGRlMjcwYzItZTM4NC00NWFjLWI5MTgtMmQ0NDE1ZjQ3NDkxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACaT3MWSqTrh7Umf
5uJ2hmcgE3ifadAGaSbBAsgSgo0VihoqRMj9JskT+IL6qnY/slZysjMAx7rCIF5u
QuGjlPgOB/1fou9GZQ40Q5F2oLO7TffazwU/+pEUhoLMiIP2WX50hbZsjJaDqhLk
7+EsrtqOYk4l38wbjuQBfdjZRds3WiTM17z88JIh2jzplC5B0jUScjEhdSJB/6ch
D6pWj2Eo4+5LP6KPiO26VIUSGYaNSszft6kGP0qVQ91C03GyWefQo4UdDtcPynsR
VtPoXqkuxkrPc0w7wdBkAKW6baYi885r3qwTmFAJZezzmJDYCaMrdRO0vQQMWRg2
2+zmYqk=
-----END CERTIFICATE-----