Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dfe6dfcb-5175-4264-8cab-13af1c15907c.roa
File:                     dfe6dfcb-5175-4264-8cab-13af1c15907c.roa (raw, json)
Hash identifier:          W7FgiMeJFIDGNL1iEb5awfGHANGa3WRXUOIsEPWyF8U=
Subject key identifier:   84:86:C8:1A:0E:86:07:D4:F8:92:99:A5:56:74:17:51:9A:C5:09:06
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2C689B42E5BE501217BB5D2EC1E4590894F52037
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dfe6dfcb-5175-4264-8cab-13af1c15907c.roa
Signing time:             Thu 22 Dec 2022 00:00:00 +0000
ROA not before:           Thu 22 Dec 2022 00:00:00 +0000
ROA not after:            Sun 25 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:68:9b:42:e5:be:50:12:17:bb:5d:2e:c1:e4:59:08:94:f5:20:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 22 00:00:00 2022 GMT
            Not After : Dec 25 23:59:59 2022 GMT
        Subject: serialNumber=55869483bb1c3f13dd8d872a5c3ef44f5fa649cfa21f3e1e85d2ae19391f0c7d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:dd:6c:8a:8e:af:1a:91:5f:fa:0f:0b:41:64:
                    23:38:49:44:31:f2:ae:b3:8a:9c:ae:1b:04:ff:bd:
                    97:b0:a1:4b:15:01:b9:38:ab:1a:7b:f2:89:da:19:
                    fa:0f:0f:9b:f7:c7:87:e3:ec:0f:2c:b1:94:23:22:
                    06:c6:ab:de:b1:80:52:b5:d2:4a:a5:43:cb:e4:39:
                    5c:93:41:a9:43:95:31:76:28:5c:ff:3a:b4:dd:c1:
                    1e:50:3a:93:26:b9:22:23:bb:3d:18:ae:1f:21:9b:
                    30:d8:d1:38:4c:e7:3e:be:a5:8d:c7:1b:90:c4:ae:
                    ea:55:20:9b:65:d4:e5:64:7b:8d:aa:dd:ec:b9:5c:
                    87:e4:35:38:93:7d:83:84:b2:bb:ee:1f:c5:1f:ea:
                    61:db:0b:dd:cb:45:86:91:6a:c3:8c:71:f3:45:ac:
                    ee:19:14:ef:a7:ea:e5:d7:cd:ec:aa:0e:6a:ee:57:
                    ba:b1:2a:33:ac:14:cf:f6:c7:7b:2e:6f:20:a3:5d:
                    be:2a:a3:8d:11:e1:50:af:d5:df:86:23:c8:57:4d:
                    b7:a2:48:50:1d:1c:94:ae:a9:b8:ab:33:16:f7:5d:
                    f3:f2:42:1d:87:a9:67:28:b1:3c:d3:82:ca:45:9c:
                    56:2e:42:c7:ec:0c:a1:d8:b7:80:e6:ab:b7:33:3a:
                    b4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:86:C8:1A:0E:86:07:D4:F8:92:99:A5:56:74:17:51:9A:C5:09:06
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dfe6dfcb-5175-4264-8cab-13af1c15907c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:53:20:69:6f:28:94:d5:51:85:e0:b9:24:38:96:c7:1e:7e:
         90:98:ab:de:6f:23:78:1f:a2:0e:5d:a8:72:99:af:56:50:38:
         ca:e9:d9:4f:52:70:09:81:b3:41:96:28:28:55:cd:23:03:63:
         62:68:4b:68:a0:aa:99:08:c7:26:1a:99:69:16:45:db:69:6a:
         5d:ec:c0:0f:ed:d9:9a:33:0e:53:52:3f:24:73:50:6d:f5:6a:
         3e:56:86:c1:75:d2:97:0c:72:a4:e7:96:cb:88:c2:60:88:65:
         61:e2:14:73:c1:97:90:ba:a6:76:c0:de:6b:f1:f9:a2:03:d4:
         0b:b1:d9:8a:f6:71:5b:38:40:f6:a0:03:4c:69:95:73:cf:45:
         0b:ed:73:88:df:b0:9b:c6:99:34:05:77:9a:7b:1b:0b:52:d8:
         7d:4d:31:44:e6:b2:b8:5c:a4:30:0c:89:94:b1:a4:63:c5:95:
         42:44:8c:bb:08:9a:4f:57:3e:87:17:9d:ea:13:62:2b:21:30:
         6a:bc:7c:6d:1d:44:4a:bb:0d:ff:6b:f5:ef:86:88:9f:16:6c:
         0a:fa:2f:52:c0:2b:9a:cc:ba:2e:d0:63:17:bb:e5:2d:cf:a9:
         c7:a8:6b:1f:a9:4c:a8:1d:49:68:aa:65:5d:2e:0a:0c:c6:8f:
         21:ae:f0:e9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULGibQuW+UBIXu10uweRZCJT1IDcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjIyMDAwMDAwWhcNMjIxMjI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTU4Njk0ODNiYjFjM2YxM2RkOGQ4NzJhNWMzZWY0NGY1
ZmE2NDljZmEyMWYzZTFlODVkMmFlMTkzOTFmMGM3ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM/dbIqOrxqRX/oPC0FkIzhJRDHyrrOKnK4bBP+9l7ChSxUBuTir
GnvyidoZ+g8Pm/fHh+PsDyyxlCMiBsar3rGAUrXSSqVDy+Q5XJNBqUOVMXYoXP86
tN3BHlA6kya5IiO7PRiuHyGbMNjROEznPr6ljccbkMSu6lUgm2XU5WR7jard7Llc
h+Q1OJN9g4Syu+4fxR/qYdsL3ctFhpFqw4xx80Ws7hkU76fq5dfN7KoOau5XurEq
M6wUz/bHey5vIKNdviqjjRHhUK/V34YjyFdNt6JIUB0clK6puKszFvdd8/JCHYep
ZyixPNOCykWcVi5Cx+wModi3gOartzM6tL0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSEhsgaDoYH1PiSmaVWdBdRmsUJBjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGZlNmRmY2ItNTE3NS00MjY0LThjYWItMTNhZjFjMTU5MDdjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAINTIGlvKJTVUYXg
uSQ4lscefpCYq95vI3gfog5dqHKZr1ZQOMrp2U9ScAmBs0GWKChVzSMDY2JoS2ig
qpkIxyYamWkWRdtpal3swA/t2ZozDlNSPyRzUG31aj5WhsF10pcMcqTnlsuIwmCI
ZWHiFHPBl5C6pnbA3mvx+aID1Aux2Yr2cVs4QPagA0xplXPPRQvtc4jfsJvGmTQF
d5p7GwtS2H1NMUTmsrhcpDAMiZSxpGPFlUJEjLsImk9XPocXneoTYishMGq8fG0d
REq7Df9r9e+GiJ8WbAr6L1LAK5rMui7QYxe75S3Pqceoax+pTKgdSWiqZV0uCgzG
jyGu8Ok=
-----END CERTIFICATE-----