Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e3770b8a-9a0b-4295-a36a-91d5dd79e59f.roa
File:                     e3770b8a-9a0b-4295-a36a-91d5dd79e59f.roa (raw, json)
Hash identifier:          jXd19SNPuab24iii/W11iyxOhjxGC2ks09xX1lU0auI=
Subject key identifier:   7D:E1:3E:32:71:1F:EE:26:43:4B:8E:A8:C4:6E:4B:34:38:81:36:B3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6A98A1891E594B52B1FAB8048FCAFBF58F7CB0BF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e3770b8a-9a0b-4295-a36a-91d5dd79e59f.roa
Signing time:             Sun 26 Mar 2023 00:00:00 +0000
ROA not before:           Sun 26 Mar 2023 00:00:00 +0000
ROA not after:            Wed 29 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:98:a1:89:1e:59:4b:52:b1:fa:b8:04:8f:ca:fb:f5:8f:7c:b0:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 26 00:00:00 2023 GMT
            Not After : Mar 29 23:59:59 2023 GMT
        Subject: serialNumber=0f44d4db2a4464f86643beca029f3db857326a619cdeb20fdfe43c06831d0c98, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c4:b2:48:12:d5:63:7d:e2:4c:7a:0f:3e:31:
                    9f:e2:ca:5d:a0:6e:95:2e:77:f0:a1:64:28:cb:36:
                    9b:80:46:b1:fa:23:e1:38:54:4e:d0:51:62:7b:12:
                    6f:6d:db:01:be:68:be:ba:0a:fe:80:a7:69:c8:f0:
                    c5:1f:6d:f1:f2:9a:28:20:5f:2b:af:4a:f3:72:97:
                    1e:8b:87:67:c4:77:1f:a9:74:0e:e3:27:85:71:75:
                    76:4d:84:54:7d:75:56:73:2c:80:3a:de:39:c7:d6:
                    51:ef:4d:7f:bf:67:e9:c1:6e:66:b1:7c:7b:b0:7c:
                    b8:3d:38:9c:e4:ee:ba:72:f4:d2:12:5e:dd:38:09:
                    97:62:e9:06:0e:fe:67:11:44:5d:b5:e9:77:72:20:
                    22:16:dc:25:11:18:6d:74:75:83:d9:c9:2f:97:6c:
                    6a:2c:40:cd:d2:55:4e:20:23:5d:80:1f:5d:3b:ae:
                    24:04:3f:1a:aa:e8:74:07:a8:a0:10:08:cc:2a:1b:
                    67:2d:4e:fc:c0:22:ad:90:42:a7:94:fa:d3:9a:25:
                    13:0a:75:38:10:93:6d:73:92:84:85:92:1e:1c:ef:
                    ce:5a:f7:7b:3d:8a:2e:09:db:6f:95:95:6f:90:12:
                    bb:2b:be:b3:00:78:95:cd:24:1e:0e:a8:ff:69:bf:
                    66:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:E1:3E:32:71:1F:EE:26:43:4B:8E:A8:C4:6E:4B:34:38:81:36:B3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e3770b8a-9a0b-4295-a36a-91d5dd79e59f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:73:29:94:0b:85:b3:40:67:38:ea:ec:48:ab:5c:e0:22:b9:
         58:de:a5:3b:53:f6:18:fd:05:dc:19:a8:42:60:31:54:2f:0a:
         d3:33:04:60:98:5d:ab:46:fd:84:42:0f:91:b0:80:3a:90:d1:
         31:86:ee:77:8c:00:05:6a:16:46:40:dd:fe:00:fb:47:55:f7:
         cd:5c:8e:a8:6c:68:54:04:70:fc:4b:ac:a0:f6:8d:f3:17:27:
         64:f4:f7:e1:57:26:d8:bd:38:12:fc:e4:13:d4:f9:c9:a7:23:
         9e:46:1b:b3:66:42:72:94:99:38:83:f2:4b:a8:76:84:b4:f3:
         72:c9:7a:3f:65:d5:53:25:8d:6a:58:e4:c7:2d:62:64:e1:74:
         26:14:73:c0:e8:b6:ff:7b:1f:2a:bd:90:9c:55:d1:78:f2:a1:
         4e:de:07:97:b9:74:52:7c:bd:3e:34:8a:bc:c9:2a:ce:3f:d3:
         ae:12:b7:0e:0b:7f:f4:ba:f6:3f:2e:10:a7:39:b3:f4:8a:10:
         60:68:d7:35:31:22:3b:5f:db:ac:8d:46:c5:09:24:5d:42:77:
         49:9b:be:85:4e:bc:f6:ee:33:f7:d2:10:93:64:fd:ea:5d:fd:
         93:8f:b2:06:f3:6f:be:9c:74:c0:58:1d:2d:13:8e:8f:31:2b:
         cc:36:12:b2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUapihiR5ZS1Kx+rgEj8r79Y98sL8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI2MDAwMDAwWhcNMjMwMzI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGY0NGQ0ZGIyYTQ0NjRmODY2NDNiZWNhMDI5ZjNkYjg1
NzMyNmE2MTljZGViMjBmZGZlNDNjMDY4MzFkMGM5ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAITEskgS1WN94kx6Dz4xn+LKXaBulS538KFkKMs2m4BGsfoj4ThU
TtBRYnsSb23bAb5ovroK/oCnacjwxR9t8fKaKCBfK69K83KXHouHZ8R3H6l0DuMn
hXF1dk2EVH11VnMsgDreOcfWUe9Nf79n6cFuZrF8e7B8uD04nOTuunL00hJe3TgJ
l2LpBg7+ZxFEXbXpd3IgIhbcJREYbXR1g9nJL5dsaixAzdJVTiAjXYAfXTuuJAQ/
GqrodAeooBAIzCobZy1O/MAirZBCp5T605olEwp1OBCTbXOShIWSHhzvzlr3ez2K
Lgnbb5WVb5ASuyu+swB4lc0kHg6o/2m/ZlkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR94T4ycR/uJkNLjqjEbks0OIE2szAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTM3NzBiOGEtOWEwYi00Mjk1LWEzNmEtOTFkNWRkNzllNTlmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIdzKZQLhbNAZzjq
7EirXOAiuVjepTtT9hj9BdwZqEJgMVQvCtMzBGCYXatG/YRCD5GwgDqQ0TGG7neM
AAVqFkZA3f4A+0dV981cjqhsaFQEcPxLrKD2jfMXJ2T09+FXJti9OBL85BPU+cmn
I55GG7NmQnKUmTiD8kuodoS083LJej9l1VMljWpY5MctYmThdCYUc8Dotv97Hyq9
kJxV0XjyoU7eB5e5dFJ8vT40irzJKs4/064Stw4Lf/S69j8uEKc5s/SKEGBo1zUx
Ijtf26yNRsUJJF1Cd0mbvoVOvPbuM/fSEJNk/epd/ZOPsgbzb76cdMBYHS0Tjo8x
K8w2ErI=
-----END CERTIFICATE-----