Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f4c50b9a-6cc2-43a9-a271-f82efe1a8f29.roa
File:                     f4c50b9a-6cc2-43a9-a271-f82efe1a8f29.roa (raw, json)
Hash identifier:          8Xpeay2ZlX8fo1UEfeQ30ztZA8FZcuhPy2AfxCBQFco=
Subject key identifier:   A9:02:19:57:70:D3:DE:6D:37:35:09:C6:2D:84:7D:93:11:6A:3B:A3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0809F57276AE692C6544A395611447E309718629
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f4c50b9a-6cc2-43a9-a271-f82efe1a8f29.roa
Signing time:             Mon 27 Feb 2023 00:00:00 +0000
ROA not before:           Mon 27 Feb 2023 00:00:00 +0000
ROA not after:            Thu 02 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:09:f5:72:76:ae:69:2c:65:44:a3:95:61:14:47:e3:09:71:86:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 27 00:00:00 2023 GMT
            Not After : Mar  2 23:59:59 2023 GMT
        Subject: serialNumber=3ca6f2589fb60ce1d6f82ba12a9f165b2f068c6f2b561c2ec7e240eabb612237, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a1:8a:e5:ae:1d:37:92:71:8f:85:21:54:df:
                    d9:e8:4d:80:5a:8b:28:0b:6a:f3:06:58:47:95:4a:
                    62:df:3e:84:ce:2d:f4:e0:5e:67:c8:9c:78:a2:b3:
                    45:e9:0b:fa:94:88:e2:43:df:1e:60:d3:06:ef:a8:
                    91:4d:27:46:ca:bb:8c:5d:24:08:75:5e:51:26:e6:
                    90:65:36:28:e3:c6:c6:6a:36:1a:90:7c:12:ca:fd:
                    2b:fa:86:55:18:cc:e1:9c:f5:b9:4e:11:55:b3:c5:
                    4a:42:30:75:8d:20:e0:3a:b0:03:36:4f:36:bc:ba:
                    91:5a:01:1b:c3:a0:c5:85:87:61:f0:a6:ca:95:2e:
                    a9:8b:fc:34:13:0e:fc:80:14:6c:8e:d1:71:7e:82:
                    55:dc:c8:d3:f4:70:8b:f6:07:60:5c:ee:15:0d:2a:
                    b3:29:07:d5:81:c0:13:12:12:36:d3:4b:80:f3:dd:
                    73:19:dd:03:3b:da:20:f4:df:71:32:93:02:37:c4:
                    a4:b4:45:28:ef:15:66:4b:34:cf:50:bd:a4:7b:d2:
                    14:3b:fb:f0:3c:06:2c:1c:c9:dc:8e:46:62:4c:6d:
                    71:91:9a:19:c9:c2:ea:a7:54:50:da:5a:3a:62:62:
                    fb:77:a4:a8:be:db:6d:d6:99:2f:33:ee:f4:77:ba:
                    05:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:02:19:57:70:D3:DE:6D:37:35:09:C6:2D:84:7D:93:11:6A:3B:A3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f4c50b9a-6cc2-43a9-a271-f82efe1a8f29.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:55:a1:44:30:d3:d8:b3:66:da:e5:26:16:48:5b:d1:33:62:
         8f:83:94:06:41:de:98:c3:ce:29:71:1d:fb:9d:8b:dd:9e:cb:
         3e:fe:92:bb:a4:0b:91:cd:ae:78:de:30:52:00:3d:11:57:f2:
         9d:9a:1a:be:bd:ba:b7:23:3c:e4:11:ae:6f:f1:87:54:c5:39:
         21:ff:3c:00:93:b3:3b:95:12:82:36:41:f6:0e:8c:75:ec:dc:
         42:02:0c:7f:7c:07:c8:96:3e:3c:f8:2d:db:98:ec:0b:4a:de:
         cc:4c:0d:a4:e7:44:37:af:8c:63:bf:8c:96:71:28:72:ff:92:
         25:cc:95:60:08:d0:50:90:51:be:a1:5d:ae:6c:15:f0:1b:ea:
         5f:93:0b:36:d4:96:8e:18:23:44:18:b7:d5:79:75:b6:71:cb:
         4b:24:ca:c2:70:9a:72:54:67:59:aa:03:0f:c0:41:8f:18:5d:
         71:6a:bb:a5:8c:83:7d:bd:8c:07:cd:09:bf:ed:54:e3:49:60:
         3a:b9:69:7b:58:14:05:82:2d:6f:c7:b1:41:fb:82:91:18:9b:
         2b:10:db:1a:83:e9:20:9c:b4:92:a4:74:b2:24:46:2c:f4:30:
         f2:42:26:8a:3f:a0:f4:0e:66:98:ff:73:0d:70:b9:35:cd:11:
         c6:02:36:fe
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCAn1cnauaSxlRKOVYRRH4wlxhikwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI3MDAwMDAwWhcNMjMwMzAyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2NhNmYyNTg5ZmI2MGNlMWQ2ZjgyYmExMmE5ZjE2NWIy
ZjA2OGM2ZjJiNTYxYzJlYzdlMjQwZWFiYjYxMjIzNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANehiuWuHTeScY+FIVTf2ehNgFqLKAtq8wZYR5VKYt8+hM4t9OBe
Z8iceKKzRekL+pSI4kPfHmDTBu+okU0nRsq7jF0kCHVeUSbmkGU2KOPGxmo2GpB8
Esr9K/qGVRjM4Zz1uU4RVbPFSkIwdY0g4DqwAzZPNry6kVoBG8OgxYWHYfCmypUu
qYv8NBMO/IAUbI7RcX6CVdzI0/Rwi/YHYFzuFQ0qsykH1YHAExISNtNLgPPdcxnd
AzvaIPTfcTKTAjfEpLRFKO8VZks0z1C9pHvSFDv78DwGLBzJ3I5GYkxtcZGaGcnC
6qdUUNpaOmJi+3ekqL7bbdaZLzPu9He6BakCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSpAhlXcNPebTc1CcYthH2TEWo7ozAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjRjNTBiOWEtNmNjMi00M2E5LWEyNzEtZjgyZWZlMWE4ZjI5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG1VoUQw09izZtrl
JhZIW9EzYo+DlAZB3pjDzilxHfudi92eyz7+krukC5HNrnjeMFIAPRFX8p2aGr69
urcjPOQRrm/xh1TFOSH/PACTszuVEoI2QfYOjHXs3EICDH98B8iWPjz4LduY7AtK
3sxMDaTnRDevjGO/jJZxKHL/kiXMlWAI0FCQUb6hXa5sFfAb6l+TCzbUlo4YI0QY
t9V5dbZxy0skysJwmnJUZ1mqAw/AQY8YXXFqu6WMg329jAfNCb/tVONJYDq5aXtY
FAWCLW/HsUH7gpEYmysQ2xqD6SCctJKkdLIkRiz0MPJCJoo/oPQOZpj/cw1wuTXN
EcYCNv4=
-----END CERTIFICATE-----