Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0556935a-99ec-4cac-b5cc-6ecbad4b79cf.roa
File:                     0556935a-99ec-4cac-b5cc-6ecbad4b79cf.roa (raw, json)
Hash identifier:          gfuBjf+4q9WDV+kPVZqAWmGV/oTbvlCJZcFcMnOrkxQ=
Subject key identifier:   7A:18:24:AF:43:01:19:8E:90:96:F4:DC:BC:46:56:4B:4E:B1:3F:6A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4AB4A8F66B86DB7A1BD1BD46A4E8951FF2D7D672
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0556935a-99ec-4cac-b5cc-6ecbad4b79cf.roa
Signing time:             Wed 08 Feb 2023 00:00:00 +0000
ROA not before:           Wed 08 Feb 2023 00:00:00 +0000
ROA not after:            Sat 11 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:b4:a8:f6:6b:86:db:7a:1b:d1:bd:46:a4:e8:95:1f:f2:d7:d6:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb  8 00:00:00 2023 GMT
            Not After : Feb 11 23:59:59 2023 GMT
        Subject: serialNumber=791d0a64cf898811c82bea813b56f869f49f31948db5230077b2336d6748602d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ea:8e:df:2a:6e:3d:18:6b:a5:13:39:47:c7:
                    68:bb:6a:cd:e4:cc:99:48:b3:8a:bd:7c:ac:d4:f2:
                    d3:a3:78:d6:07:b8:ae:ec:9c:06:b4:7f:21:1c:9f:
                    f5:4f:94:e8:58:4b:71:14:24:a5:07:23:ab:9f:6f:
                    fa:dd:09:8b:a9:bb:ff:de:65:04:14:2e:11:4a:2d:
                    4d:40:a0:bf:7a:39:bd:62:c6:3a:11:29:5e:f1:ce:
                    c2:b1:fa:20:d2:d9:68:81:b1:e0:bd:4b:3e:c0:a6:
                    4d:c6:ae:89:94:4c:5d:9a:39:4c:75:c6:e8:59:86:
                    6e:38:40:e4:7b:f9:35:39:82:1b:4b:8d:42:4d:bd:
                    70:c6:8b:7a:ed:71:4b:35:73:d7:19:11:c9:42:36:
                    61:f3:5d:e0:48:62:9e:5f:c9:9f:f3:82:2d:1e:8d:
                    6e:87:02:fa:ae:94:aa:34:ce:05:5b:a0:0c:4c:52:
                    b2:29:40:03:ac:59:ec:b8:90:e7:38:9d:64:10:7d:
                    da:84:fc:14:8b:e2:96:0d:0e:75:f1:b4:ab:a9:51:
                    5a:8e:c1:0f:c7:3e:9a:c4:f6:c1:62:7c:34:19:26:
                    a6:41:e1:af:c6:c2:a2:8c:3c:f8:e0:49:e7:ba:57:
                    e6:11:8f:8c:a6:94:fc:b3:9f:a9:10:a4:12:d3:65:
                    c3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:18:24:AF:43:01:19:8E:90:96:F4:DC:BC:46:56:4B:4E:B1:3F:6A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0556935a-99ec-4cac-b5cc-6ecbad4b79cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:b7:5f:18:2a:ec:f3:3d:23:eb:6d:fa:1b:eb:1b:11:a3:f7:
         4a:ce:59:9a:c7:22:5b:a6:35:f5:12:d9:10:15:b4:b8:c5:d4:
         c6:41:21:cd:f2:29:b9:99:b2:06:ff:c7:f7:80:82:45:9a:29:
         36:37:e9:f3:83:45:10:ab:0e:54:61:51:5d:5f:5a:c4:04:13:
         22:a9:d8:25:59:f3:01:17:c4:ac:d5:94:5c:7a:a2:61:93:0d:
         ef:1a:c2:0d:40:2a:3d:a5:f1:a7:16:34:66:77:a2:91:b5:07:
         df:5a:02:1b:66:14:d1:ef:ac:40:24:30:72:4a:8e:50:7f:c9:
         92:73:a9:05:c4:d0:63:60:4d:be:70:49:87:a7:bb:06:ca:a8:
         99:68:12:bc:23:c2:a9:0f:ed:2c:92:d2:e4:fb:f8:02:44:ce:
         5a:d3:c9:cb:22:b7:49:47:63:a7:13:0a:ed:2d:a4:7b:e0:8b:
         e2:32:68:76:94:30:0e:6b:a8:86:7a:43:83:6a:41:78:7f:e0:
         4f:1e:cb:b3:62:6b:6c:3f:27:2a:ab:2d:2a:75:75:ed:4c:9c:
         ed:b1:f3:02:50:c6:2f:43:5b:34:76:39:fd:3f:06:a7:70:fc:
         2e:ad:bb:51:03:5f:d0:0f:8d:23:13:2d:3c:77:5f:61:f6:47:
         b1:4e:55:0d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUSrSo9muG23ob0b1GpOiVH/LX1nIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjA4MDAwMDAwWhcNMjMwMjExMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzkxZDBhNjRjZjg5ODgxMWM4MmJlYTgxM2I1NmY4Njlm
NDlmMzE5NDhkYjUyMzAwNzdiMjMzNmQ2NzQ4NjAyZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK7qjt8qbj0Ya6UTOUfHaLtqzeTMmUizir18rNTy06N41ge4ruyc
BrR/IRyf9U+U6FhLcRQkpQcjq59v+t0Ji6m7/95lBBQuEUotTUCgv3o5vWLGOhEp
XvHOwrH6INLZaIGx4L1LPsCmTcauiZRMXZo5THXG6FmGbjhA5Hv5NTmCG0uNQk29
cMaLeu1xSzVz1xkRyUI2YfNd4Ehinl/Jn/OCLR6NbocC+q6UqjTOBVugDExSsilA
A6xZ7LiQ5zidZBB92oT8FIvilg0OdfG0q6lRWo7BD8c+msT2wWJ8NBkmpkHhr8bC
oow8+OBJ57pX5hGPjKaU/LOfqRCkEtNlw30CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR6GCSvQwEZjpCW9Ny8RlZLTrE/ajAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDU1NjkzNWEtOTllYy00Y2FjLWI1Y2MtNmVjYmFkNGI3OWNmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKC3Xxgq7PM9I+tt
+hvrGxGj90rOWZrHIlumNfUS2RAVtLjF1MZBIc3yKbmZsgb/x/eAgkWaKTY36fOD
RRCrDlRhUV1fWsQEEyKp2CVZ8wEXxKzVlFx6omGTDe8awg1AKj2l8acWNGZ3opG1
B99aAhtmFNHvrEAkMHJKjlB/yZJzqQXE0GNgTb5wSYenuwbKqJloErwjwqkP7SyS
0uT7+AJEzlrTycsit0lHY6cTCu0tpHvgi+IyaHaUMA5rqIZ6Q4NqQXh/4E8ey7Ni
a2w/JyqrLSp1de1MnO2x8wJQxi9DWzR2Of0/Bqdw/C6tu1EDX9APjSMTLTx3X2H2
R7FOVQ0=
-----END CERTIFICATE-----