Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/08d41bd9-3dbf-4769-bbad-61e78b326bdd.roa
File:                     08d41bd9-3dbf-4769-bbad-61e78b326bdd.roa (raw, json)
Hash identifier:          aiRswvkps6WHymAkzxt7kDyTrTpAOMLesBkrxqVQ6x4=
Subject key identifier:   9B:9B:B2:7F:D6:BE:83:CA:4B:98:F6:77:8A:F3:5A:40:EE:67:7C:E2
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       29BF8B7BD9058361DF45EDA5ABC67EB87031EEDC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/08d41bd9-3dbf-4769-bbad-61e78b326bdd.roa
Signing time:             Tue 11 Apr 2023 00:00:00 +0000
ROA not before:           Tue 11 Apr 2023 00:00:00 +0000
ROA not after:            Fri 14 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:bf:8b:7b:d9:05:83:61:df:45:ed:a5:ab:c6:7e:b8:70:31:ee:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 11 00:00:00 2023 GMT
            Not After : Apr 14 23:59:59 2023 GMT
        Subject: serialNumber=ae0814d9ebcf794fe9b91caae15326d1a29d2c76dbd2b32e4b6cde4d6f3f9c48, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f7:ab:98:1b:38:c2:b8:65:49:cd:b9:69:a5:
                    ec:e3:f8:f2:2c:6c:83:ec:d9:ac:1c:c3:fa:06:cc:
                    5c:38:f3:0e:ec:b2:35:dd:9c:ee:bf:45:8b:0a:c7:
                    e4:a9:e1:07:7c:cd:e3:2e:40:c6:f2:41:c4:4c:7d:
                    58:14:fd:ac:e7:e2:bf:e5:48:4d:77:07:a0:88:c7:
                    dc:97:72:8e:c9:f1:a8:ae:22:3a:32:36:27:34:4f:
                    0b:0a:92:83:a5:70:2a:66:15:a6:7c:3e:ec:f2:ba:
                    d2:13:c5:bd:a0:9b:7b:3c:b0:fa:c2:d1:d2:0f:8a:
                    71:2f:50:f6:e5:78:6c:b2:94:fb:ec:bf:54:0a:27:
                    1b:11:ad:61:ba:b2:33:25:d4:2b:b1:10:47:c8:b3:
                    1c:40:92:3b:d5:b9:a9:f6:21:8b:df:ce:b3:d5:6e:
                    f1:69:2a:c7:79:a6:26:f5:fe:04:ab:18:e4:24:45:
                    69:27:6c:92:c6:1d:27:41:56:87:3d:0f:ce:28:55:
                    94:cd:bd:c5:95:2a:37:f6:97:e7:13:59:59:c3:ae:
                    7e:da:23:9d:80:7f:28:05:dd:34:e8:69:d8:95:49:
                    51:6e:9f:fb:fb:09:99:67:48:48:cf:f6:6e:06:ae:
                    e5:f7:1c:77:0c:d1:29:14:da:85:d0:87:66:da:a4:
                    02:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:9B:B2:7F:D6:BE:83:CA:4B:98:F6:77:8A:F3:5A:40:EE:67:7C:E2
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/08d41bd9-3dbf-4769-bbad-61e78b326bdd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:34:43:c0:37:59:83:8b:b6:ed:5f:70:fc:a4:e8:22:ba:7d:
         e2:f6:a1:ab:19:db:b5:e6:47:ba:e9:ca:2e:dc:c8:00:b0:2b:
         75:11:15:25:b3:59:0e:52:c5:12:1c:82:0c:69:21:3c:50:88:
         ea:5a:20:7a:57:82:1e:ec:c0:83:33:25:72:ab:19:68:8d:0c:
         43:08:47:11:64:40:b2:27:0a:69:a1:1c:9b:9e:f8:58:40:9f:
         3c:b8:96:de:c8:fc:d3:e7:3f:88:d3:82:92:ec:45:7e:00:2b:
         4a:d7:34:96:2f:cd:a8:d1:4c:b2:31:0a:51:6f:a0:94:2e:78:
         0b:40:59:6c:04:e6:7d:49:fd:35:a9:ad:84:23:3e:2c:d1:1f:
         33:1e:3e:ac:bb:05:b5:1b:f4:2c:c1:a8:f0:97:04:bd:28:9f:
         f5:19:fa:d0:4b:8e:f6:d5:4e:cf:94:b1:ca:d3:a9:78:d2:6a:
         c0:3c:4c:a0:bb:6c:28:96:70:ec:16:7d:59:8d:b3:60:3b:63:
         ee:a6:c8:4c:4a:99:b8:01:db:be:da:b2:22:89:6d:6a:7c:ad:
         b0:2e:fe:5b:97:a5:b9:7c:9f:e0:ff:3a:14:b9:f6:62:31:a8:
         df:2e:99:ac:ee:ed:eb:4b:c1:ad:2e:60:cf:e0:6e:17:76:3d:
         46:e0:ba:04
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKb+Le9kFg2HfRe2lq8Z+uHAx7twwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDExMDAwMDAwWhcNMjMwNDE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWUwODE0ZDllYmNmNzk0ZmU5YjkxY2FhZTE1MzI2ZDFh
MjlkMmM3NmRiZDJiMzJlNGI2Y2RlNGQ2ZjNmOWM0ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIr3q5gbOMK4ZUnNuWml7OP48ixsg+zZrBzD+gbMXDjzDuyyNd2c
7r9FiwrH5KnhB3zN4y5AxvJBxEx9WBT9rOfiv+VITXcHoIjH3JdyjsnxqK4iOjI2
JzRPCwqSg6VwKmYVpnw+7PK60hPFvaCbezyw+sLR0g+KcS9Q9uV4bLKU++y/VAon
GxGtYbqyMyXUK7EQR8izHECSO9W5qfYhi9/Os9Vu8Wkqx3mmJvX+BKsY5CRFaSds
ksYdJ0FWhz0PzihVlM29xZUqN/aX5xNZWcOuftojnYB/KAXdNOhp2JVJUW6f+/sJ
mWdISM/2bgau5fccdwzRKRTahdCHZtqkApsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSbm7J/1r6DykuY9neK81pA7md84jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDhkNDFiZDktM2RiZi00NzY5LWJiYWQtNjFlNzhiMzI2YmRkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAU0Q8A3WYOLtu1f
cPyk6CK6feL2oasZ27XmR7rpyi7cyACwK3URFSWzWQ5SxRIcggxpITxQiOpaIHpX
gh7swIMzJXKrGWiNDEMIRxFkQLInCmmhHJue+FhAnzy4lt7I/NPnP4jTgpLsRX4A
K0rXNJYvzajRTLIxClFvoJQueAtAWWwE5n1J/TWprYQjPizRHzMePqy7BbUb9CzB
qPCXBL0on/UZ+tBLjvbVTs+UscrTqXjSasA8TKC7bCiWcOwWfVmNs2A7Y+6myExK
mbgB277asiKJbWp8rbAu/luXpbl8n+D/OhS59mIxqN8umazu7etLwa0uYM/gbhd2
PUbgugQ=
-----END CERTIFICATE-----