Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0b3295c1-19de-41b2-a990-8e5c71f35398.roa
File:                     0b3295c1-19de-41b2-a990-8e5c71f35398.roa (raw, json)
Hash identifier:          oje3fDe8Zb1wAmhTxwYG5iSAYFjcuQS6TzpRH35aWRQ=
Subject key identifier:   C6:D3:60:99:1F:8C:AC:F7:71:62:C1:F7:1C:68:7F:31:45:C5:70:FF
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0CF0A9C58E4DA85FC00AC941A7EAFBEC6A75CB5E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0b3295c1-19de-41b2-a990-8e5c71f35398.roa
Signing time:             Fri 23 Dec 2022 00:00:00 +0000
ROA not before:           Fri 23 Dec 2022 00:00:00 +0000
ROA not after:            Mon 26 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:f0:a9:c5:8e:4d:a8:5f:c0:0a:c9:41:a7:ea:fb:ec:6a:75:cb:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 23 00:00:00 2022 GMT
            Not After : Dec 26 23:59:59 2022 GMT
        Subject: serialNumber=00a12d0f17cddfd2927a91a3ce9464660be89fb1656c9a840acd5c349d5e7879, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:41:1b:ee:19:96:22:1f:8c:04:6e:4a:ba:76:
                    57:a2:bd:88:67:56:6b:07:1f:79:db:75:01:6d:93:
                    31:16:ac:cc:7d:4b:fc:19:01:b8:9e:dd:ce:96:9c:
                    f5:0b:04:e2:bd:f6:28:92:0f:b6:e2:91:7f:8c:c9:
                    6e:50:73:2b:ae:53:90:6a:25:d2:f4:8d:a3:95:03:
                    ab:af:9b:5a:95:28:35:08:8f:15:aa:f0:a4:dd:38:
                    20:fd:2c:77:f6:f5:54:7b:a6:84:13:4c:24:4a:54:
                    3f:e2:8e:98:c7:a4:b9:31:c1:94:95:cd:b9:2b:1f:
                    98:5b:46:ad:33:30:7b:dd:c5:5b:49:fb:fc:8e:7b:
                    46:6c:b0:c9:04:12:d6:2d:08:36:ed:fa:52:d7:02:
                    30:09:ed:5a:08:20:6c:59:fc:3f:42:73:32:25:a1:
                    6f:0b:d1:0e:8e:41:a2:ad:06:48:54:cc:ef:05:d8:
                    2d:09:69:94:e5:a2:31:4e:e0:e2:2a:a2:f7:40:8d:
                    c8:44:fb:35:37:48:64:84:fc:94:66:54:0c:d3:20:
                    6a:23:ab:58:25:1c:68:9a:e2:6c:df:f8:f4:bf:3e:
                    44:de:e3:69:e4:dc:47:c3:13:b0:da:ec:24:0e:21:
                    b2:38:31:e5:4b:8e:68:55:ea:ca:a4:93:b2:e1:55:
                    b2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:D3:60:99:1F:8C:AC:F7:71:62:C1:F7:1C:68:7F:31:45:C5:70:FF
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0b3295c1-19de-41b2-a990-8e5c71f35398.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:a6:a8:f4:da:81:cb:5f:ee:97:ca:67:a0:6c:ea:ff:9b:73:
         34:ee:20:09:4d:17:91:5c:7b:98:3d:a3:b6:8e:41:ed:10:e1:
         2d:2c:5d:f4:a1:6b:26:b9:81:28:df:03:10:1d:61:5c:c7:49:
         48:13:ec:39:8d:95:4f:19:8e:8d:10:49:f3:93:dd:f5:75:4b:
         d1:75:54:0e:b6:68:a9:0b:fa:f4:9d:10:32:2c:02:92:61:f9:
         7f:04:2b:c8:07:cf:82:dc:73:46:3b:16:18:a3:35:20:2d:fa:
         55:c3:61:be:39:e5:92:8f:12:b2:a9:f6:76:ae:a2:34:a0:8f:
         69:43:c4:22:d2:3c:93:fe:2e:b6:9e:58:16:72:a6:e7:2d:90:
         dd:c2:37:56:c6:16:cd:c1:0e:c3:29:2c:78:2d:ac:4c:bc:bd:
         5d:22:11:2b:47:8a:c3:42:22:11:ab:f6:12:81:39:fb:af:86:
         f0:04:a0:e3:d9:1f:19:8c:c4:a7:df:71:77:34:0b:c7:93:49:
         c8:d0:dd:15:1f:9e:25:9b:2f:d3:ce:2c:6b:ae:4b:a4:a3:fe:
         74:ac:84:e3:60:3e:e5:bb:91:e9:4e:3a:60:b3:bc:b2:1e:f1:
         37:5d:97:c3:42:2a:d0:dd:3d:7f:71:ce:7f:ff:26:8b:d0:cd:
         d2:34:2d:b2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDPCpxY5NqF/ACslBp+r77Gp1y14wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjIzMDAwMDAwWhcNMjIxMjI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDBhMTJkMGYxN2NkZGZkMjkyN2E5MWEzY2U5NDY0NjYw
YmU4OWZiMTY1NmM5YTg0MGFjZDVjMzQ5ZDVlNzg3OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALFBG+4ZliIfjARuSrp2V6K9iGdWawcfedt1AW2TMRaszH1L/BkB
uJ7dzpac9QsE4r32KJIPtuKRf4zJblBzK65TkGol0vSNo5UDq6+bWpUoNQiPFarw
pN04IP0sd/b1VHumhBNMJEpUP+KOmMekuTHBlJXNuSsfmFtGrTMwe93FW0n7/I57
RmywyQQS1i0INu36UtcCMAntWgggbFn8P0JzMiWhbwvRDo5Boq0GSFTM7wXYLQlp
lOWiMU7g4iqi90CNyET7NTdIZIT8lGZUDNMgaiOrWCUcaJribN/49L8+RN7jaeTc
R8MTsNrsJA4hsjgx5UuOaFXqyqSTsuFVsg8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTG02CZH4ys93FiwfccaH8xRcVw/zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMGIzMjk1YzEtMTlkZS00MWIyLWE5OTAtOGU1YzcxZjM1Mzk4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACWmqPTagctf7pfK
Z6Bs6v+bczTuIAlNF5Fce5g9o7aOQe0Q4S0sXfShaya5gSjfAxAdYVzHSUgT7DmN
lU8Zjo0QSfOT3fV1S9F1VA62aKkL+vSdEDIsApJh+X8EK8gHz4Lcc0Y7FhijNSAt
+lXDYb455ZKPErKp9nauojSgj2lDxCLSPJP+LraeWBZypuctkN3CN1bGFs3BDsMp
LHgtrEy8vV0iEStHisNCIhGr9hKBOfuvhvAEoOPZHxmMxKffcXc0C8eTScjQ3RUf
niWbL9POLGuuS6Sj/nSshONgPuW7kelOOmCzvLIe8Tddl8NCKtDdPX9xzn//JovQ
zdI0LbI=
-----END CERTIFICATE-----