Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1091f9ef-191e-4c21-bece-c17aa3b1998a.roa
File:                     1091f9ef-191e-4c21-bece-c17aa3b1998a.roa (raw, json)
Hash identifier:          sKiePFM0pcaYBPQZnmbWLV8hFlb4CkRioeC7/QHHi9I=
Subject key identifier:   3D:E5:B2:FA:55:91:7A:DB:8B:66:53:A0:C1:38:56:A8:44:3F:A3:34
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       71088FBB2C282C14C992E2B29CB3173D72C35655
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1091f9ef-191e-4c21-bece-c17aa3b1998a.roa
Signing time:             Sat 24 Dec 2022 00:00:00 +0000
ROA not before:           Sat 24 Dec 2022 00:00:00 +0000
ROA not after:            Tue 27 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:08:8f:bb:2c:28:2c:14:c9:92:e2:b2:9c:b3:17:3d:72:c3:56:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 24 00:00:00 2022 GMT
            Not After : Dec 27 23:59:59 2022 GMT
        Subject: serialNumber=41064b7f13523c5cd606b49df8e4949f7c79180a539ecf823c72d7a5de5bf540, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c5:7f:39:fc:00:77:1f:18:8d:e0:af:47:4f:
                    79:7f:ba:4b:42:47:c5:6a:f9:c6:b8:95:2f:dc:64:
                    a1:8d:da:1f:48:32:aa:f6:0e:89:d0:a8:c4:51:6d:
                    8c:08:0f:7a:1f:e9:ed:da:60:59:ef:43:64:87:73:
                    af:be:3c:7a:c4:a4:2b:08:3d:2a:2c:bb:69:52:e0:
                    06:3a:e7:2a:ec:7d:7c:87:8b:c6:fd:b4:bb:43:91:
                    27:6e:e2:98:d9:d4:70:5d:69:6a:ca:01:be:56:ad:
                    80:1e:80:b0:26:e0:d3:10:ee:24:19:9f:79:14:54:
                    1d:02:43:cb:41:94:b1:80:cb:25:c0:61:e0:55:e0:
                    50:84:bd:40:04:48:7e:3c:cd:e0:7f:8c:7d:64:3a:
                    59:38:b5:8f:6b:b0:cf:56:fc:10:15:8d:bc:31:1d:
                    d1:46:9e:a0:1f:b7:b0:c5:ed:c3:c6:75:b1:d0:59:
                    ce:8e:3a:26:f9:ca:ec:6c:51:f2:24:f1:06:31:7a:
                    14:44:4d:b1:08:5b:d2:6c:31:93:df:2a:7f:e0:29:
                    2c:85:51:14:82:50:49:ea:a6:69:14:c8:e6:73:ef:
                    a2:40:04:09:3d:2c:a7:47:76:d3:e4:f3:65:a2:61:
                    01:9c:fd:c8:7c:c9:28:6c:14:2f:d5:01:e4:6f:f3:
                    b5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E5:B2:FA:55:91:7A:DB:8B:66:53:A0:C1:38:56:A8:44:3F:A3:34
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1091f9ef-191e-4c21-bece-c17aa3b1998a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:f8:a3:46:9c:03:73:b9:70:a6:28:08:b8:25:35:ba:75:61:
         5c:98:7f:33:b9:cc:78:dd:5e:ea:47:e2:6f:4f:fd:47:36:f1:
         5c:15:e7:9b:52:9b:60:ed:f4:91:67:6d:b8:ac:73:e6:39:ba:
         64:d7:2f:0f:5d:63:32:e2:1f:b1:1d:5a:05:5f:6d:f0:2f:94:
         db:a4:91:27:7a:44:6f:7d:ad:e8:c0:d7:66:09:49:62:bd:8d:
         ac:ae:2f:9a:b6:4d:b3:8d:0b:4e:7a:a6:79:c8:bb:0f:0b:9f:
         d8:b6:67:48:02:52:07:db:a5:6f:8b:6b:d2:e7:be:57:71:e9:
         0b:ab:ba:87:5f:a4:16:8b:03:5f:d3:1a:04:b4:67:a8:f4:75:
         85:77:fc:6f:93:99:8e:c7:7a:ea:a0:64:50:b1:d4:f0:73:c8:
         42:70:f3:1f:51:cb:c5:51:11:37:60:8a:bb:64:39:0b:a3:b8:
         ed:6c:a0:a8:74:47:88:e9:4b:0b:fe:fa:48:84:d2:10:db:75:
         14:d7:55:aa:ea:fd:24:92:26:9d:c4:1c:b9:57:07:89:cb:16:
         2c:8a:fb:d6:d5:26:7a:af:cc:67:41:a3:b5:e2:3a:da:b3:de:
         87:3b:8f:da:f3:93:55:49:b1:b8:07:ab:c0:b1:b7:e0:6a:ad:
         06:2c:eb:bc
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcQiPuywoLBTJkuKynLMXPXLDVlUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI0MDAwMDAwWhcNMjIxMjI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDEwNjRiN2YxMzUyM2M1Y2Q2MDZiNDlkZjhlNDk0OWY3
Yzc5MTgwYTUzOWVjZjgyM2M3MmQ3YTVkZTViZjU0MDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANPFfzn8AHcfGI3gr0dPeX+6S0JHxWr5xriVL9xkoY3aH0gyqvYO
idCoxFFtjAgPeh/p7dpgWe9DZIdzr748esSkKwg9Kiy7aVLgBjrnKux9fIeLxv20
u0ORJ27imNnUcF1pasoBvlatgB6AsCbg0xDuJBmfeRRUHQJDy0GUsYDLJcBh4FXg
UIS9QARIfjzN4H+MfWQ6WTi1j2uwz1b8EBWNvDEd0UaeoB+3sMXtw8Z1sdBZzo46
JvnK7GxR8iTxBjF6FERNsQhb0mwxk98qf+ApLIVRFIJQSeqmaRTI5nPvokAECT0s
p0d20+TzZaJhAZz9yHzJKGwUL9UB5G/ztUcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ95bL6VZF624tmU6DBOFaoRD+jNDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTA5MWY5ZWYtMTkxZS00YzIxLWJlY2UtYzE3YWEzYjE5OThhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIb4o0acA3O5cKYo
CLglNbp1YVyYfzO5zHjdXupH4m9P/Uc28VwV55tSm2Dt9JFnbbisc+Y5umTXLw9d
YzLiH7EdWgVfbfAvlNukkSd6RG99rejA12YJSWK9jayuL5q2TbONC056pnnIuw8L
n9i2Z0gCUgfbpW+La9Lnvldx6QuruodfpBaLA1/TGgS0Z6j0dYV3/G+TmY7Heuqg
ZFCx1PBzyEJw8x9Ry8VRETdgirtkOQujuO1soKh0R4jpSwv++kiE0hDbdRTXVarq
/SSSJp3EHLlXB4nLFiyK+9bVJnqvzGdBo7XiOtqz3oc7j9rzk1VJsbgHq8Cxt+Bq
rQYs67w=
-----END CERTIFICATE-----