Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1522d5bd-da0c-4866-bc6a-2977baa3940d.roa
File:                     1522d5bd-da0c-4866-bc6a-2977baa3940d.roa (raw, json)
Hash identifier:          PtaFjZJuhPcVy2Kxh27MMAYcLB4ZSoz2qr1Jro19XxY=
Subject key identifier:   65:77:5E:38:BA:51:02:54:48:37:93:78:2D:15:27:4A:41:69:E5:EC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4532AF5F283DE73228903F7BDCE7D11127413E20
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1522d5bd-da0c-4866-bc6a-2977baa3940d.roa
Signing time:             Wed 14 Dec 2022 00:00:00 +0000
ROA not before:           Wed 14 Dec 2022 00:00:00 +0000
ROA not after:            Sat 17 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:32:af:5f:28:3d:e7:32:28:90:3f:7b:dc:e7:d1:11:27:41:3e:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 14 00:00:00 2022 GMT
            Not After : Dec 17 23:59:59 2022 GMT
        Subject: serialNumber=50707156f4b9df74b30d1a0631ebc68ef1b35a6b1a0d87eab20dbeeddf105279, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:da:af:d6:87:12:a1:0f:4b:72:df:f6:59:ae:
                    1c:7a:b7:b4:10:9a:4c:db:91:df:05:b4:61:26:bb:
                    bf:30:f5:cc:84:77:45:ce:b6:ee:6d:f3:b1:67:45:
                    2d:fe:a3:a4:1b:d8:01:69:1e:a7:f6:22:85:04:83:
                    5c:d3:e2:21:3c:4d:a9:b9:14:40:0a:e9:7a:4f:54:
                    46:f3:05:2b:51:4e:d9:1c:be:3e:d7:e9:cf:ca:2d:
                    9f:05:0b:12:4a:48:e1:20:dd:8d:e9:e8:52:1d:e1:
                    09:f0:67:67:16:ac:cf:b4:8b:5b:38:77:4f:36:c4:
                    84:f4:ab:d8:ad:02:fe:f9:b6:c1:77:73:d5:32:31:
                    d7:e1:b6:6e:d4:cc:bf:23:f1:7d:e8:ce:2e:30:2a:
                    77:20:42:b8:18:95:98:6b:87:ac:02:66:2c:48:f0:
                    14:74:ce:5b:d3:5a:6f:66:75:5c:d9:63:f7:25:66:
                    99:19:45:bf:19:51:89:ed:f1:2a:4e:8a:82:50:c8:
                    0d:bf:a8:44:ef:75:67:b9:78:e1:0b:64:ac:bb:ed:
                    ee:42:4c:02:22:c3:0c:32:30:7a:ff:54:e5:a6:42:
                    7b:58:19:8a:2f:b9:a6:85:7b:de:51:0d:80:7f:fc:
                    7a:89:09:ed:6d:c7:ea:df:3f:96:b8:3a:e4:9b:d6:
                    d8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:77:5E:38:BA:51:02:54:48:37:93:78:2D:15:27:4A:41:69:E5:EC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1522d5bd-da0c-4866-bc6a-2977baa3940d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:93:8a:d4:0d:5c:ab:c3:48:9a:16:20:a4:71:d5:ad:4e:0d:
         7a:43:d8:d1:b6:25:81:50:3b:af:ea:4d:b9:98:94:4c:a1:3d:
         4c:33:1d:e3:10:87:62:fa:f2:d9:b9:f3:c3:c8:a6:10:02:d2:
         2f:67:ca:a8:f7:75:fa:3a:50:ca:7a:18:79:a3:db:90:29:29:
         79:86:35:00:9d:d0:57:62:9c:20:b9:d9:a3:29:29:66:e7:3f:
         62:fd:db:aa:4a:73:86:d7:60:eb:0d:d7:54:a1:e1:08:32:ac:
         5a:8a:33:b9:76:96:50:9e:14:67:f9:9f:c3:07:d2:a1:03:72:
         da:e1:f2:11:ed:c1:10:77:27:99:62:91:42:76:f4:ed:7e:a5:
         c8:0c:25:e7:e0:85:69:26:2e:bd:9f:b2:03:b5:17:4f:11:f6:
         9f:e2:92:34:02:25:3a:ac:fa:c6:a7:3a:6c:04:02:e0:2f:43:
         84:b6:45:0f:e5:f5:7c:c9:c7:d2:40:f5:77:bd:17:5c:18:84:
         be:34:77:e9:9b:7d:d7:b2:76:e2:ed:99:1f:96:99:3b:d1:1c:
         7c:da:62:37:30:1a:c6:03:01:99:3d:4a:b7:96:6a:0b:90:28:
         11:04:4b:25:de:9d:6a:43:e6:9d:c1:49:4d:8d:e9:11:41:aa:
         9c:4f:98:b3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURTKvXyg95zIokD973OfRESdBPiAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE0MDAwMDAwWhcNMjIxMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTA3MDcxNTZmNGI5ZGY3NGIzMGQxYTA2MzFlYmM2OGVm
MWIzNWE2YjFhMGQ4N2VhYjIwZGJlZWRkZjEwNTI3OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK/ar9aHEqEPS3Lf9lmuHHq3tBCaTNuR3wW0YSa7vzD1zIR3Rc62
7m3zsWdFLf6jpBvYAWkep/YihQSDXNPiITxNqbkUQArpek9URvMFK1FO2Ry+Ptfp
z8otnwULEkpI4SDdjenoUh3hCfBnZxasz7SLWzh3TzbEhPSr2K0C/vm2wXdz1TIx
1+G2btTMvyPxfejOLjAqdyBCuBiVmGuHrAJmLEjwFHTOW9Nab2Z1XNlj9yVmmRlF
vxlRie3xKk6KglDIDb+oRO91Z7l44QtkrLvt7kJMAiLDDDIwev9U5aZCe1gZii+5
poV73lENgH/8eokJ7W3H6t8/lrg65JvW2A8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRld144ulECVEg3k3gtFSdKQWnl7DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTUyMmQ1YmQtZGEwYy00ODY2LWJjNmEtMjk3N2JhYTM5NDBkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKGTitQNXKvDSJoW
IKRx1a1ODXpD2NG2JYFQO6/qTbmYlEyhPUwzHeMQh2L68tm588PIphAC0i9nyqj3
dfo6UMp6GHmj25ApKXmGNQCd0FdinCC52aMpKWbnP2L926pKc4bXYOsN11Sh4Qgy
rFqKM7l2llCeFGf5n8MH0qEDctrh8hHtwRB3J5likUJ29O1+pcgMJefghWkmLr2f
sgO1F08R9p/ikjQCJTqs+sanOmwEAuAvQ4S2RQ/l9XzJx9JA9Xe9F1wYhL40d+mb
fdeyduLtmR+WmTvRHHzaYjcwGsYDAZk9SreWaguQKBEESyXenWpD5p3BSU2N6RFB
qpxPmLM=
-----END CERTIFICATE-----