Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/172bae88-9fba-40af-b38c-7543e74c4b5a.roa
File:                     172bae88-9fba-40af-b38c-7543e74c4b5a.roa (raw, json)
Hash identifier:          qJd/0Ub84AHA/wlOki3afQmlw1tPd3iKkLh8MtX4hPY=
Subject key identifier:   29:68:D4:94:D8:61:4D:45:E2:C2:1E:36:02:1E:F7:21:44:21:48:E5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       02CF84A5090F48A9AC19856883BE377F716C48B8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/172bae88-9fba-40af-b38c-7543e74c4b5a.roa
Signing time:             Mon 20 Feb 2023 00:00:00 +0000
ROA not before:           Mon 20 Feb 2023 00:00:00 +0000
ROA not after:            Thu 23 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:cf:84:a5:09:0f:48:a9:ac:19:85:68:83:be:37:7f:71:6c:48:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 20 00:00:00 2023 GMT
            Not After : Feb 23 23:59:59 2023 GMT
        Subject: serialNumber=2c8be499737e0fcb7751ce7aa200e4b348e26c6adb4758a8a36701bc82ec7444, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:12:dd:74:98:3e:27:e9:dd:23:b6:f2:7d:d0:
                    44:d8:00:ff:2d:71:fe:75:8c:08:32:09:56:6d:dd:
                    f1:28:79:68:0e:0f:85:bf:15:7c:a3:ae:34:9d:c2:
                    9e:d2:50:63:d2:2c:c9:83:7f:a6:92:b3:9c:49:7e:
                    57:2e:05:98:87:82:a7:f5:6d:b1:dc:79:e8:fb:0d:
                    0c:cd:4f:6b:fc:48:d8:3b:72:e3:3a:73:ce:87:f8:
                    19:72:2a:e6:80:1b:0a:8d:e9:5d:2c:db:c4:ec:d0:
                    50:e4:b4:6a:42:55:a6:73:fc:84:0f:10:e5:6e:9f:
                    6b:f1:68:66:b2:2e:67:09:aa:98:14:8c:39:8b:f7:
                    75:c9:f7:ba:d0:2c:dd:e3:1f:49:f1:14:20:8b:03:
                    61:d8:ac:51:f7:b8:49:6a:13:4f:4d:62:98:b4:f0:
                    c2:9d:79:17:80:f1:cc:ad:82:fe:f1:b8:65:6d:44:
                    9f:6d:47:d9:aa:d9:98:0a:0a:dc:bb:8f:fd:aa:55:
                    b5:fb:0e:4b:26:5d:76:a3:b1:f3:0a:22:c9:bd:bc:
                    65:46:fe:cb:af:08:32:42:da:0d:a1:c2:d7:49:ba:
                    1d:b6:e1:8f:e4:9c:c8:6f:cf:c3:fe:5d:2a:a5:67:
                    97:7b:21:d2:13:9c:6b:59:f6:63:41:0d:a7:68:8c:
                    db:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:68:D4:94:D8:61:4D:45:E2:C2:1E:36:02:1E:F7:21:44:21:48:E5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/172bae88-9fba-40af-b38c-7543e74c4b5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:21:8c:a8:b9:c9:fb:e2:a2:8c:fd:6d:1f:38:17:46:4e:3b:
         40:81:03:95:c3:cf:d7:b4:68:8f:f4:2d:84:69:68:b7:93:0a:
         1f:a5:2b:ac:69:e8:e3:19:21:59:12:46:5e:32:38:8c:7f:64:
         8a:3a:04:a6:e9:93:b7:21:f5:8f:0c:fa:9b:5b:d5:cc:e4:da:
         fd:5f:e7:23:47:01:c6:39:2c:1d:93:1f:03:59:93:14:e5:e8:
         5d:8e:64:c4:de:dd:83:48:66:b5:81:2c:d6:6a:24:b2:3f:b8:
         62:72:c7:86:59:82:bd:d4:6c:1e:fd:dc:b3:87:a1:36:73:fe:
         b8:f5:b9:35:eb:c2:f3:81:4b:f2:d5:a9:0d:76:64:ce:63:20:
         27:3f:ca:46:86:34:7d:3a:db:cc:63:43:fd:47:19:c8:72:5c:
         bb:d7:c4:48:2f:32:cc:dd:e3:3a:e8:f8:8b:1f:4c:94:1e:85:
         8c:0f:59:b7:3c:33:42:d4:cf:ea:63:7f:07:cf:91:99:29:e2:
         13:ce:d5:96:e5:f0:f7:76:51:33:15:f3:50:5e:d7:77:e6:f0:
         9e:ff:a6:b4:cf:86:77:c0:26:c2:3f:22:bd:88:60:93:b8:95:
         b6:52:8a:4b:ff:f4:f5:bb:16:72:b1:39:3c:e6:be:c2:c3:5e:
         05:3a:8a:7d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAs+EpQkPSKmsGYVog743f3FsSLgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIwMDAwMDAwWhcNMjMwMjIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmM4YmU0OTk3MzdlMGZjYjc3NTFjZTdhYTIwMGU0YjM0
OGUyNmM2YWRiNDc1OGE4YTM2NzAxYmM4MmVjNzQ0NDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALES3XSYPifp3SO28n3QRNgA/y1x/nWMCDIJVm3d8Sh5aA4Phb8V
fKOuNJ3CntJQY9IsyYN/ppKznEl+Vy4FmIeCp/Vtsdx56PsNDM1Pa/xI2Dty4zpz
zof4GXIq5oAbCo3pXSzbxOzQUOS0akJVpnP8hA8Q5W6fa/FoZrIuZwmqmBSMOYv3
dcn3utAs3eMfSfEUIIsDYdisUfe4SWoTT01imLTwwp15F4DxzK2C/vG4ZW1En21H
2arZmAoK3LuP/apVtfsOSyZddqOx8woiyb28ZUb+y68IMkLaDaHC10m6Hbbhj+Sc
yG/Pw/5dKqVnl3sh0hOca1n2Y0ENp2iM2zUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQpaNSU2GFNReLCHjYCHvchRCFI5TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTcyYmFlODgtOWZiYS00MGFmLWIzOGMtNzU0M2U3NGM0YjVhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGYhjKi5yfviooz9
bR84F0ZOO0CBA5XDz9e0aI/0LYRpaLeTCh+lK6xp6OMZIVkSRl4yOIx/ZIo6BKbp
k7ch9Y8M+ptb1czk2v1f5yNHAcY5LB2THwNZkxTl6F2OZMTe3YNIZrWBLNZqJLI/
uGJyx4ZZgr3UbB793LOHoTZz/rj1uTXrwvOBS/LVqQ12ZM5jICc/ykaGNH0628xj
Q/1HGchyXLvXxEgvMszd4zro+IsfTJQehYwPWbc8M0LUz+pjfwfPkZkp4hPO1Zbl
8Pd2UTMV81Be13fm8J7/prTPhnfAJsI/Ir2IYJO4lbZSikv/9PW7FnKxOTzmvsLD
XgU6in0=
-----END CERTIFICATE-----