Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/211210a9-2038-423f-a78d-cdbdd7b6f37b.roa
File:                     211210a9-2038-423f-a78d-cdbdd7b6f37b.roa (raw, json)
Hash identifier:          GZFq6MfRcFI7Yn7ZZSPP4HiZWeUBAH5KtwtWW4F2zm8=
Subject key identifier:   9A:E3:36:A6:BB:4D:CA:44:F8:CF:52:55:85:F5:98:18:7C:CA:EB:F6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4DEF20E1286F4F6C4C9B62594ECDE5308142E0F4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/211210a9-2038-423f-a78d-cdbdd7b6f37b.roa
Signing time:             Tue 10 Jan 2023 00:00:00 +0000
ROA not before:           Tue 10 Jan 2023 00:00:00 +0000
ROA not after:            Fri 13 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:ef:20:e1:28:6f:4f:6c:4c:9b:62:59:4e:cd:e5:30:81:42:e0:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 10 00:00:00 2023 GMT
            Not After : Jan 13 23:59:59 2023 GMT
        Subject: serialNumber=72982ea42b229f256a5d096be99959cf006fde288aa635d1cb2378b4af80f927, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1d:06:d3:6a:78:1b:4a:41:ca:22:42:4e:fd:
                    76:f7:63:34:c0:dc:98:8c:73:de:27:83:f5:06:24:
                    58:d0:b1:f1:09:f0:99:5e:e0:f9:80:67:84:83:2c:
                    e7:de:55:ef:22:06:a5:aa:84:8d:41:2d:3d:b5:c9:
                    67:7b:8b:d3:94:2f:a2:a3:1d:0b:9d:4b:5d:e1:9d:
                    4b:71:6a:3e:bf:cd:ee:d9:b0:0d:f8:c2:e0:cd:5a:
                    6c:81:8b:55:98:f2:0d:fa:49:d5:bc:8c:4b:80:2e:
                    a3:8c:0b:e0:33:31:d4:95:b1:0e:99:c4:ba:9e:74:
                    f8:0b:e0:34:61:43:2b:33:1b:86:53:65:41:6e:5a:
                    11:1a:68:01:cc:8e:4c:a5:ce:9b:51:f7:87:10:8e:
                    59:ae:22:00:b0:f7:43:20:9b:af:67:95:59:62:88:
                    e7:41:77:b3:66:f7:29:15:80:4b:9e:03:a5:39:39:
                    19:e5:ad:df:00:5f:3d:3d:aa:41:f1:97:b9:e1:db:
                    25:0e:b6:a8:7f:06:68:6a:e0:e3:4d:d9:54:cd:0e:
                    40:8d:8e:ef:5b:be:2d:87:fc:38:ab:41:e3:6f:79:
                    85:12:5a:42:ae:41:4b:21:1d:39:b1:d0:2b:ec:b3:
                    32:d5:5a:d1:89:ce:04:cc:4d:38:b4:f3:45:6a:2f:
                    4c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:E3:36:A6:BB:4D:CA:44:F8:CF:52:55:85:F5:98:18:7C:CA:EB:F6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/211210a9-2038-423f-a78d-cdbdd7b6f37b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:fd:56:f8:43:2a:98:38:24:e1:ad:a1:82:12:c3:61:71:dd:
         05:d6:ae:c4:82:fe:0b:2a:aa:88:08:c0:dd:b5:90:9e:59:1e:
         f7:33:d8:98:ea:17:59:07:bb:f8:cc:de:ed:32:9e:43:8e:ab:
         e8:c8:33:e1:5b:c1:32:80:e5:b0:95:ad:8a:e6:bb:e8:bb:c0:
         4f:01:ef:5c:79:0f:79:5e:2b:ad:bc:8e:75:6e:c5:b4:77:0c:
         6c:6f:49:e3:8d:72:29:9a:88:b4:ec:81:b2:4e:88:d9:65:57:
         a6:4e:db:5c:4e:a4:a1:be:86:76:aa:fe:ae:48:f0:24:1a:49:
         39:8b:7f:cb:f1:2e:14:a7:ad:61:d0:2d:b1:1f:34:f9:01:53:
         99:ac:dc:96:26:62:d1:aa:ec:b0:8f:d6:5d:fc:ce:e6:b6:7a:
         6a:b8:c5:86:d3:8d:67:a7:80:23:d6:19:e9:fa:47:23:9d:75:
         dd:21:b3:2a:9f:aa:67:a8:61:fb:7e:9f:c3:ed:86:88:a0:67:
         3a:94:79:2a:4d:f1:02:d1:70:19:57:ef:93:4a:e9:44:5a:52:
         69:e5:df:25:cc:ee:6d:13:c8:67:63:83:73:39:df:c7:f4:10:
         c0:99:c1:ba:b7:f5:49:b9:9d:19:c0:a0:f0:82:52:8b:4b:a1:
         2c:21:f1:52
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTe8g4ShvT2xMm2JZTs3lMIFC4PQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTEwMDAwMDAwWhcNMjMwMTEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzI5ODJlYTQyYjIyOWYyNTZhNWQwOTZiZTk5OTU5Y2Yw
MDZmZGUyODhhYTYzNWQxY2IyMzc4YjRhZjgwZjkyNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKMdBtNqeBtKQcoiQk79dvdjNMDcmIxz3ieD9QYkWNCx8QnwmV7g
+YBnhIMs595V7yIGpaqEjUEtPbXJZ3uL05QvoqMdC51LXeGdS3FqPr/N7tmwDfjC
4M1abIGLVZjyDfpJ1byMS4Auo4wL4DMx1JWxDpnEup50+AvgNGFDKzMbhlNlQW5a
ERpoAcyOTKXOm1H3hxCOWa4iALD3QyCbr2eVWWKI50F3s2b3KRWAS54DpTk5GeWt
3wBfPT2qQfGXueHbJQ62qH8GaGrg403ZVM0OQI2O71u+LYf8OKtB4295hRJaQq5B
SyEdObHQK+yzMtVa0YnOBMxNOLTzRWovTJMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSa4zamu03KRPjPUlWF9ZgYfMrr9jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjExMjEwYTktMjAzOC00MjNmLWE3OGQtY2RiZGQ3YjZmMzdiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALH9VvhDKpg4JOGt
oYISw2Fx3QXWrsSC/gsqqogIwN21kJ5ZHvcz2JjqF1kHu/jM3u0ynkOOq+jIM+Fb
wTKA5bCVrYrmu+i7wE8B71x5D3leK628jnVuxbR3DGxvSeONcimaiLTsgbJOiNll
V6ZO21xOpKG+hnaq/q5I8CQaSTmLf8vxLhSnrWHQLbEfNPkBU5ms3JYmYtGq7LCP
1l38zua2emq4xYbTjWengCPWGen6RyOddd0hsyqfqmeoYft+n8PthoigZzqUeSpN
8QLRcBlX75NK6URaUmnl3yXM7m0TyGdjg3M538f0EMCZwbq39Um5nRnAoPCCUotL
oSwh8VI=
-----END CERTIFICATE-----