Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24e6a993-8ca1-4425-b1d8-c4952610d066.roa
File:                     24e6a993-8ca1-4425-b1d8-c4952610d066.roa (raw, json)
Hash identifier:          XtSDP8PhBM+CmCyvGDumx1o8pFN/8hPrqA6XiGXJeBM=
Subject key identifier:   14:AC:EA:FC:B3:D1:AF:4D:1B:E5:7B:F0:85:16:14:8D:35:DA:42:80
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       366C0436BE7953CAA3B6C656138073A172EA9F0C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24e6a993-8ca1-4425-b1d8-c4952610d066.roa
Signing time:             Mon 13 Feb 2023 00:00:00 +0000
ROA not before:           Mon 13 Feb 2023 00:00:00 +0000
ROA not after:            Thu 16 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:6c:04:36:be:79:53:ca:a3:b6:c6:56:13:80:73:a1:72:ea:9f:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 13 00:00:00 2023 GMT
            Not After : Feb 16 23:59:59 2023 GMT
        Subject: serialNumber=d2a9d917577b4cddef52c3a1119c4c23bde0d4af73b30dca1be1ff860d2d1c31, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:26:e3:21:71:e0:f9:d1:01:1d:d6:ce:b7:76:
                    31:f4:6c:cc:33:80:f7:b9:7e:22:b8:64:5c:7b:a5:
                    7f:d9:fc:f4:c9:3e:6d:c7:67:d8:6d:30:98:86:3c:
                    3a:93:d4:df:90:7d:ab:82:9a:b0:65:55:03:94:56:
                    c9:ea:05:89:1c:14:13:4a:ac:9e:65:d0:65:83:19:
                    4e:26:51:b8:1f:be:91:ca:2c:02:93:58:47:e4:26:
                    e0:52:f7:06:cc:74:9a:35:1c:62:5a:d0:89:e3:c0:
                    e8:06:08:b8:64:76:a5:bd:85:7e:db:e9:5e:3f:49:
                    82:3a:47:30:62:42:52:22:40:d1:39:a4:23:70:01:
                    e7:bf:8d:3d:36:5e:0d:87:96:0d:e3:50:19:97:82:
                    d5:01:6c:98:80:ed:9f:d9:6f:b6:a7:f2:f1:07:7f:
                    19:38:8d:15:0e:1f:4d:1f:80:35:1e:87:78:8c:3e:
                    2b:84:21:16:f2:df:00:40:1e:5e:4c:79:f2:b2:be:
                    22:8d:38:92:93:93:db:29:ad:23:ff:2d:ba:d5:4c:
                    11:d5:a0:63:0a:a5:8f:0c:18:96:2c:ae:71:c2:3c:
                    9c:41:c2:9f:1a:3f:e2:f1:8c:b0:cb:73:30:f2:60:
                    2b:0b:32:d8:d5:f7:17:c2:d8:c5:18:86:98:c9:79:
                    6b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:AC:EA:FC:B3:D1:AF:4D:1B:E5:7B:F0:85:16:14:8D:35:DA:42:80
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24e6a993-8ca1-4425-b1d8-c4952610d066.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:7c:69:64:2c:62:82:58:e6:8b:91:e6:45:c4:9e:80:2c:f3:
         ed:1d:fa:a2:15:11:50:d6:45:67:cc:e5:55:16:c2:38:01:7b:
         16:be:8b:b6:31:00:6f:66:52:98:b2:eb:23:6f:f9:95:de:e1:
         53:9b:e4:06:a5:64:60:da:c9:3d:a2:1a:6b:98:90:c9:46:81:
         25:6d:ca:b9:62:e0:a0:7e:96:5a:8c:75:48:96:4d:b6:b1:34:
         3b:f2:54:29:8c:0f:67:41:83:70:26:02:d0:e6:b5:be:61:8c:
         db:5d:27:4f:58:3e:df:c4:91:cd:df:ae:21:b7:89:3e:82:46:
         15:49:bd:d1:a2:c2:d9:8d:8a:5a:88:6c:85:23:6b:91:7c:27:
         2a:17:4f:64:44:52:5b:ae:5d:0a:62:f6:56:53:a3:c7:97:21:
         b3:7b:a6:8c:4c:62:40:ee:72:89:ab:9f:32:b8:26:9f:3c:8c:
         d3:ee:a7:f0:8e:8b:5c:a5:84:2c:2f:70:d3:31:89:bb:92:ba:
         3a:1b:8f:7c:83:f4:14:e0:40:f9:cc:1c:b0:16:81:ea:ac:5d:
         91:f4:b6:99:27:30:52:e7:d1:e3:f0:e3:2a:28:7c:80:7f:8d:
         1b:43:85:d0:08:1b:8d:0d:09:4d:28:c4:65:a6:e7:eb:a3:19:
         91:53:44:86
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNmwENr55U8qjtsZWE4BzoXLqnwwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEzMDAwMDAwWhcNMjMwMjE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDJhOWQ5MTc1NzdiNGNkZGVmNTJjM2ExMTE5YzRjMjNi
ZGUwZDRhZjczYjMwZGNhMWJlMWZmODYwZDJkMWMzMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL0m4yFx4PnRAR3Wzrd2MfRszDOA97l+IrhkXHulf9n89Mk+bcdn
2G0wmIY8OpPU35B9q4KasGVVA5RWyeoFiRwUE0qsnmXQZYMZTiZRuB++kcosApNY
R+Qm4FL3Bsx0mjUcYlrQiePA6AYIuGR2pb2FftvpXj9JgjpHMGJCUiJA0TmkI3AB
57+NPTZeDYeWDeNQGZeC1QFsmIDtn9lvtqfy8Qd/GTiNFQ4fTR+ANR6HeIw+K4Qh
FvLfAEAeXkx58rK+Io04kpOT2ymtI/8tutVMEdWgYwqljwwYliyuccI8nEHCnxo/
4vGMsMtzMPJgKwsy2NX3F8LYxRiGmMl5awcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQUrOr8s9GvTRvle/CFFhSNNdpCgDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjRlNmE5OTMtOGNhMS00NDI1LWIxZDgtYzQ5NTI2MTBkMDY2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIp8aWQsYoJY5ouR
5kXEnoAs8+0d+qIVEVDWRWfM5VUWwjgBexa+i7YxAG9mUpiy6yNv+ZXe4VOb5Aal
ZGDayT2iGmuYkMlGgSVtyrli4KB+llqMdUiWTbaxNDvyVCmMD2dBg3AmAtDmtb5h
jNtdJ09YPt/Ekc3friG3iT6CRhVJvdGiwtmNilqIbIUja5F8JyoXT2REUluuXQpi
9lZTo8eXIbN7poxMYkDucomrnzK4Jp88jNPup/COi1ylhCwvcNMxibuSujobj3yD
9BTgQPnMHLAWgeqsXZH0tpknMFLn0ePw4yoofIB/jRtDhdAIG40NCU0oxGWm5+uj
GZFTRIY=
-----END CERTIFICATE-----