Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3aab6e4f-0f3e-43d3-aedc-3b1f74543e77.roa
File:                     3aab6e4f-0f3e-43d3-aedc-3b1f74543e77.roa (raw, json)
Hash identifier:          cQGiRjPr/7gMpFvoYaFISK7pX6wWzvrtnxbq0SvPUGk=
Subject key identifier:   7F:98:41:40:B0:2D:74:27:B5:53:86:CB:A8:07:B5:9B:37:F4:59:9E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       032FBCE6CF81D730A31717EACDA322303D9AF71B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3aab6e4f-0f3e-43d3-aedc-3b1f74543e77.roa
Signing time:             Thu 16 Feb 2023 00:00:00 +0000
ROA not before:           Thu 16 Feb 2023 00:00:00 +0000
ROA not after:            Sun 19 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:2f:bc:e6:cf:81:d7:30:a3:17:17:ea:cd:a3:22:30:3d:9a:f7:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 16 00:00:00 2023 GMT
            Not After : Feb 19 23:59:59 2023 GMT
        Subject: serialNumber=f991cbe7388b95e2c9ccf8717a9f704445aff93ed7e63e89e75fa3099e187a69, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c6:9a:43:0b:26:e7:6c:8f:8a:12:22:dd:43:
                    19:9a:91:a7:75:37:9d:6e:dc:61:3a:fe:54:f4:69:
                    f8:a7:9f:88:3c:67:16:6c:31:6f:17:7e:ac:2a:1f:
                    fb:78:fd:58:80:ac:4d:e0:e7:2c:1f:bc:03:b7:97:
                    82:d8:33:8e:44:ee:76:28:7e:da:66:e4:c9:94:9c:
                    db:56:27:76:91:ec:65:1f:41:1c:79:59:d7:5e:e7:
                    df:45:8a:7d:fe:cb:94:9f:69:a8:ec:86:27:f1:0a:
                    8d:0a:e2:07:f1:70:4a:55:d2:48:71:21:de:d0:bd:
                    33:65:da:72:fa:b3:d7:3b:90:57:a5:1c:df:9b:08:
                    f7:98:e9:93:04:bd:e5:7b:da:7a:23:e6:3f:8b:bc:
                    ec:28:00:ff:75:c1:84:1f:1c:a6:9c:f4:c0:c5:46:
                    41:c8:b2:9f:ec:4e:3c:c9:a2:c0:76:a9:8a:20:cb:
                    65:da:4c:52:f7:7c:10:b9:9f:b5:28:82:d8:75:04:
                    d9:00:41:fb:e4:79:18:e1:3c:52:5a:e6:d4:f3:bd:
                    5b:2f:45:8a:67:89:0a:0e:a2:77:32:ad:a9:24:2e:
                    77:34:76:0c:31:1f:e8:1d:6c:20:6f:3e:79:30:00:
                    ac:2d:c0:9e:d9:96:c0:30:53:6e:7d:65:43:6d:22:
                    61:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:98:41:40:B0:2D:74:27:B5:53:86:CB:A8:07:B5:9B:37:F4:59:9E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3aab6e4f-0f3e-43d3-aedc-3b1f74543e77.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:65:45:c4:71:c2:c7:22:ce:27:75:89:ce:96:3a:d9:e4:ea:
         d4:1d:3b:b8:56:18:0e:93:b4:75:c2:f6:b9:e9:e5:67:5d:d4:
         a6:19:0f:fd:9a:2a:46:ff:ad:82:da:e4:a6:24:eb:12:ca:19:
         04:64:fa:d3:ca:9b:09:fa:8d:2e:2f:10:8e:1c:85:da:8e:34:
         cd:f8:37:14:68:bb:a4:cc:6d:36:9c:3e:f8:87:85:b8:1c:2e:
         17:ef:a9:e0:ec:48:2a:27:b9:6e:e0:d0:31:1d:b2:53:bb:45:
         5e:2c:e8:e8:4a:6c:54:b2:93:05:81:69:64:26:a3:4f:af:84:
         41:0a:db:8c:4f:d3:3f:42:9c:0c:d7:1e:80:e8:04:e2:d7:af:
         ba:44:b1:9a:da:3a:58:bd:e2:f9:69:97:5a:40:8d:b2:37:fd:
         7d:75:3e:1b:22:fd:23:2e:47:83:47:8c:4a:18:7d:e7:b4:76:
         1e:b2:d5:d1:b5:96:7c:0d:f2:ba:8b:28:bc:66:40:09:da:3d:
         89:62:fc:57:f3:c8:9b:44:b5:7c:31:e8:53:ef:70:2c:d8:e1:
         8c:82:98:b3:a7:85:28:f5:a8:0f:e0:0f:a0:67:56:04:60:d7:
         09:24:23:71:57:7b:9c:9c:11:e2:3e:9f:6d:20:09:77:c4:cc:
         b3:6e:48:ee
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAy+85s+B1zCjFxfqzaMiMD2a9xswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE2MDAwMDAwWhcNMjMwMjE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjk5MWNiZTczODhiOTVlMmM5Y2NmODcxN2E5ZjcwNDQ0
NWFmZjkzZWQ3ZTYzZTg5ZTc1ZmEzMDk5ZTE4N2E2OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALzGmkMLJudsj4oSIt1DGZqRp3U3nW7cYTr+VPRp+KefiDxnFmwx
bxd+rCof+3j9WICsTeDnLB+8A7eXgtgzjkTudih+2mbkyZSc21YndpHsZR9BHHlZ
117n30WKff7LlJ9pqOyGJ/EKjQriB/FwSlXSSHEh3tC9M2Xacvqz1zuQV6Uc35sI
95jpkwS95XvaeiPmP4u87CgA/3XBhB8cppz0wMVGQciyn+xOPMmiwHapiiDLZdpM
Uvd8ELmftSiC2HUE2QBB++R5GOE8Ulrm1PO9Wy9FimeJCg6idzKtqSQudzR2DDEf
6B1sIG8+eTAArC3AntmWwDBTbn1lQ20iYTECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR/mEFAsC10J7VThsuoB7WbN/RZnjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2FhYjZlNGYtMGYzZS00M2QzLWFlZGMtM2IxZjc0NTQzZTc3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGxlRcRxwscizid1
ic6WOtnk6tQdO7hWGA6TtHXC9rnp5Wdd1KYZD/2aKkb/rYLa5KYk6xLKGQRk+tPK
mwn6jS4vEI4chdqONM34NxRou6TMbTacPviHhbgcLhfvqeDsSConuW7g0DEdslO7
RV4s6OhKbFSykwWBaWQmo0+vhEEK24xP0z9CnAzXHoDoBOLXr7pEsZraOli94vlp
l1pAjbI3/X11Phsi/SMuR4NHjEoYfee0dh6y1dG1lnwN8rqLKLxmQAnaPYli/Ffz
yJtEtXwx6FPvcCzY4YyCmLOnhSj1qA/gD6BnVgRg1wkkI3FXe5ycEeI+n20gCXfE
zLNuSO4=
-----END CERTIFICATE-----