Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/40b48d1f-9a02-49dd-afec-242bc77a8d30.roa
File:                     40b48d1f-9a02-49dd-afec-242bc77a8d30.roa (raw, json)
Hash identifier:          SqJCu0jI+PEf433hlocLfSk1Pn+PcYwZ/2xP2vYYzhM=
Subject key identifier:   59:11:6B:33:EB:CB:CC:13:EE:37:E2:0D:8A:4F:9E:D7:12:52:C6:93
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1974A47FF738E785860A50354D235B740DD4543D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/40b48d1f-9a02-49dd-afec-242bc77a8d30.roa
Signing time:             Sat 16 Jul 2022 00:00:00 +0000
ROA not before:           Sat 16 Jul 2022 00:00:00 +0000
ROA not after:            Tue 19 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:74:a4:7f:f7:38:e7:85:86:0a:50:35:4d:23:5b:74:0d:d4:54:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 16 00:00:00 2022 GMT
            Not After : Jul 19 23:59:59 2022 GMT
        Subject: serialNumber=57173967b269c1ff899cc79a3207ba7dbc358b1c172cf96b74c2dae170b8e53b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fb:34:58:fa:03:31:16:76:5a:00:3a:38:b7:
                    cb:18:31:fe:8f:eb:1c:03:cf:d2:e0:26:f3:76:88:
                    47:d0:af:e1:63:c4:3e:99:30:ad:4c:fa:ce:1b:2e:
                    f3:da:88:35:a8:be:18:5a:e5:2f:f5:f8:b0:04:ac:
                    d8:50:51:86:97:a1:a2:23:86:0e:2c:24:bb:76:26:
                    f9:49:17:bf:6a:04:3f:41:ef:0e:3d:49:4c:1d:51:
                    eb:d2:66:f7:7b:49:fd:11:67:ba:c0:3f:14:0f:0b:
                    54:4e:e4:62:22:97:9b:6b:f8:e9:9b:c8:8f:bc:c4:
                    22:3a:a1:0d:93:6e:2d:eb:e4:93:86:17:ca:de:f2:
                    30:fc:ed:74:3d:a9:0c:7d:6a:11:24:09:31:b6:c8:
                    e5:ad:a9:ee:6a:03:13:41:3b:2a:6f:24:a9:2b:9f:
                    eb:ad:7b:92:ad:a0:36:8e:7d:30:56:11:76:4b:87:
                    fe:27:a1:53:fe:29:de:2e:7c:17:77:7a:46:15:5a:
                    24:71:2c:f0:d0:bd:9a:87:43:40:ba:24:9e:bc:1d:
                    8c:89:1c:c8:76:55:48:ce:77:f0:6e:ef:3b:d2:ce:
                    3d:70:e3:48:43:c3:a6:5c:fc:cb:d6:7b:d7:03:21:
                    47:4e:95:52:d1:80:f9:99:75:1b:1b:24:2d:4a:b8:
                    bc:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:11:6B:33:EB:CB:CC:13:EE:37:E2:0D:8A:4F:9E:D7:12:52:C6:93
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/40b48d1f-9a02-49dd-afec-242bc77a8d30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:31:42:8a:03:78:a7:83:3e:8d:e5:e3:61:89:03:f5:da:6d:
         df:ba:9d:38:ee:85:75:14:47:8f:d3:a8:a4:a7:f9:cc:a4:7e:
         a0:bd:59:1d:7f:2f:05:e2:dd:51:46:ad:72:97:41:a4:3d:81:
         37:da:b0:50:70:3c:f9:8f:9f:10:b4:31:6c:b1:84:49:92:12:
         f4:a1:4c:5a:8b:8e:4b:16:e5:b9:ce:bc:ca:b1:b4:ce:4c:b8:
         e4:d5:6b:60:f2:4b:c6:35:be:eb:cc:5f:df:08:db:4b:f0:f4:
         ef:f1:c6:ba:b4:c0:07:d0:66:9a:da:6b:d5:12:07:c5:8f:9e:
         28:1a:c9:f5:9b:d8:9a:a9:3b:3d:78:aa:7e:65:e8:7d:30:e8:
         2f:a1:e2:3a:85:3c:5c:3c:df:44:dd:49:2b:89:cf:52:94:74:
         cd:aa:9d:65:f9:97:0b:b6:39:1b:42:1a:d5:e4:da:d1:ac:ca:
         d3:ec:ea:6f:eb:0b:e2:c6:39:1d:96:2a:c4:a7:28:cc:d8:9e:
         31:a6:a4:a6:33:8c:0e:08:34:25:4a:c0:5a:73:28:60:38:c3:
         1c:8b:65:db:f8:ff:93:7a:43:7d:25:b9:2e:6c:d2:15:87:68:
         90:c3:b6:25:d4:87:f6:eb:a5:fb:72:bc:5f:de:03:74:c4:3c:
         d9:92:13:d9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGXSkf/c454WGClA1TSNbdA3UVD0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzE2MDAwMDAwWhcNMjIwNzE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTcxNzM5NjdiMjY5YzFmZjg5OWNjNzlhMzIwN2JhN2Ri
YzM1OGIxYzE3MmNmOTZiNzRjMmRhZTE3MGI4ZTUzYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKv7NFj6AzEWdloAOji3yxgx/o/rHAPP0uAm83aIR9Cv4WPEPpkw
rUz6zhsu89qINai+GFrlL/X4sASs2FBRhpehoiOGDiwku3Ym+UkXv2oEP0HvDj1J
TB1R69Jm93tJ/RFnusA/FA8LVE7kYiKXm2v46ZvIj7zEIjqhDZNuLevkk4YXyt7y
MPztdD2pDH1qESQJMbbI5a2p7moDE0E7Km8kqSuf6617kq2gNo59MFYRdkuH/ieh
U/4p3i58F3d6RhVaJHEs8NC9modDQLoknrwdjIkcyHZVSM538G7vO9LOPXDjSEPD
plz8y9Z71wMhR06VUtGA+Zl1GxskLUq4vJ8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRZEWsz68vME+434g2KT57XElLGkzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDBiNDhkMWYtOWEwMi00OWRkLWFmZWMtMjQyYmM3N2E4ZDMwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADkxQooDeKeDPo3l
42GJA/Xabd+6nTjuhXUUR4/TqKSn+cykfqC9WR1/LwXi3VFGrXKXQaQ9gTfasFBw
PPmPnxC0MWyxhEmSEvShTFqLjksW5bnOvMqxtM5MuOTVa2DyS8Y1vuvMX98I20vw
9O/xxrq0wAfQZpraa9USB8WPnigayfWb2JqpOz14qn5l6H0w6C+h4jqFPFw830Td
SSuJz1KUdM2qnWX5lwu2ORtCGtXk2tGsytPs6m/rC+LGOR2WKsSnKMzYnjGmpKYz
jA4INCVKwFpzKGA4wxyLZdv4/5N6Q30luS5s0hWHaJDDtiXUh/brpftyvF/eA3TE
PNmSE9k=
-----END CERTIFICATE-----