Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4356ee45-b792-4734-8a77-fface1bc669f.roa
File:                     4356ee45-b792-4734-8a77-fface1bc669f.roa (raw, json)
Hash identifier:          p3t8VrWOKS/U3yauiP5dwe3FnVN8jJyHt9EgRUSdewI=
Subject key identifier:   C7:54:92:05:4A:B8:0E:DA:E5:9C:00:8A:B0:81:9B:C6:88:CE:F2:B9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5AA6D44BD214D0895F25CE9CA63B87359AF47387
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4356ee45-b792-4734-8a77-fface1bc669f.roa
Signing time:             Thu 15 Sep 2022 00:00:00 +0000
ROA not before:           Thu 15 Sep 2022 00:00:00 +0000
ROA not after:            Sun 18 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:a6:d4:4b:d2:14:d0:89:5f:25:ce:9c:a6:3b:87:35:9a:f4:73:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 15 00:00:00 2022 GMT
            Not After : Sep 18 23:59:59 2022 GMT
        Subject: serialNumber=6e09dde3123b4e772d32904b2824252dd0a45557449038a21f539e1ad4c4107d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9d:d6:73:e0:3b:fa:99:f2:12:d1:5c:dd:8c:
                    bd:d1:89:54:76:57:94:e3:c8:ad:14:85:26:87:3b:
                    41:13:ba:07:f0:af:65:ae:75:c8:e3:8e:8a:3f:59:
                    15:80:95:3b:48:d0:cf:01:88:b4:33:4d:9e:cc:fd:
                    39:cf:5f:eb:4b:16:f6:64:4d:29:b8:c0:77:be:ba:
                    a6:3c:56:71:bd:2d:00:b7:cc:33:c2:d1:e3:67:15:
                    3e:1b:b8:6c:30:6d:d3:fe:a3:2f:7a:a3:72:fc:62:
                    1c:3b:71:24:3c:18:3a:e4:a1:68:3a:fe:52:94:b2:
                    4a:14:9f:75:54:d3:69:bc:21:89:77:c4:d1:f0:11:
                    b0:24:ae:54:0c:d1:96:e9:6e:3a:c9:30:11:e2:21:
                    42:88:9c:86:43:fc:b0:9b:1f:f9:33:d9:d7:77:0c:
                    4b:ac:af:f2:b8:88:f1:7d:67:43:51:6c:44:d2:37:
                    bd:4b:04:2f:49:98:50:fc:c4:96:e3:f9:04:f3:3d:
                    00:77:c3:6b:69:c3:5e:59:84:8d:bb:1c:4d:71:a3:
                    f4:e8:3f:43:e2:99:c5:27:b1:a3:02:f8:b3:79:b4:
                    fb:97:8b:9a:b2:05:f9:e7:cf:52:93:52:07:b8:dd:
                    4a:35:0f:22:5e:a5:11:ab:d3:19:81:e0:95:ed:ac:
                    1e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:54:92:05:4A:B8:0E:DA:E5:9C:00:8A:B0:81:9B:C6:88:CE:F2:B9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4356ee45-b792-4734-8a77-fface1bc669f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:2e:52:87:ac:71:c6:e5:c2:46:cf:ad:2b:46:01:37:7b:d1:
         5d:ab:dc:a0:02:08:f2:41:29:ab:82:fa:55:a9:63:7b:86:3e:
         e6:30:f9:ab:b8:7f:6b:82:36:1a:dd:cb:05:be:fc:b8:e1:9f:
         03:e2:a9:6f:ce:4c:df:1d:61:3c:00:d8:5b:83:2c:1d:c3:6f:
         12:e6:7b:07:c6:2c:57:c9:fa:bb:06:68:73:fd:41:e8:10:e3:
         ac:39:59:2c:d2:3e:bd:e1:17:0c:97:f6:0f:e2:50:ed:36:73:
         ab:03:98:b4:36:6e:39:5d:d1:19:cf:ae:0f:6d:5a:36:92:a6:
         db:d2:ae:e6:e6:97:3b:1e:9a:a7:ec:a1:7a:e8:9b:c2:cf:bb:
         4f:3c:b3:dd:9a:ba:92:93:77:2a:84:e3:32:74:10:f8:62:87:
         8d:f3:fd:89:b9:8b:af:97:2e:10:f3:e9:24:e8:72:a5:19:4c:
         50:c0:18:87:3f:10:35:62:23:4e:29:dc:4d:2a:4c:a7:02:e8:
         57:86:8d:7a:d2:17:cd:9a:b6:84:70:0f:0d:60:55:be:a4:c7:
         b9:2d:cb:d8:2e:08:e1:1d:07:ed:d0:10:56:5c:dc:db:b5:c0:
         22:49:19:29:ce:a3:85:71:05:e2:d0:80:ce:b6:73:07:d8:0e:
         3b:41:14:92
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUWqbUS9IU0IlfJc6cpjuHNZr0c4cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTE1MDAwMDAwWhcNMjIwOTE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANmUwOWRkZTMxMjNiNGU3NzJkMzI5MDRiMjgyNDI1MmRk
MGE0NTU1NzQ0OTAzOGEyMWY1MzllMWFkNGM0MTA3ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ2d1nPgO/qZ8hLRXN2MvdGJVHZXlOPIrRSFJoc7QRO6B/CvZa51
yOOOij9ZFYCVO0jQzwGItDNNnsz9Oc9f60sW9mRNKbjAd766pjxWcb0tALfMM8LR
42cVPhu4bDBt0/6jL3qjcvxiHDtxJDwYOuShaDr+UpSyShSfdVTTabwhiXfE0fAR
sCSuVAzRluluOskwEeIhQoichkP8sJsf+TPZ13cMS6yv8riI8X1nQ1FsRNI3vUsE
L0mYUPzEluP5BPM9AHfDa2nDXlmEjbscTXGj9Og/Q+KZxSexowL4s3m0+5eLmrIF
+efPUpNSB7jdSjUPIl6lEavTGYHgle2sHgMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTHVJIFSrgO2uWcAIqwgZvGiM7yuTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDM1NmVlNDUtYjc5Mi00NzM0LThhNzctZmZhY2UxYmM2NjlmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFsuUoesccblwkbP
rStGATd70V2r3KACCPJBKauC+lWpY3uGPuYw+au4f2uCNhrdywW+/LjhnwPiqW/O
TN8dYTwA2FuDLB3DbxLmewfGLFfJ+rsGaHP9QegQ46w5WSzSPr3hFwyX9g/iUO02
c6sDmLQ2bjld0RnPrg9tWjaSptvSrubmlzsemqfsoXrom8LPu088s92aupKTdyqE
4zJ0EPhih43z/Ym5i6+XLhDz6STocqUZTFDAGIc/EDViI04p3E0qTKcC6FeGjXrS
F82atoRwDw1gVb6kx7kty9guCOEdB+3QEFZc3Nu1wCJJGSnOo4VxBeLQgM62cwfY
DjtBFJI=
-----END CERTIFICATE-----