Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/45ad873a-cda5-49f9-9c01-7c49b2c7c471.roa
File:                     45ad873a-cda5-49f9-9c01-7c49b2c7c471.roa (raw, json)
Hash identifier:          RQQn2QRHVUzYGc9xvo6bw+8nHEkL6xiYNgSize7wDX8=
Subject key identifier:   3B:81:70:67:77:1F:1E:0C:26:3D:E1:C6:2A:3E:04:94:AE:B1:20:FB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       74A504D956E9F3614464D8F21160229081F3CD0B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/45ad873a-cda5-49f9-9c01-7c49b2c7c471.roa
Signing time:             Wed 12 Oct 2022 00:00:00 +0000
ROA not before:           Wed 12 Oct 2022 00:00:00 +0000
ROA not after:            Sat 15 Oct 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:a5:04:d9:56:e9:f3:61:44:64:d8:f2:11:60:22:90:81:f3:cd:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Oct 12 00:00:00 2022 GMT
            Not After : Oct 15 23:59:59 2022 GMT
        Subject: serialNumber=cc880af7507f4b23a1df1fa814468048b5a5454bbfc589e4e98a702e012a01b9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:6b:50:9f:df:5e:cb:85:3d:69:e1:26:10:58:
                    e9:03:c6:5d:c6:34:5b:9d:32:83:be:77:28:dd:61:
                    51:53:3c:b1:e4:80:24:ff:13:29:83:1e:7c:49:4a:
                    c4:8e:13:01:57:eb:6d:05:b4:13:d1:e5:90:bb:9f:
                    c3:e4:5c:96:d8:b4:89:d7:85:0a:f1:5b:b8:ad:a9:
                    70:cb:50:ac:67:a5:fe:ae:ca:4a:15:c2:0f:1a:2a:
                    a7:ef:31:fa:81:87:0f:af:d5:3b:5c:19:c5:19:a6:
                    b5:f4:f7:db:c9:24:d0:ef:19:ff:63:36:ec:98:ed:
                    32:f8:c6:cd:e6:bd:90:4d:3c:ea:1c:53:87:cf:e4:
                    52:4e:19:50:ba:1c:e2:b7:a3:cf:ad:7e:23:a0:8b:
                    6e:da:51:0a:2b:60:8f:90:87:01:e9:c2:1b:fc:34:
                    b2:1b:cf:70:7c:e6:cc:00:87:24:dc:68:6a:3d:13:
                    e1:24:06:d9:f7:ab:ca:ea:9b:a4:30:44:85:9f:38:
                    90:c3:6d:2d:94:30:13:f4:49:76:26:5a:78:1c:95:
                    19:c2:9d:74:17:fc:98:ea:94:74:bd:eb:7c:42:9b:
                    df:6a:2c:75:27:f1:2d:b6:35:e1:68:7a:1d:01:8c:
                    e0:6e:6d:8c:ad:b9:62:50:7e:0f:4f:0f:de:9a:7f:
                    2e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:81:70:67:77:1F:1E:0C:26:3D:E1:C6:2A:3E:04:94:AE:B1:20:FB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/45ad873a-cda5-49f9-9c01-7c49b2c7c471.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:fd:0d:84:4e:92:f9:04:d8:34:93:24:47:db:4f:15:d8:d2:
         40:8d:50:30:d1:6c:d3:2d:83:f1:c1:cc:b9:e7:e5:a6:c8:f8:
         df:13:30:12:48:7d:b4:a5:63:79:91:01:45:32:42:b5:7d:8a:
         b3:24:fd:73:c3:59:3b:ba:9b:68:2e:55:37:eb:bf:bf:31:86:
         2c:67:96:a4:3c:08:03:d4:43:0b:8c:f1:b7:62:75:a4:9b:9f:
         11:01:24:4d:43:ca:e5:66:b9:e4:0a:1c:9a:58:e6:74:f3:70:
         a4:c1:11:e1:b8:77:72:cc:ce:4f:24:86:40:13:d6:ac:7a:eb:
         32:c2:d0:1b:cc:46:a4:e7:6b:c8:b1:7e:6e:1c:c1:a6:81:46:
         ec:7a:28:20:39:3b:13:10:2c:64:64:23:e3:a1:ee:aa:98:da:
         33:34:c8:b6:ff:7c:51:5d:b9:6d:59:dd:c1:40:56:ee:4f:ee:
         76:7f:96:19:7f:92:7c:81:71:d8:0a:2a:0d:4d:48:6c:6d:86:
         2f:76:98:63:e8:bf:13:13:08:ca:9e:f7:d2:05:6d:43:cd:e2:
         49:fe:ba:0c:40:46:9a:98:79:f5:8d:b0:d9:52:f9:fa:3f:e4:
         21:c7:a8:63:5f:21:8e:83:93:57:b8:51:b7:2d:7f:13:1e:f3:
         46:b7:8b:e1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdKUE2Vbp82FEZNjyEWAikIHzzQswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMDEyMDAwMDAwWhcNMjIxMDE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2M4ODBhZjc1MDdmNGIyM2ExZGYxZmE4MTQ0NjgwNDhi
NWE1NDU0YmJmYzU4OWU0ZTk4YTcwMmUwMTJhMDFiOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAORrUJ/fXsuFPWnhJhBY6QPGXcY0W50yg753KN1hUVM8seSAJP8T
KYMefElKxI4TAVfrbQW0E9HlkLufw+Rclti0ideFCvFbuK2pcMtQrGel/q7KShXC
Dxoqp+8x+oGHD6/VO1wZxRmmtfT328kk0O8Z/2M27JjtMvjGzea9kE086hxTh8/k
Uk4ZULoc4rejz61+I6CLbtpRCitgj5CHAenCG/w0shvPcHzmzACHJNxoaj0T4SQG
2feryuqbpDBEhZ84kMNtLZQwE/RJdiZaeByVGcKddBf8mOqUdL3rfEKb32osdSfx
LbY14Wh6HQGM4G5tjK25YlB+D08P3pp/Ln8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ7gXBndx8eDCY94cYqPgSUrrEg+zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDVhZDg3M2EtY2RhNS00OWY5LTljMDEtN2M0OWIyYzdjNDcxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMv9DYROkvkE2DST
JEfbTxXY0kCNUDDRbNMtg/HBzLnn5abI+N8TMBJIfbSlY3mRAUUyQrV9irMk/XPD
WTu6m2guVTfrv78xhixnlqQ8CAPUQwuM8bdidaSbnxEBJE1DyuVmueQKHJpY5nTz
cKTBEeG4d3LMzk8khkAT1qx66zLC0BvMRqTna8ixfm4cwaaBRux6KCA5OxMQLGRk
I+Oh7qqY2jM0yLb/fFFduW1Z3cFAVu5P7nZ/lhl/knyBcdgKKg1NSGxthi92mGPo
vxMTCMqe99IFbUPN4kn+ugxARpqYefWNsNlS+fo/5CHHqGNfIY6Dk1e4UbctfxMe
80a3i+E=
-----END CERTIFICATE-----