Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/533d9779-ebf5-4778-b9d4-eb06fa91b4f5.roa
File:                     533d9779-ebf5-4778-b9d4-eb06fa91b4f5.roa (raw, json)
Hash identifier:          rYud0Lhaxg5l0YQTrjHfNw4WRO4YSCzXwrc6VDyJHvI=
Subject key identifier:   2E:CA:BB:6D:9A:D3:FA:75:29:D4:5A:08:D6:E2:46:6F:DB:50:50:6D
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       60AF4BB4B40CA0A5B44E1E99FB43FCFE7C97C783
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/533d9779-ebf5-4778-b9d4-eb06fa91b4f5.roa
Signing time:             Fri 10 Mar 2023 00:00:00 +0000
ROA not before:           Fri 10 Mar 2023 00:00:00 +0000
ROA not after:            Mon 13 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:af:4b:b4:b4:0c:a0:a5:b4:4e:1e:99:fb:43:fc:fe:7c:97:c7:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 10 00:00:00 2023 GMT
            Not After : Mar 13 23:59:59 2023 GMT
        Subject: serialNumber=9e856c5f4f80c22a85b1fe64b38fd38ac91541a9507e04ba9e192819bd963146, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:14:d3:35:f2:24:20:fb:ab:15:33:a5:a1:e5:
                    fb:1c:bc:c1:1a:1b:8a:f5:7c:ad:57:f3:a0:7b:e9:
                    0a:5b:58:f7:66:55:d1:82:26:c2:04:1c:f9:3a:13:
                    7b:bf:26:a9:cd:66:43:b9:6e:bc:67:a9:0e:21:8c:
                    5d:f3:bf:2d:67:88:16:3d:4f:83:d8:48:bd:2e:4d:
                    22:85:24:c6:39:7c:2f:74:79:ae:dd:e3:41:40:6d:
                    f0:b7:5e:e9:df:8c:70:cc:a6:f3:7b:24:92:54:c8:
                    0d:8b:10:23:af:47:ec:3b:de:d8:01:d2:52:20:97:
                    84:be:ca:f9:58:68:43:2b:3f:7b:5f:55:4f:24:20:
                    b6:55:5f:c0:10:55:85:a7:56:41:5b:8b:a5:f4:4b:
                    27:0c:2a:6b:6f:4e:c6:e7:cc:7f:58:00:c7:20:57:
                    7b:2d:09:d2:f8:bc:89:82:7f:e9:3f:c9:ae:c1:96:
                    bd:03:0d:7a:cd:8e:a9:7e:7a:cc:e2:bb:f4:7e:6e:
                    4f:1e:06:73:9d:12:78:d9:ed:c8:3d:74:8c:ae:4f:
                    e4:5f:4b:4c:48:a3:ad:1d:10:1d:d5:0d:b1:c6:9c:
                    b1:aa:08:82:0e:c9:38:3d:c5:22:ec:0a:53:f4:a0:
                    ab:77:b3:9c:e2:fe:f5:b4:14:76:7e:0a:a5:6e:7b:
                    c5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:CA:BB:6D:9A:D3:FA:75:29:D4:5A:08:D6:E2:46:6F:DB:50:50:6D
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/533d9779-ebf5-4778-b9d4-eb06fa91b4f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:6c:3f:d9:14:0e:eb:03:e0:29:8f:0a:41:21:5e:a8:14:a4:
         ee:7e:f1:2b:56:d1:b2:d3:00:93:7a:cd:87:6e:28:53:4b:80:
         d3:1b:da:b7:62:f2:7b:eb:5d:17:6c:ff:cd:af:ea:40:2c:35:
         99:56:9c:c6:32:e8:3f:64:00:79:83:3f:5d:3e:12:ca:98:7c:
         09:25:72:30:2b:c2:4f:9a:38:d9:a7:4c:ad:c0:42:9e:e7:df:
         d8:f2:bb:98:fa:9a:8e:67:72:5c:2a:62:a9:8d:fa:58:d5:9f:
         9a:c1:44:4a:53:7a:03:2e:9c:52:47:fd:88:78:c4:90:81:0f:
         84:7a:ef:e6:84:c4:d4:a6:f5:a0:c3:ee:7d:4a:3f:6c:06:94:
         d9:c0:58:1f:57:a8:53:06:7a:c4:84:80:68:fb:3c:8e:07:ad:
         23:66:7d:4c:80:b1:86:2f:cd:91:4b:b8:79:4c:45:12:b0:50:
         17:2b:bd:90:6c:27:15:d5:b4:56:f8:62:e3:aa:f6:1d:9e:19:
         8e:43:86:b4:36:72:5b:60:79:3d:f8:c2:c8:85:52:66:9e:39:
         e1:2a:e6:44:a8:48:2a:ab:66:33:6a:2c:33:a1:bb:e9:f8:59:
         ce:ee:39:f1:97:f7:f1:6f:b9:c5:f5:e8:2e:9f:12:7e:ed:97:
         13:1a:53:98
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYK9LtLQMoKW0Th6Z+0P8/nyXx4MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEwMDAwMDAwWhcNMjMwMzEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOWU4NTZjNWY0ZjgwYzIyYTg1YjFmZTY0YjM4ZmQzOGFj
OTE1NDFhOTUwN2UwNGJhOWUxOTI4MTliZDk2MzE0NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKEU0zXyJCD7qxUzpaHl+xy8wRobivV8rVfzoHvpCltY92ZV0YIm
wgQc+ToTe78mqc1mQ7luvGepDiGMXfO/LWeIFj1Pg9hIvS5NIoUkxjl8L3R5rt3j
QUBt8Lde6d+McMym83skklTIDYsQI69H7Dve2AHSUiCXhL7K+VhoQys/e19VTyQg
tlVfwBBVhadWQVuLpfRLJwwqa29OxufMf1gAxyBXey0J0vi8iYJ/6T/JrsGWvQMN
es2OqX56zOK79H5uTx4Gc50SeNntyD10jK5P5F9LTEijrR0QHdUNscacsaoIgg7J
OD3FIuwKU/Sgq3eznOL+9bQUdn4KpW57xd8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQuyrttmtP6dSnUWgjW4kZv21BQbTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTMzZDk3NzktZWJmNS00Nzc4LWI5ZDQtZWIwNmZhOTFiNGY1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJZsP9kUDusD4CmP
CkEhXqgUpO5+8StW0bLTAJN6zYduKFNLgNMb2rdi8nvrXRds/82v6kAsNZlWnMYy
6D9kAHmDP10+EsqYfAklcjArwk+aONmnTK3AQp7n39jyu5j6mo5nclwqYqmN+ljV
n5rBREpTegMunFJH/Yh4xJCBD4R67+aExNSm9aDD7n1KP2wGlNnAWB9XqFMGesSE
gGj7PI4HrSNmfUyAsYYvzZFLuHlMRRKwUBcrvZBsJxXVtFb4YuOq9h2eGY5DhrQ2
cltgeT34wsiFUmaeOeEq5kSoSCqrZjNqLDOhu+n4Wc7uOfGX9/FvucX16C6fEn7t
lxMaU5g=
-----END CERTIFICATE-----