Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5376348a-9e93-4017-85b5-25f31671e3b9.roa
File:                     5376348a-9e93-4017-85b5-25f31671e3b9.roa (raw, json)
Hash identifier:          WDNAX5PhjpTagJ2RxZjEggfgVo8sAR/5PjgSCOkciH0=
Subject key identifier:   80:34:95:AE:B9:87:14:3B:69:E2:B6:43:94:B1:11:05:77:79:9B:F1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       31428400725F76EBF6AB7C15AD278295A81AD1F9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5376348a-9e93-4017-85b5-25f31671e3b9.roa
Signing time:             Wed 18 Jan 2023 00:00:00 +0000
ROA not before:           Wed 18 Jan 2023 00:00:00 +0000
ROA not after:            Sat 21 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:42:84:00:72:5f:76:eb:f6:ab:7c:15:ad:27:82:95:a8:1a:d1:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 18 00:00:00 2023 GMT
            Not After : Jan 21 23:59:59 2023 GMT
        Subject: serialNumber=67ee170cccaca931b0d86bc6153f040f79675c2a478c6761033b770306d9a0ea, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e1:3d:bb:3e:0c:94:27:17:40:a7:8e:b6:aa:
                    cc:34:57:ff:96:22:83:51:b2:23:70:38:f6:de:c8:
                    23:4d:f8:b5:a2:3a:b5:f8:97:a8:12:b8:01:03:54:
                    cf:af:2e:93:f8:1e:9c:f0:8b:f2:c6:09:41:9d:8f:
                    0a:0d:49:81:ea:57:0d:3b:2c:ba:e4:dc:dc:ea:5f:
                    15:e4:f0:2f:aa:67:f6:6d:ca:71:a0:98:68:93:46:
                    53:90:81:80:96:de:55:fa:11:28:0f:eb:ee:5b:96:
                    b6:a1:4c:3e:5c:ff:c7:d7:b0:1e:70:33:fc:04:3a:
                    aa:de:59:ab:be:3a:7b:36:be:ec:ba:13:63:29:2c:
                    eb:37:7a:86:d6:1d:2b:1f:4d:0e:5b:7e:ad:08:29:
                    df:dd:09:92:a9:26:20:d9:44:e5:b3:27:4b:2c:c2:
                    99:8d:a8:3b:4d:7a:13:94:61:a8:42:7a:07:d5:c1:
                    da:d6:16:78:80:64:66:e6:2e:52:19:95:f9:65:f5:
                    83:bc:29:b3:b6:70:5c:18:bf:21:99:45:b5:e4:50:
                    4c:be:c1:e0:67:e4:01:c9:88:9e:d7:60:25:b3:86:
                    7b:de:7d:42:70:4d:97:19:de:85:7d:f4:5f:27:0a:
                    da:ef:92:57:ad:52:72:f5:3e:40:55:1a:5b:e7:83:
                    81:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:34:95:AE:B9:87:14:3B:69:E2:B6:43:94:B1:11:05:77:79:9B:F1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5376348a-9e93-4017-85b5-25f31671e3b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:82:00:03:53:6d:09:45:85:e5:b6:6f:ff:bd:ae:2c:5f:2d:
         e8:17:de:9a:6c:b7:d7:c8:3a:03:e4:ee:ae:d3:6e:2e:98:d2:
         ce:af:99:b8:98:22:fe:a4:50:cc:4a:c0:56:3a:20:9e:38:f6:
         80:33:68:9e:98:2e:a5:fc:9d:07:ef:ce:5e:51:c0:10:43:83:
         42:55:98:9e:47:f9:4b:f7:cf:fc:66:81:c9:5e:15:f6:e7:9b:
         48:62:97:6a:4a:b1:e1:5e:63:d0:43:c6:1d:39:4e:55:73:ab:
         4e:7d:17:e1:46:b2:51:7a:d1:45:a4:46:9d:f3:58:d8:96:37:
         21:fc:7c:ec:d0:f7:b6:a6:91:45:62:ad:c6:d5:a4:4a:62:e5:
         e9:27:d4:e0:e4:f9:97:59:77:de:bb:e7:01:8f:a5:df:43:86:
         ec:8f:57:94:6e:16:37:34:20:7c:06:7f:2a:f5:7d:c4:e8:98:
         2a:18:66:39:7b:46:66:c6:5c:32:9c:cd:55:b8:ac:93:02:1e:
         6c:49:61:cc:a3:d0:17:19:f5:7b:c0:a8:ca:66:d4:6a:ee:dc:
         79:1a:ee:f4:a4:87:97:1a:c0:55:09:3b:c9:94:0f:61:a4:0a:
         09:bd:65:1e:af:f1:c1:02:13:e9:22:67:67:6e:59:a0:5d:c0:
         c5:8b:f9:cf
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMUKEAHJfduv2q3wVrSeClaga0fkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTE4MDAwMDAwWhcNMjMwMTIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANjdlZTE3MGNjY2FjYTkzMWIwZDg2YmM2MTUzZjA0MGY3
OTY3NWMyYTQ3OGM2NzYxMDMzYjc3MDMwNmQ5YTBlYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJzhPbs+DJQnF0CnjraqzDRX/5Yig1GyI3A49t7II034taI6tfiX
qBK4AQNUz68uk/genPCL8sYJQZ2PCg1JgepXDTssuuTc3OpfFeTwL6pn9m3KcaCY
aJNGU5CBgJbeVfoRKA/r7luWtqFMPlz/x9ewHnAz/AQ6qt5Zq746eza+7LoTYyks
6zd6htYdKx9NDlt+rQgp390JkqkmINlE5bMnSyzCmY2oO016E5RhqEJ6B9XB2tYW
eIBkZuYuUhmV+WX1g7wps7ZwXBi/IZlFteRQTL7B4GfkAcmIntdgJbOGe959QnBN
lxnehX30XycK2u+SV61ScvU+QFUaW+eDgTECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSANJWuuYcUO2nitkOUsREFd3mb8TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTM3NjM0OGEtOWU5My00MDE3LTg1YjUtMjVmMzE2NzFlM2I5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI+CAANTbQlFheW2
b/+9rixfLegX3ppst9fIOgPk7q7Tbi6Y0s6vmbiYIv6kUMxKwFY6IJ449oAzaJ6Y
LqX8nQfvzl5RwBBDg0JVmJ5H+Uv3z/xmgcleFfbnm0hil2pKseFeY9BDxh05TlVz
q059F+FGslF60UWkRp3zWNiWNyH8fOzQ97amkUVircbVpEpi5ekn1ODk+ZdZd967
5wGPpd9DhuyPV5RuFjc0IHwGfyr1fcTomCoYZjl7RmbGXDKczVW4rJMCHmxJYcyj
0BcZ9XvAqMpm1Gru3Hka7vSkh5cawFUJO8mUD2GkCgm9ZR6v8cECE+kiZ2duWaBd
wMWL+c8=
-----END CERTIFICATE-----