Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55b32f07-1339-4c22-b2ec-397fcb442019.roa
File:                     55b32f07-1339-4c22-b2ec-397fcb442019.roa (raw, json)
Hash identifier:          H0X14013v4Mc+oiPvrgiWIVDwhkSyIUUAb6xPrxORZA=
Subject key identifier:   3D:A9:FD:E2:60:F3:AC:6E:F6:32:06:1C:33:7D:28:9B:9C:E7:B4:43
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5F93C240BB90249E8B022B68987BE3A03D30F30B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55b32f07-1339-4c22-b2ec-397fcb442019.roa
Signing time:             Wed 15 Mar 2023 00:00:00 +0000
ROA not before:           Wed 15 Mar 2023 00:00:00 +0000
ROA not after:            Sat 18 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:93:c2:40:bb:90:24:9e:8b:02:2b:68:98:7b:e3:a0:3d:30:f3:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 15 00:00:00 2023 GMT
            Not After : Mar 18 23:59:59 2023 GMT
        Subject: serialNumber=bd6bf1ceefe4f4d1613bf764ceb44406162dca6662fbebdf8f3dc41e396cfb3c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:cd:4d:c0:0d:c0:9d:21:61:67:01:94:7e:cc:
                    cd:8c:e1:3c:c5:c7:8c:b1:37:26:af:c6:13:00:34:
                    5f:3a:cf:73:e2:59:d3:ac:f8:ad:86:79:6e:bd:89:
                    82:cf:f9:aa:b3:6c:7b:f4:23:c6:87:43:6b:16:8a:
                    58:24:93:8f:a6:75:d7:c5:d3:de:c0:62:ca:97:bf:
                    79:18:78:28:f9:75:db:35:84:1a:79:4d:b5:f7:61:
                    e2:ce:71:85:39:22:ce:44:34:4b:88:b3:3a:b8:54:
                    71:ae:8a:8b:a5:c5:c7:1d:f6:5c:62:7d:3a:5d:2e:
                    50:9d:de:7a:76:e1:02:93:16:4d:c2:86:f5:e8:95:
                    86:6a:6f:7c:b3:e4:2c:d5:eb:3b:79:a4:93:76:c0:
                    e0:36:eb:86:9e:40:d3:29:b9:3c:35:bb:33:4c:e5:
                    af:bb:31:69:7c:2d:51:58:05:b9:93:28:fd:b6:51:
                    34:68:b8:ff:50:80:f4:78:4c:b7:7f:14:d2:94:de:
                    20:86:15:18:1a:51:d1:be:4f:64:49:2e:cf:f8:fe:
                    b5:0a:7b:dd:93:10:9e:07:f4:ef:9e:ea:e0:d7:c8:
                    b0:9a:72:d4:4f:3d:ba:06:fc:fe:1c:6f:61:05:5b:
                    98:ba:d2:2a:eb:c7:f1:5c:c1:c5:72:f9:7f:2a:12:
                    c3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:A9:FD:E2:60:F3:AC:6E:F6:32:06:1C:33:7D:28:9B:9C:E7:B4:43
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55b32f07-1339-4c22-b2ec-397fcb442019.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:98:42:60:2d:a7:a8:fe:e9:04:77:20:f9:c1:0a:ee:fa:f6:
         ab:be:0d:4e:4a:18:ad:bc:fb:27:d3:fd:e9:42:bc:37:88:61:
         79:40:59:78:ee:de:47:88:f0:46:61:03:47:8b:da:fd:b6:5d:
         61:45:3b:1b:d9:a5:e4:d2:46:29:8f:ad:63:31:05:ce:e0:70:
         87:73:fc:9b:20:b8:99:8c:56:fa:67:8c:9b:ca:3f:06:75:f3:
         12:a8:5e:bc:0b:53:26:3e:2a:b3:dc:bc:8b:3c:55:42:91:0c:
         a9:4d:8f:25:51:9a:c9:00:d7:b4:6d:4f:e3:6e:90:a3:ac:1a:
         e9:a3:05:eb:de:d8:79:66:bf:a5:21:bd:80:0e:e6:87:99:c3:
         17:c5:59:b9:7e:ef:fb:48:b2:f4:96:02:74:37:3e:a4:46:01:
         dc:82:bc:3b:f1:7e:9c:96:20:a4:df:5d:21:77:f7:fa:44:19:
         02:7f:8a:e4:45:cb:47:e6:60:c2:c1:d7:9f:19:22:d0:e1:5f:
         a6:bd:16:14:9b:0e:e1:47:0b:39:64:03:83:08:19:f0:8f:54:
         04:d1:29:af:eb:c2:ee:50:fc:73:d7:01:2d:29:7e:b5:55:4b:
         7d:1a:3a:23:8f:39:5c:ea:88:74:e7:f9:ee:7f:e2:7e:f1:2d:
         81:42:91:40
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUX5PCQLuQJJ6LAitomHvjoD0w8wswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE1MDAwMDAwWhcNMjMwMzE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmQ2YmYxY2VlZmU0ZjRkMTYxM2JmNzY0Y2ViNDQ0MDYx
NjJkY2E2NjYyZmJlYmRmOGYzZGM0MWUzOTZjZmIzYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIvNTcANwJ0hYWcBlH7MzYzhPMXHjLE3Jq/GEwA0XzrPc+JZ06z4
rYZ5br2Jgs/5qrNse/QjxodDaxaKWCSTj6Z118XT3sBiype/eRh4KPl12zWEGnlN
tfdh4s5xhTkizkQ0S4izOrhUca6Ki6XFxx32XGJ9Ol0uUJ3eenbhApMWTcKG9eiV
hmpvfLPkLNXrO3mkk3bA4Dbrhp5A0ym5PDW7M0zlr7sxaXwtUVgFuZMo/bZRNGi4
/1CA9HhMt38U0pTeIIYVGBpR0b5PZEkuz/j+tQp73ZMQngf0757q4NfIsJpy1E89
ugb8/hxvYQVbmLrSKuvH8VzBxXL5fyoSwwMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ9qf3iYPOsbvYyBhwzfSibnOe0QzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTViMzJmMDctMTMzOS00YzIyLWIyZWMtMzk3ZmNiNDQyMDE5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIKYQmAtp6j+6QR3
IPnBCu769qu+DU5KGK28+yfT/elCvDeIYXlAWXju3keI8EZhA0eL2v22XWFFOxvZ
peTSRimPrWMxBc7gcIdz/JsguJmMVvpnjJvKPwZ18xKoXrwLUyY+KrPcvIs8VUKR
DKlNjyVRmskA17RtT+NukKOsGumjBeve2Hlmv6UhvYAO5oeZwxfFWbl+7/tIsvSW
AnQ3PqRGAdyCvDvxfpyWIKTfXSF39/pEGQJ/iuRFy0fmYMLB158ZItDhX6a9FhSb
DuFHCzlkA4MIGfCPVATRKa/rwu5Q/HPXAS0pfrVVS30aOiOPOVzqiHTn+e5/4n7x
LYFCkUA=
-----END CERTIFICATE-----