Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/60f5fac1-1d20-4568-81a3-718642d505be.roa
File:                     60f5fac1-1d20-4568-81a3-718642d505be.roa (raw, json)
Hash identifier:          aQYI5PL+82d6ebr0ZNjdzR0KHoc2rYDvui5QqUuxq90=
Subject key identifier:   A6:E0:81:84:F7:E3:CE:03:EB:BA:D5:47:E5:8B:66:71:AC:5E:D8:00
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       12B796501E4FE9297FA99E293749FE103F7EEF6B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/60f5fac1-1d20-4568-81a3-718642d505be.roa
Signing time:             Sat 25 Feb 2023 00:00:00 +0000
ROA not before:           Sat 25 Feb 2023 00:00:00 +0000
ROA not after:            Tue 28 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:b7:96:50:1e:4f:e9:29:7f:a9:9e:29:37:49:fe:10:3f:7e:ef:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 25 00:00:00 2023 GMT
            Not After : Feb 28 23:59:59 2023 GMT
        Subject: serialNumber=14052d0c1c99228d6324f9e5e49c7d0516b0191fdf1a0d0629ae2899341abf85, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:5f:b4:16:a4:b7:1a:08:0d:ff:14:36:e0:e3:
                    1b:18:36:5e:ea:ec:d1:ec:c3:15:46:fe:a1:45:6a:
                    b5:be:11:ff:87:f3:17:b8:12:2f:4d:d4:a2:25:18:
                    52:f4:6c:d1:b9:14:f5:d4:77:44:21:51:2d:ae:8d:
                    95:00:6a:0f:20:2d:b7:cd:54:a8:bd:6b:d4:3f:de:
                    2d:ba:6d:7c:ad:4e:ca:a4:64:a2:a3:7e:71:4c:ba:
                    bf:46:e6:73:35:f9:88:e9:18:03:58:a0:aa:23:4d:
                    f3:69:b4:c8:a6:29:9a:35:cd:50:ca:c4:47:eb:9f:
                    9f:0b:ac:92:c4:03:d5:9e:7e:9e:23:87:fd:fb:97:
                    6e:05:2c:f1:eb:68:84:b8:f0:ef:5c:61:39:93:3b:
                    6b:15:d8:d1:59:a1:14:6d:9d:1b:69:61:b2:94:17:
                    6c:4d:9d:6c:58:98:98:4a:b2:ab:f5:f9:6c:a1:51:
                    1d:2f:09:0e:56:8c:a3:c2:4d:2d:eb:1c:d2:c7:7d:
                    12:40:10:f0:fd:e9:a6:cd:89:fa:b8:19:ae:f1:24:
                    b4:1b:e8:e1:74:45:ab:eb:4f:f2:c3:ee:41:0b:a5:
                    6a:6a:c2:1c:6a:df:f2:88:9d:ce:a2:ef:9d:56:be:
                    59:a1:94:d4:df:d4:79:75:8e:24:5a:42:c7:db:16:
                    4a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:E0:81:84:F7:E3:CE:03:EB:BA:D5:47:E5:8B:66:71:AC:5E:D8:00
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/60f5fac1-1d20-4568-81a3-718642d505be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:bf:02:a0:31:cc:db:f9:06:e5:0f:e4:6b:53:e1:3c:a4:19:
         a6:00:c0:70:db:7a:5f:bc:22:c9:7d:71:a8:88:68:23:87:ae:
         41:22:0b:5d:62:d6:73:27:17:bb:b3:97:86:aa:d9:e2:39:eb:
         4a:ec:7e:8b:8d:03:dd:25:18:72:16:9b:f3:ee:b7:dd:9a:5e:
         9d:e9:60:4b:1c:a2:8b:77:22:48:b3:71:28:96:ed:5c:4a:33:
         ca:d7:a6:0d:65:c4:f3:bf:79:2e:50:43:e9:13:c4:a3:9c:f5:
         37:4e:10:99:3c:7e:0d:76:55:ad:88:7e:95:88:0f:e0:69:5d:
         02:59:ed:27:24:e0:21:d4:b2:71:62:85:59:4e:73:77:24:0a:
         5d:b6:16:2c:b0:15:3a:7f:cc:e4:2d:6b:f0:40:8c:bf:87:ec:
         d1:17:a5:dc:7e:a0:af:fc:b1:bf:23:4a:ea:c5:a7:cc:ad:27:
         28:53:4c:8a:f3:0c:d5:e4:7e:31:a4:94:a4:fc:74:b3:e6:f5:
         cd:20:ea:e4:9c:9f:59:6c:b4:39:1b:01:be:f1:6d:64:fa:73:
         59:3e:c0:34:2f:21:5e:81:4f:8b:86:3a:52:ff:2d:86:cd:2e:
         17:03:e4:dd:90:d7:97:23:b9:e7:5a:21:2e:b0:50:59:83:ac:
         08:c5:6a:d4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEreWUB5P6Sl/qZ4pN0n+ED9+72swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI1MDAwMDAwWhcNMjMwMjI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTQwNTJkMGMxYzk5MjI4ZDYzMjRmOWU1ZTQ5YzdkMDUx
NmIwMTkxZmRmMWEwZDA2MjlhZTI4OTkzNDFhYmY4NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANdftBaktxoIDf8UNuDjGxg2Xurs0ezDFUb+oUVqtb4R/4fzF7gS
L03UoiUYUvRs0bkU9dR3RCFRLa6NlQBqDyAtt81UqL1r1D/eLbptfK1OyqRkoqN+
cUy6v0bmczX5iOkYA1igqiNN82m0yKYpmjXNUMrER+ufnwusksQD1Z5+niOH/fuX
bgUs8etohLjw71xhOZM7axXY0VmhFG2dG2lhspQXbE2dbFiYmEqyq/X5bKFRHS8J
DlaMo8JNLesc0sd9EkAQ8P3pps2J+rgZrvEktBvo4XRFq+tP8sPuQQulamrCHGrf
8oidzqLvnVa+WaGU1N/UeXWOJFpCx9sWSkMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSm4IGE9+POA+u61Ufli2ZxrF7YADAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjBmNWZhYzEtMWQyMC00NTY4LTgxYTMtNzE4NjQyZDUwNWJlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALu/AqAxzNv5BuUP
5GtT4TykGaYAwHDbel+8Isl9caiIaCOHrkEiC11i1nMnF7uzl4aq2eI560rsfouN
A90lGHIWm/Put92aXp3pYEscoot3IkizcSiW7VxKM8rXpg1lxPO/eS5QQ+kTxKOc
9TdOEJk8fg12Va2IfpWID+BpXQJZ7Sck4CHUsnFihVlOc3ckCl22FiywFTp/zOQt
a/BAjL+H7NEXpdx+oK/8sb8jSurFp8ytJyhTTIrzDNXkfjGklKT8dLPm9c0g6uSc
n1lstDkbAb7xbWT6c1k+wDQvIV6BT4uGOlL/LYbNLhcD5N2Q15cjuedaIS6wUFmD
rAjFatQ=
-----END CERTIFICATE-----