Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/66985f24-47ba-4aa6-aa5e-f6b21ae42b95.roa
File:                     66985f24-47ba-4aa6-aa5e-f6b21ae42b95.roa (raw, json)
Hash identifier:          23lKKCm1/+ColGGLjsc7uinSJTP6UWQM5QM39nRzd64=
Subject key identifier:   D2:42:58:CD:5C:A0:04:DA:D8:01:F6:E7:C9:C9:C8:99:83:99:8B:EC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       476C28A3DD1D796014AAF118241103C89D3B3854
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/66985f24-47ba-4aa6-aa5e-f6b21ae42b95.roa
Signing time:             Wed 08 Mar 2023 00:00:00 +0000
ROA not before:           Wed 08 Mar 2023 00:00:00 +0000
ROA not after:            Sat 11 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:6c:28:a3:dd:1d:79:60:14:aa:f1:18:24:11:03:c8:9d:3b:38:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  8 00:00:00 2023 GMT
            Not After : Mar 11 23:59:59 2023 GMT
        Subject: serialNumber=da2d8ef2bdf3e7e81bf18daaf3d88e4e706281f492c3a4237aae261c04cf9363, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a2:f6:b9:7f:5d:bc:75:9f:be:0e:ac:f9:cd:
                    28:d6:a2:3b:3f:c9:5c:f6:54:b6:5b:28:c1:e2:fa:
                    b5:91:83:f6:b2:6e:33:95:0b:9b:b7:2a:5a:e7:d5:
                    dc:ba:22:21:1c:41:4e:77:9e:16:ea:1c:cb:d4:b1:
                    7f:5e:40:1d:44:84:50:f1:0f:30:bb:49:cf:56:bb:
                    ff:17:3c:33:6f:c7:38:52:a4:48:b2:ad:16:42:1a:
                    4a:4d:36:3f:51:ce:21:54:c9:df:c0:cd:22:e6:bd:
                    fd:3a:2c:eb:38:ef:41:c0:1b:79:30:15:52:a6:29:
                    40:be:98:e9:d6:0f:90:da:67:78:b4:e8:dd:ee:32:
                    f4:4c:47:df:a6:fd:be:d6:5d:33:5b:1b:e6:d1:ba:
                    58:64:da:3f:0d:e5:a9:ed:4a:fb:18:93:c1:29:91:
                    bc:05:2a:c9:64:91:64:71:bc:af:96:86:bf:d3:e2:
                    cf:da:ce:4c:3b:bc:1d:9c:de:99:70:7a:6c:62:bb:
                    8e:c1:ff:d4:02:e4:bd:ab:ac:a6:aa:9a:47:60:ac:
                    82:c6:e9:3d:9c:ea:58:8f:d3:65:56:e7:83:8a:6b:
                    9b:90:78:9a:30:76:22:7b:c7:94:b8:77:96:1f:85:
                    61:95:b9:a4:b5:f1:df:5f:33:4c:88:a9:26:f8:ef:
                    62:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:42:58:CD:5C:A0:04:DA:D8:01:F6:E7:C9:C9:C8:99:83:99:8B:EC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/66985f24-47ba-4aa6-aa5e-f6b21ae42b95.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:e0:59:b4:03:e3:48:b8:57:65:fe:f7:f3:53:49:82:63:84:
         ea:6a:a8:fe:05:b6:82:29:95:d2:8d:00:e1:f4:78:fa:f7:5a:
         54:d7:7d:cf:f7:2d:e2:4b:e6:f6:f7:c6:66:51:02:e3:23:b4:
         d0:73:93:31:16:67:59:2a:68:b0:57:a7:ae:4b:d3:65:f9:0a:
         a0:03:d0:d0:ed:d1:09:72:13:b8:d6:f3:7a:64:b6:63:bd:fe:
         95:6c:43:0d:86:0f:d8:f6:23:52:8f:b1:24:05:64:79:78:a0:
         4d:dc:8c:99:0e:2b:f4:1b:d7:4f:44:bf:9c:0c:31:0e:fc:b4:
         4d:83:7f:d8:7b:3d:c3:7d:79:3f:57:72:c6:a4:ac:9b:d1:40:
         03:cf:6f:bb:0a:f9:4d:d7:78:97:be:90:31:19:38:77:d3:ee:
         54:75:fa:20:ce:05:d2:96:a8:21:0b:ff:7f:a0:aa:c2:7e:a7:
         d4:6e:8c:8f:6b:3e:46:22:f1:8c:62:6e:8a:0a:aa:46:48:16:
         1e:b5:5e:3a:d6:a0:39:55:e8:94:08:12:11:cd:0a:c3:c7:14:
         92:7e:8a:c0:b7:06:8b:64:5b:24:36:c2:0b:c7:ea:04:35:78:
         26:bd:fc:a7:c5:ad:f9:42:40:77:76:75:a0:b4:49:d3:65:5b:
         12:10:0c:62
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUR2woo90deWAUqvEYJBEDyJ07OFQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA4MDAwMDAwWhcNMjMwMzExMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGEyZDhlZjJiZGYzZTdlODFiZjE4ZGFhZjNkODhlNGU3
MDYyODFmNDkyYzNhNDIzN2FhZTI2MWMwNGNmOTM2MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALyi9rl/Xbx1n74OrPnNKNaiOz/JXPZUtlsoweL6tZGD9rJuM5UL
m7cqWufV3LoiIRxBTneeFuocy9Sxf15AHUSEUPEPMLtJz1a7/xc8M2/HOFKkSLKt
FkIaSk02P1HOIVTJ38DNIua9/Tos6zjvQcAbeTAVUqYpQL6Y6dYPkNpneLTo3e4y
9ExH36b9vtZdM1sb5tG6WGTaPw3lqe1K+xiTwSmRvAUqyWSRZHG8r5aGv9Piz9rO
TDu8HZzemXB6bGK7jsH/1ALkvauspqqaR2CsgsbpPZzqWI/TZVbng4prm5B4mjB2
InvHlLh3lh+FYZW5pLXx318zTIipJvjvYksCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTSQljNXKAE2tgB9ufJyciZg5mL7DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjY5ODVmMjQtNDdiYS00YWE2LWFhNWUtZjZiMjFhZTQyYjk1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK/gWbQD40i4V2X+
9/NTSYJjhOpqqP4FtoIpldKNAOH0ePr3WlTXfc/3LeJL5vb3xmZRAuMjtNBzkzEW
Z1kqaLBXp65L02X5CqAD0NDt0QlyE7jW83pktmO9/pVsQw2GD9j2I1KPsSQFZHl4
oE3cjJkOK/Qb109Ev5wMMQ78tE2Df9h7PcN9eT9XcsakrJvRQAPPb7sK+U3XeJe+
kDEZOHfT7lR1+iDOBdKWqCEL/3+gqsJ+p9RujI9rPkYi8YxibooKqkZIFh61XjrW
oDlV6JQIEhHNCsPHFJJ+isC3BotkWyQ2wgvH6gQ1eCa9/KfFrflCQHd2daC0SdNl
WxIQDGI=
-----END CERTIFICATE-----