Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7294a458-cd45-4fb2-a5d2-0c1e9bc3c026.roa
File:                     7294a458-cd45-4fb2-a5d2-0c1e9bc3c026.roa (raw, json)
Hash identifier:          LSI3gcFv7CCuZAi4o6kdASgwelL2BrB0qDQ5IFt5bSI=
Subject key identifier:   83:FA:9C:34:C3:1F:72:B5:8A:50:78:99:00:64:B1:D2:EC:24:6A:30
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7820639684B6E6DF177C1B229AF885355DCD733C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7294a458-cd45-4fb2-a5d2-0c1e9bc3c026.roa
Signing time:             Sat 20 Aug 2022 00:00:00 +0000
ROA not before:           Sat 20 Aug 2022 00:00:00 +0000
ROA not after:            Tue 23 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:20:63:96:84:b6:e6:df:17:7c:1b:22:9a:f8:85:35:5d:cd:73:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 20 00:00:00 2022 GMT
            Not After : Aug 23 23:59:59 2022 GMT
        Subject: serialNumber=1c127cc3cc39765dc39980167dc1e3483a947f1cab4511566adff4a7d6722b09, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:49:98:8e:1c:1d:3e:d9:01:d0:2e:4f:92:05:
                    39:31:cc:ed:67:fd:37:54:76:36:87:cb:70:96:da:
                    03:61:5a:da:c1:3c:8d:ee:e8:a8:08:ec:37:0b:87:
                    b3:30:5d:6c:08:97:d2:4b:c7:a1:b6:cc:f9:27:5a:
                    cf:8f:60:48:f1:cb:ec:6b:b7:9c:f0:28:ac:96:cd:
                    79:25:06:c4:ec:a0:15:96:04:5f:09:fc:fa:99:ce:
                    26:22:46:b6:2e:e8:96:75:f1:74:d2:19:1a:30:db:
                    7b:63:70:3c:24:91:5a:21:22:fa:da:e7:fe:43:cb:
                    75:c0:aa:c1:07:b0:e1:d6:6a:32:0a:84:9b:ec:c9:
                    ae:23:19:07:18:1a:59:cb:af:54:e9:0c:53:ae:d9:
                    d2:a0:96:48:e2:c9:27:5e:b7:c4:d2:04:f1:78:68:
                    01:39:ef:6a:d6:56:ee:7b:e5:ab:36:10:2d:a2:0e:
                    3f:8e:4a:2a:17:1e:9f:fb:df:5f:10:f2:c3:32:d3:
                    aa:6f:83:81:0f:bd:c5:8f:e5:4e:dc:64:05:d6:03:
                    f9:59:af:e1:9f:35:58:3e:79:bf:17:06:38:10:ee:
                    2f:88:37:3e:58:8f:55:ad:dd:12:11:0b:16:9b:44:
                    65:cf:da:ab:ee:88:78:7f:01:2c:86:69:89:b2:f4:
                    bb:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:FA:9C:34:C3:1F:72:B5:8A:50:78:99:00:64:B1:D2:EC:24:6A:30
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7294a458-cd45-4fb2-a5d2-0c1e9bc3c026.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:e8:d5:a1:0f:8a:b0:db:d9:63:7e:f6:b5:ee:41:7d:97:75:
         f7:4d:09:c0:c9:ee:fe:1a:b7:63:e0:1f:7a:ac:78:39:4b:eb:
         ad:ca:62:94:b1:a7:fc:9c:86:ba:ca:fe:14:32:90:d6:54:63:
         50:db:35:75:f9:41:de:5c:ef:74:96:11:94:e0:e2:ae:0e:31:
         a2:63:96:7e:43:bc:b5:6a:27:4b:5b:16:fe:fb:2b:2c:2a:eb:
         c6:45:19:87:72:19:f9:6f:b5:46:e5:8f:58:f6:79:fe:2c:09:
         a1:5e:86:11:22:d5:8a:0c:a1:53:67:25:bd:74:ec:59:7b:ae:
         02:3a:f9:36:65:d1:ab:12:dc:95:49:18:2b:61:9c:46:40:6f:
         c8:e7:d1:66:f3:33:cf:fa:33:88:be:11:f8:9b:03:13:78:e7:
         c1:21:79:33:56:04:e3:ab:b1:64:03:3c:4c:0d:38:eb:14:5a:
         60:2c:29:88:0a:65:6b:4c:47:3c:bf:29:cb:0a:d1:70:15:7e:
         f0:b3:94:7d:d2:98:68:d5:b3:1a:2d:f7:8b:c2:6e:9b:a3:75:
         2a:96:7d:61:a5:ef:08:f0:29:e7:76:d5:68:9f:5b:36:7c:bc:
         e9:52:fa:ad:e9:07:d6:91:fe:ff:92:e4:21:d4:33:f0:cf:56:
         40:a8:bf:62
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUeCBjloS25t8XfBsimviFNV3NczwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODIwMDAwMDAwWhcNMjIwODIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWMxMjdjYzNjYzM5NzY1ZGMzOTk4MDE2N2RjMWUzNDgz
YTk0N2YxY2FiNDUxMTU2NmFkZmY0YTdkNjcyMmIwOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOBJmI4cHT7ZAdAuT5IFOTHM7Wf9N1R2NofLcJbaA2Fa2sE8je7o
qAjsNwuHszBdbAiX0kvHobbM+Sdaz49gSPHL7Gu3nPAorJbNeSUGxOygFZYEXwn8
+pnOJiJGti7olnXxdNIZGjDbe2NwPCSRWiEi+trn/kPLdcCqwQew4dZqMgqEm+zJ
riMZBxgaWcuvVOkMU67Z0qCWSOLJJ163xNIE8XhoATnvatZW7nvlqzYQLaIOP45K
Khcen/vfXxDywzLTqm+DgQ+9xY/lTtxkBdYD+Vmv4Z81WD55vxcGOBDuL4g3PliP
Va3dEhELFptEZc/aq+6IeH8BLIZpibL0u3kCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSD+pw0wx9ytYpQeJkAZLHS7CRqMDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzI5NGE0NTgtY2Q0NS00ZmIyLWE1ZDItMGMxZTliYzNjMDI2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMTo1aEPirDb2WN+
9rXuQX2XdfdNCcDJ7v4at2PgH3qseDlL663KYpSxp/ychrrK/hQykNZUY1DbNXX5
Qd5c73SWEZTg4q4OMaJjln5DvLVqJ0tbFv77Kywq68ZFGYdyGflvtUblj1j2ef4s
CaFehhEi1YoMoVNnJb107Fl7rgI6+TZl0asS3JVJGCthnEZAb8jn0WbzM8/6M4i+
EfibAxN458EheTNWBOOrsWQDPEwNOOsUWmAsKYgKZWtMRzy/KcsK0XAVfvCzlH3S
mGjVsxot94vCbpujdSqWfWGl7wjwKed21WifWzZ8vOlS+q3pB9aR/v+S5CHUM/DP
VkCov2I=
-----END CERTIFICATE-----