Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/729fb707-94ae-4be2-b37d-86e12dd96eb2.roa
File:                     729fb707-94ae-4be2-b37d-86e12dd96eb2.roa (raw, json)
Hash identifier:          nv0M+EAefsAsbXgt7uEvs1HlUFVM8/N9x+uzCZepZ4E=
Subject key identifier:   EC:91:69:EC:98:B5:26:6C:B5:3D:46:02:FC:2B:C5:12:0C:64:C2:64
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       450A25ADB0E4D308F8CAFCD42EE40521E1133F44
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/729fb707-94ae-4be2-b37d-86e12dd96eb2.roa
Signing time:             Sat 25 Feb 2023 00:00:00 +0000
ROA not before:           Sat 25 Feb 2023 00:00:00 +0000
ROA not after:            Tue 28 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:0a:25:ad:b0:e4:d3:08:f8:ca:fc:d4:2e:e4:05:21:e1:13:3f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 25 00:00:00 2023 GMT
            Not After : Feb 28 23:59:59 2023 GMT
        Subject: serialNumber=84e13de0687fb38996c3f85ecd470a83758943bdf82369ac524684eebd7d9d52, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c3:ab:66:02:c0:49:19:8b:62:e9:64:b3:f1:
                    3b:5b:e4:45:3d:c5:c4:33:3f:a0:72:c1:6f:40:98:
                    84:1f:48:30:fb:d4:aa:fe:5b:e1:7b:fa:62:4d:60:
                    7e:5b:26:04:50:88:05:0b:a7:9a:a6:ef:1c:8f:91:
                    c0:2c:85:ee:e4:f2:5a:02:0a:61:fd:f1:6d:90:34:
                    b2:5f:c8:7e:0d:53:f6:b0:99:e1:93:f6:f2:f1:a4:
                    86:47:4c:92:b6:02:8f:ce:bd:a2:3c:64:17:ef:9c:
                    aa:a8:18:81:eb:b2:88:31:aa:55:14:28:a9:7f:4f:
                    99:dc:d8:82:87:58:43:e1:db:e5:57:e0:80:c9:3e:
                    a6:c5:ef:93:73:08:44:7c:b8:e1:cf:f0:03:f9:ed:
                    11:f0:47:a6:29:6d:2f:ed:2d:66:cf:9d:c8:5c:91:
                    85:1a:07:ee:ec:9a:f0:ff:1c:fd:25:40:c6:cc:c3:
                    76:18:83:86:04:81:f0:d8:2b:37:03:0a:c1:48:ae:
                    a2:8a:c1:1e:43:bf:c6:5f:fe:19:dc:48:a6:31:9d:
                    34:92:d6:1a:5e:dd:ba:44:1d:46:81:90:68:d1:d2:
                    22:79:c4:34:8c:a7:a7:7b:df:9e:dd:2f:ed:74:ba:
                    bc:fe:e2:8d:85:da:a6:26:ba:15:f8:40:d7:21:9c:
                    69:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:91:69:EC:98:B5:26:6C:B5:3D:46:02:FC:2B:C5:12:0C:64:C2:64
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/729fb707-94ae-4be2-b37d-86e12dd96eb2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:f2:b1:56:ad:28:b7:aa:62:31:5f:5d:1e:57:a9:59:60:d0:
         cf:22:49:9f:72:9b:8a:e8:1b:89:fc:62:47:1b:0c:bf:54:b5:
         ce:75:81:de:a3:d4:d2:f5:a1:ff:0d:62:17:c7:af:33:19:af:
         82:53:fa:d9:79:dc:89:df:f0:99:28:cc:31:31:b7:0d:61:57:
         31:31:93:e1:c7:16:39:25:29:f7:8b:db:3d:55:68:e8:44:74:
         49:20:8e:83:c0:72:e2:57:f9:16:b4:89:02:78:c9:20:d1:02:
         88:6c:bf:0b:3a:14:84:0b:29:4f:69:06:72:67:90:e7:5d:17:
         8a:39:b5:1c:7d:38:6b:b9:57:09:d6:6a:31:f9:89:47:f5:e2:
         43:8c:0c:cc:c8:d2:94:b4:dc:5f:fb:4c:f2:73:de:f4:e4:9c:
         69:fc:69:5f:98:9b:c1:92:bf:e9:b9:78:51:16:27:06:65:d4:
         02:d6:b6:1a:5d:0e:42:e4:84:b1:2e:f3:69:8f:54:b4:2c:c6:
         3e:b1:02:e6:43:1d:01:1f:2a:84:db:5c:04:c1:78:76:7c:16:
         7c:3a:76:30:ef:7f:30:0e:b3:9a:34:f9:56:20:85:eb:f4:65:
         24:98:d6:73:ab:bb:f0:ad:09:97:87:3a:8f:cc:31:6c:21:16:
         d2:96:dd:ae
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURQolrbDk0wj4yvzULuQFIeETP0QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI1MDAwMDAwWhcNMjMwMjI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODRlMTNkZTA2ODdmYjM4OTk2YzNmODVlY2Q0NzBhODM3
NTg5NDNiZGY4MjM2OWFjNTI0Njg0ZWViZDdkOWQ1MjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKjDq2YCwEkZi2LpZLPxO1vkRT3FxDM/oHLBb0CYhB9IMPvUqv5b
4Xv6Yk1gflsmBFCIBQunmqbvHI+RwCyF7uTyWgIKYf3xbZA0sl/Ifg1T9rCZ4ZP2
8vGkhkdMkrYCj869ojxkF++cqqgYgeuyiDGqVRQoqX9PmdzYgodYQ+Hb5VfggMk+
psXvk3MIRHy44c/wA/ntEfBHpiltL+0tZs+dyFyRhRoH7uya8P8c/SVAxszDdhiD
hgSB8NgrNwMKwUiuoorBHkO/xl/+GdxIpjGdNJLWGl7dukQdRoGQaNHSInnENIyn
p3vfnt0v7XS6vP7ijYXapia6FfhA1yGcaWcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTskWnsmLUmbLU9RgL8K8USDGTCZDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzI5ZmI3MDctOTRhZS00YmUyLWIzN2QtODZlMTJkZDk2ZWIyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAL/ysVatKLeqYjFf
XR5XqVlg0M8iSZ9ym4roG4n8YkcbDL9Utc51gd6j1NL1of8NYhfHrzMZr4JT+tl5
3Inf8JkozDExtw1hVzExk+HHFjklKfeL2z1VaOhEdEkgjoPAcuJX+Ra0iQJ4ySDR
Aohsvws6FIQLKU9pBnJnkOddF4o5tRx9OGu5VwnWajH5iUf14kOMDMzI0pS03F/7
TPJz3vTknGn8aV+Ym8GSv+m5eFEWJwZl1ALWthpdDkLkhLEu82mPVLQsxj6xAuZD
HQEfKoTbXATBeHZ8Fnw6djDvfzAOs5o0+VYghev0ZSSY1nOru/CtCZeHOo/MMWwh
FtKW3a4=
-----END CERTIFICATE-----