Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73e162c8-dc44-4486-a6e1-ccac9c122e23.roa
File:                     73e162c8-dc44-4486-a6e1-ccac9c122e23.roa (raw, json)
Hash identifier:          5jIAjv4HHl2te96/gSD1xbOtRzqk3dxz3Uj357Pts0Q=
Subject key identifier:   96:A6:5B:C4:19:52:F5:20:63:C9:ED:EB:AE:14:04:8C:A4:04:82:7C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3E626995103755BA2E0D2BD8A2E88F35FDF0527F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73e162c8-dc44-4486-a6e1-ccac9c122e23.roa
Signing time:             Wed 25 Jan 2023 00:00:00 +0000
ROA not before:           Wed 25 Jan 2023 00:00:00 +0000
ROA not after:            Sat 28 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:62:69:95:10:37:55:ba:2e:0d:2b:d8:a2:e8:8f:35:fd:f0:52:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 25 00:00:00 2023 GMT
            Not After : Jan 28 23:59:59 2023 GMT
        Subject: serialNumber=33edd39a5f5c0a8e98eb31ed33b06429c7d898dc7afac0218fd8ca9aa18be415, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:2a:8e:49:b8:0e:64:a0:35:83:45:eb:69:9e:
                    e0:9a:1b:e0:94:62:3f:c9:91:0d:12:88:ea:0a:76:
                    be:23:19:62:d1:be:57:e2:43:2d:40:7c:7e:e1:c9:
                    db:ae:38:7a:58:e3:9f:45:07:e2:59:f0:8c:c4:2e:
                    39:de:43:f0:c2:fc:ee:0d:fe:e2:e4:d1:34:d8:59:
                    e2:3f:a6:d7:bf:67:e1:75:89:b7:f2:37:d2:10:fa:
                    79:0f:54:91:11:06:74:1b:1a:26:bc:71:e3:f5:15:
                    2d:08:2d:67:77:ca:75:6f:e8:13:8e:71:fc:68:fb:
                    4a:d2:08:4d:79:17:88:1b:1b:bb:fa:4d:28:47:e0:
                    5d:75:2f:32:90:7f:ce:e4:d0:87:ae:2c:57:05:52:
                    94:da:10:22:cf:63:3e:d2:ca:44:fc:9b:76:02:36:
                    2e:44:89:f8:07:0b:9e:35:e1:bb:41:8b:9c:59:62:
                    e6:bc:24:91:db:f8:28:66:f5:97:ea:d2:82:cd:42:
                    df:2c:02:47:26:85:c8:2d:36:c1:fe:88:2f:5c:68:
                    56:1f:ab:30:b2:e9:6e:ee:f0:48:ba:42:88:f2:c7:
                    94:54:34:b9:d0:c2:6b:0c:6a:2a:6f:7a:e0:fa:d1:
                    24:8b:39:c2:38:a1:c7:a7:ed:26:01:5a:fc:12:4d:
                    39:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:A6:5B:C4:19:52:F5:20:63:C9:ED:EB:AE:14:04:8C:A4:04:82:7C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73e162c8-dc44-4486-a6e1-ccac9c122e23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:93:a4:0a:1c:57:6e:cb:96:40:d5:64:67:7f:64:9f:b1:bb:
         d1:fe:6d:a1:a3:03:7f:93:af:4a:a4:f2:22:2d:d8:d0:74:99:
         66:b4:3a:79:06:13:fe:c7:02:73:91:c8:d7:d6:03:fd:33:41:
         1c:04:67:dc:59:85:1a:eb:50:c6:0b:4e:e1:1d:4b:f7:8d:91:
         d0:71:0b:46:0e:31:e2:9f:5f:67:bf:2f:6e:06:dc:24:23:a9:
         75:ff:55:2b:8d:ef:b1:71:80:68:7e:64:01:c7:ad:a6:d0:c7:
         b3:a1:33:09:a2:92:5b:1d:7a:66:c6:56:b4:a1:98:d9:e6:05:
         b4:90:53:24:7c:0d:dc:81:d2:9b:7a:6e:f6:70:8b:ff:38:c1:
         a3:1a:5e:bb:c3:55:02:0d:c4:fa:be:eb:1a:bc:17:ac:35:4e:
         7c:61:f5:f3:f9:73:65:72:fe:bc:2a:d6:c3:1e:9c:11:10:f9:
         6c:7e:0d:e6:2a:91:78:f1:6f:f7:31:90:3a:96:a7:a2:92:8f:
         4c:fb:10:29:43:23:a6:cb:c5:94:34:03:ff:26:cd:1e:25:90:
         49:e7:47:a1:cc:ca:f1:b2:6d:5f:40:53:69:34:8e:7c:6c:4d:
         c1:e9:0e:bc:d7:f8:fb:89:e7:02:b1:da:81:1e:87:c4:5d:cb:
         b9:70:e4:19
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPmJplRA3VbouDSvYouiPNf3wUn8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTI1MDAwMDAwWhcNMjMwMTI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzNlZGQzOWE1ZjVjMGE4ZTk4ZWIzMWVkMzNiMDY0Mjlj
N2Q4OThkYzdhZmFjMDIxOGZkOGNhOWFhMThiZTQxNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ8qjkm4DmSgNYNF62me4Job4JRiP8mRDRKI6gp2viMZYtG+V+JD
LUB8fuHJ2644eljjn0UH4lnwjMQuOd5D8ML87g3+4uTRNNhZ4j+m179n4XWJt/I3
0hD6eQ9UkREGdBsaJrxx4/UVLQgtZ3fKdW/oE45x/Gj7StIITXkXiBsbu/pNKEfg
XXUvMpB/zuTQh64sVwVSlNoQIs9jPtLKRPybdgI2LkSJ+AcLnjXhu0GLnFli5rwk
kdv4KGb1l+rSgs1C3ywCRyaFyC02wf6IL1xoVh+rMLLpbu7wSLpCiPLHlFQ0udDC
awxqKm964PrRJIs5wjihx6ftJgFa/BJNOWcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSWplvEGVL1IGPJ7euuFASMpASCfDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzNlMTYyYzgtZGM0NC00NDg2LWE2ZTEtY2NhYzljMTIyZTIzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFWTpAocV27LlkDV
ZGd/ZJ+xu9H+baGjA3+Tr0qk8iIt2NB0mWa0OnkGE/7HAnORyNfWA/0zQRwEZ9xZ
hRrrUMYLTuEdS/eNkdBxC0YOMeKfX2e/L24G3CQjqXX/VSuN77FxgGh+ZAHHrabQ
x7OhMwmiklsdembGVrShmNnmBbSQUyR8DdyB0pt6bvZwi/84waMaXrvDVQINxPq+
6xq8F6w1Tnxh9fP5c2Vy/rwq1sMenBEQ+Wx+DeYqkXjxb/cxkDqWp6KSj0z7EClD
I6bLxZQ0A/8mzR4lkEnnR6HMyvGybV9AU2k0jnxsTcHpDrzX+PuJ5wKx2oEeh8Rd
y7lw5Bk=
-----END CERTIFICATE-----