Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/77c5324e-00e5-4f18-a3f8-67f85b2aa71d.roa
File:                     77c5324e-00e5-4f18-a3f8-67f85b2aa71d.roa (raw, json)
Hash identifier:          aIdl9n2wxEurxkW+6GBvpv4MoRBaVrqiL2adfFy6xBo=
Subject key identifier:   08:7A:97:B0:1D:C5:92:07:E4:CF:ED:47:CE:B6:FA:73:A4:A7:2D:67
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       16BE5B709981C0490F71BB025EE07D91E87F00EA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/77c5324e-00e5-4f18-a3f8-67f85b2aa71d.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:be:5b:70:99:81:c0:49:0f:71:bb:02:5e:e0:7d:91:e8:7f:00:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=93bfc81b775c9fc51c557f62566fa3552f439ed67d4bca6f15b4523ad55df5b4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f8:e9:a9:9b:da:89:26:76:ea:62:91:43:3c:
                    a5:c8:ff:13:44:c9:20:af:46:16:ce:5f:79:df:74:
                    fd:0f:cf:e0:fa:b7:43:98:7a:13:c9:53:73:01:39:
                    8a:5a:f6:fb:f3:06:d9:42:d5:45:70:1c:94:e9:f1:
                    d8:05:43:e3:50:3e:44:0a:cd:d9:24:d5:ed:c1:2f:
                    4b:f1:56:39:b8:0c:bf:2c:c2:72:85:9a:2a:8f:55:
                    19:3d:5f:6a:ad:21:c7:6d:81:72:36:8c:52:e5:77:
                    17:5f:d3:b2:97:59:43:79:0d:c0:b1:87:ff:da:dd:
                    51:37:7b:bd:98:40:de:c0:c4:0b:86:fa:1b:a1:a2:
                    43:19:b9:2c:0b:a0:06:ef:4f:e9:dc:03:2a:c9:fc:
                    97:c7:a0:d8:08:72:93:bd:14:9b:8e:35:7c:0f:53:
                    79:da:d6:57:8f:a9:49:39:5d:4d:95:b2:a4:fc:5a:
                    22:d8:c2:cc:97:c8:f2:05:b3:d0:07:65:0b:76:37:
                    9d:01:94:73:56:ed:5f:7e:d7:08:20:f5:a1:78:2d:
                    71:05:c0:4d:43:11:d7:a5:ed:37:c8:15:3e:cf:9a:
                    ca:7d:80:fa:e4:88:49:bf:16:e3:c4:49:b6:57:98:
                    72:c1:42:3e:33:a6:f0:b9:25:39:e5:d4:b9:21:b1:
                    a3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:7A:97:B0:1D:C5:92:07:E4:CF:ED:47:CE:B6:FA:73:A4:A7:2D:67
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/77c5324e-00e5-4f18-a3f8-67f85b2aa71d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:76:78:0d:56:1a:62:0a:bd:c0:60:78:b6:a2:30:6e:84:a0:
         90:c4:54:a9:c8:0e:fc:44:de:0b:69:5e:fc:d5:43:75:78:cf:
         fa:93:10:1b:6c:8c:21:ea:d8:8d:81:1c:d9:87:6b:6f:87:a6:
         19:2d:95:28:16:23:8e:74:8b:7e:35:a7:ca:1d:fc:d9:41:8b:
         07:e8:15:58:af:96:77:fa:8a:bc:30:8f:c3:f3:5a:e0:87:6a:
         34:37:b7:28:3d:ae:65:6c:bf:05:2d:ce:b5:3c:bf:5c:ee:b1:
         cf:f3:ff:d4:8c:39:56:ff:ed:c1:af:fe:28:0c:75:67:90:62:
         67:b3:11:cd:17:5b:b5:11:63:f9:cf:3a:8e:85:99:5b:d9:9c:
         14:84:06:27:65:30:23:7c:a1:aa:e6:64:9d:cd:49:68:fd:62:
         fb:17:44:58:94:4c:7b:4a:7e:6f:d4:25:c9:c0:9d:f5:f1:e9:
         2c:e1:04:dc:c1:81:81:56:5f:f5:95:57:7c:1a:5d:84:5f:ba:
         f4:8f:0e:9f:e9:ca:b2:e7:d9:ce:c0:e8:c1:3e:65:21:61:62:
         7a:7b:d0:ee:cf:27:16:f3:0b:53:56:07:64:80:d2:21:60:a5:
         6c:6d:b3:46:06:ad:0c:55:17:eb:03:ab:8a:4b:58:ac:2c:7e:
         bd:af:11:fd
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUFr5bcJmBwEkPcbsCXuB9keh/AOowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTNiZmM4MWI3NzVjOWZjNTFjNTU3ZjYyNTY2ZmEzNTUy
ZjQzOWVkNjdkNGJjYTZmMTViNDUyM2FkNTVkZjViNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM/46amb2okmdupikUM8pcj/E0TJIK9GFs5fed90/Q/P4Pq3Q5h6
E8lTcwE5ilr2+/MG2ULVRXAclOnx2AVD41A+RArN2STV7cEvS/FWObgMvyzCcoWa
Ko9VGT1faq0hx22BcjaMUuV3F1/TspdZQ3kNwLGH/9rdUTd7vZhA3sDEC4b6G6Gi
Qxm5LAugBu9P6dwDKsn8l8eg2Ahyk70Um441fA9TedrWV4+pSTldTZWypPxaItjC
zJfI8gWz0AdlC3Y3nQGUc1btX37XCCD1oXgtcQXATUMR16XtN8gVPs+ayn2A+uSI
Sb8W48RJtleYcsFCPjOm8LklOeXUuSGxo6cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQIepewHcWSB+TP7UfOtvpzpKctZzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzdjNTMyNGUtMDBlNS00ZjE4LWEzZjgtNjdmODViMmFhNzFkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHl2eA1WGmIKvcBg
eLaiMG6EoJDEVKnIDvxE3gtpXvzVQ3V4z/qTEBtsjCHq2I2BHNmHa2+HphktlSgW
I450i341p8od/NlBiwfoFVivlnf6irwwj8PzWuCHajQ3tyg9rmVsvwUtzrU8v1zu
sc/z/9SMOVb/7cGv/igMdWeQYmezEc0XW7URY/nPOo6FmVvZnBSEBidlMCN8oarm
ZJ3NSWj9YvsXRFiUTHtKfm/UJcnAnfXx6SzhBNzBgYFWX/WVV3waXYRfuvSPDp/p
yrLn2c7A6ME+ZSFhYnp70O7PJxbzC1NWB2SA0iFgpWxts0YGrQxVF+sDq4pLWKws
fr2vEf0=
-----END CERTIFICATE-----