Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7a20e628-7543-4da9-b904-0d591aaa0e89.roa
File:                     7a20e628-7543-4da9-b904-0d591aaa0e89.roa (raw, json)
Hash identifier:          Z1aaiJMSxhR+ovnFNDuxvmaiuLJXdAifcWmdpzBEV0o=
Subject key identifier:   AF:73:0F:E0:FE:85:A9:02:79:A0:9B:DF:61:F5:F0:00:8C:A9:18:DB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       753E015080603FB406C3E7F8EDCDD3DC93E9FFBF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7a20e628-7543-4da9-b904-0d591aaa0e89.roa
Signing time:             Wed 12 Apr 2023 00:00:00 +0000
ROA not before:           Wed 12 Apr 2023 00:00:00 +0000
ROA not after:            Sat 15 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:3e:01:50:80:60:3f:b4:06:c3:e7:f8:ed:cd:d3:dc:93:e9:ff:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 12 00:00:00 2023 GMT
            Not After : Apr 15 23:59:59 2023 GMT
        Subject: serialNumber=986d7dcac4e8e51a2d2579d7e4e516644134a30d6b3d51b1d35debb6780d83bf, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:09:ad:86:9d:1c:73:40:bc:50:32:39:1b:80:
                    f8:2d:02:29:34:2f:ea:bb:57:08:f9:66:c2:c5:55:
                    d1:31:ab:b5:1e:6a:76:6c:e2:49:1d:1d:1e:4f:62:
                    11:2f:17:c0:e2:9d:bb:d5:c5:7c:90:74:af:be:7d:
                    04:2d:60:22:88:4a:b2:c9:dd:31:b2:eb:a4:e4:a2:
                    7d:b3:5a:e8:63:6e:ea:cd:df:0c:90:65:cd:9b:b8:
                    6f:4c:4a:2f:37:6c:be:e8:ac:ef:23:e2:86:04:8f:
                    19:23:13:8c:f9:ce:0f:d3:56:ee:c1:82:ec:36:22:
                    ef:63:7c:d8:52:c0:a7:49:d3:79:f9:1b:3d:65:e5:
                    dd:1d:14:c8:9d:36:fc:74:dd:bd:19:da:7d:db:b4:
                    b5:26:10:6d:e2:17:00:d1:d4:70:fb:62:70:e2:f4:
                    0a:df:f1:9e:d6:a2:14:bb:12:69:b1:87:2f:18:93:
                    9c:ca:01:7f:b4:4c:36:84:84:f5:0e:4a:e3:26:9e:
                    9c:a4:19:9e:c7:90:b1:50:1f:e7:a9:4a:56:c5:b5:
                    3f:23:4e:3c:03:68:ea:62:28:c0:a0:68:a4:2e:4c:
                    e7:9f:85:61:e0:c1:82:66:18:fb:94:ed:2b:cb:0a:
                    53:91:14:2d:37:d5:a4:4b:0c:9d:cf:d2:85:e6:5f:
                    65:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:73:0F:E0:FE:85:A9:02:79:A0:9B:DF:61:F5:F0:00:8C:A9:18:DB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7a20e628-7543-4da9-b904-0d591aaa0e89.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:f4:14:98:df:17:d6:b1:62:0e:b6:d4:59:4c:35:75:2d:a6:
         a7:47:67:66:a2:fd:6d:85:22:e2:21:a1:4c:46:07:e3:f0:de:
         71:3d:cb:76:31:f2:22:b8:76:dc:00:a0:df:8a:40:d4:71:2d:
         fa:92:43:7d:91:9b:50:8c:d4:ed:94:9d:39:a2:99:d3:9f:e7:
         52:ee:82:7f:77:5f:7b:68:f6:e9:a8:4d:d6:33:2b:69:ac:5a:
         53:ff:67:95:7b:b8:36:cc:94:ce:7d:e1:74:3b:af:41:23:c7:
         94:32:5c:32:16:4a:f4:37:de:09:21:ca:1f:9c:e5:dd:d5:16:
         96:18:db:e5:63:e7:57:86:26:49:3c:53:3d:13:ca:0c:a6:9c:
         c4:3c:bd:44:c1:c2:79:f3:da:b2:41:37:21:bd:03:eb:f4:c8:
         ed:cf:43:25:36:e5:ad:ae:86:ba:41:97:07:b3:47:a1:d3:b7:
         86:90:08:9d:14:47:0f:19:b8:5b:bd:08:ae:5d:7d:58:13:a2:
         b7:24:a6:c0:f1:28:08:f7:25:bc:87:ff:8b:53:42:3a:48:bf:
         33:e5:1b:4e:d3:12:1d:24:87:cf:48:1a:ce:f3:cf:76:6c:26:
         ac:e5:f3:b3:60:ce:5f:bd:a6:b5:1a:0f:b3:99:f5:bc:00:9a:
         f6:50:5d:c9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdT4BUIBgP7QGw+f47c3T3JPp/78wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEyMDAwMDAwWhcNMjMwNDE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTg2ZDdkY2FjNGU4ZTUxYTJkMjU3OWQ3ZTRlNTE2NjQ0
MTM0YTMwZDZiM2Q1MWIxZDM1ZGViYjY3ODBkODNiZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANoJrYadHHNAvFAyORuA+C0CKTQv6rtXCPlmwsVV0TGrtR5qdmzi
SR0dHk9iES8XwOKdu9XFfJB0r759BC1gIohKssndMbLrpOSifbNa6GNu6s3fDJBl
zZu4b0xKLzdsvuis7yPihgSPGSMTjPnOD9NW7sGC7DYi72N82FLAp0nTefkbPWXl
3R0UyJ02/HTdvRnafdu0tSYQbeIXANHUcPticOL0Ct/xntaiFLsSabGHLxiTnMoB
f7RMNoSE9Q5K4yaenKQZnseQsVAf56lKVsW1PyNOPANo6mIowKBopC5M55+FYeDB
gmYY+5TtK8sKU5EULTfVpEsMnc/SheZfZd0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSvcw/g/oWpAnmgm99h9fAAjKkY2zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2EyMGU2MjgtNzU0My00ZGE5LWI5MDQtMGQ1OTFhYWEwZTg5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABH0FJjfF9axYg62
1FlMNXUtpqdHZ2ai/W2FIuIhoUxGB+Pw3nE9y3Yx8iK4dtwAoN+KQNRxLfqSQ32R
m1CM1O2UnTmimdOf51Lugn93X3to9umoTdYzK2msWlP/Z5V7uDbMlM594XQ7r0Ej
x5QyXDIWSvQ33gkhyh+c5d3VFpYY2+Vj51eGJkk8Uz0TygymnMQ8vUTBwnnz2rJB
NyG9A+v0yO3PQyU25a2uhrpBlwezR6HTt4aQCJ0URw8ZuFu9CK5dfVgTorckpsDx
KAj3JbyH/4tTQjpIvzPlG07TEh0kh89IGs7zz3ZsJqzl87Ngzl+9prUaD7OZ9bwA
mvZQXck=
-----END CERTIFICATE-----