Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8401ecb3-ed93-404d-8733-c6fc84eddb51.roa
File:                     8401ecb3-ed93-404d-8733-c6fc84eddb51.roa (raw, json)
Hash identifier:          eKguYn7YbkjMc5nPohAT2bKrW3ENcKugtvPJOe/DfzA=
Subject key identifier:   2F:75:F1:B5:86:40:4C:E0:6B:FE:F9:DB:BC:4F:5F:EA:87:27:43:07
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       77DA8CD952112249E4CE0A98B3A350B6E36CAC27
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8401ecb3-ed93-404d-8733-c6fc84eddb51.roa
Signing time:             Wed 08 Mar 2023 00:00:00 +0000
ROA not before:           Wed 08 Mar 2023 00:00:00 +0000
ROA not after:            Sat 11 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:da:8c:d9:52:11:22:49:e4:ce:0a:98:b3:a3:50:b6:e3:6c:ac:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  8 00:00:00 2023 GMT
            Not After : Mar 11 23:59:59 2023 GMT
        Subject: serialNumber=d5d1b946048e36ebea0954cff50e6512e22d6fed910a0e5ec48204f464646750, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7c:76:13:64:85:95:e3:2b:bd:ec:39:c7:49:
                    5d:0e:b9:59:b0:72:c4:7c:1c:33:4c:a7:de:4b:4d:
                    16:fb:c0:bd:c3:3a:02:0a:09:9a:58:52:b0:3e:b0:
                    95:95:0f:01:d1:d6:c4:1d:6b:04:66:fb:42:62:45:
                    c9:ae:bb:6a:24:31:96:75:16:14:1c:e6:96:00:b7:
                    6e:3f:06:e3:f1:7f:9c:43:f8:63:e1:a4:7e:47:e1:
                    d8:7f:6c:4e:10:59:4f:64:95:59:0b:db:2b:f7:55:
                    d4:58:eb:64:1f:f3:b7:8c:24:82:18:ec:9d:11:eb:
                    5c:d0:57:43:20:db:85:b6:57:8e:95:9b:9e:6a:43:
                    4f:f9:d1:c8:19:f8:3b:d1:f9:83:39:7b:c8:5c:3c:
                    5c:93:52:d4:90:aa:89:74:71:a9:ab:e0:00:31:21:
                    c2:28:3a:a3:43:ab:07:76:64:ce:07:b6:5d:87:1a:
                    ea:0f:4a:e7:8a:90:c5:0c:d0:5e:bc:77:7a:59:ff:
                    70:23:6b:e3:93:6e:3f:a7:60:a3:3a:93:9a:5e:66:
                    92:5c:ab:19:89:9a:a1:6c:9e:e4:0d:07:96:86:d5:
                    d3:3a:6b:19:b9:57:61:e7:bd:a6:81:b4:c7:d3:e4:
                    04:60:98:4b:7c:c8:d5:24:a2:c6:33:1c:30:bc:b8:
                    cd:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:75:F1:B5:86:40:4C:E0:6B:FE:F9:DB:BC:4F:5F:EA:87:27:43:07
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8401ecb3-ed93-404d-8733-c6fc84eddb51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:6f:7f:d1:d2:4b:3a:44:44:24:31:a3:6f:5f:11:cc:70:5d:
         88:f1:80:fe:c7:f7:0a:7e:a6:b9:b8:7d:91:5a:9a:1c:81:44:
         cf:9d:40:2e:e6:71:6e:0c:6d:13:e9:ef:dd:26:f2:0a:16:fc:
         f2:07:bc:a9:9c:39:c7:11:21:03:ea:51:9c:78:bc:5b:7d:5a:
         54:c8:98:be:f8:4f:93:24:d9:48:30:79:36:75:f2:f8:46:dc:
         66:2d:67:13:cb:8b:f6:f7:21:d9:72:70:c1:30:55:85:ba:ac:
         51:c7:63:b7:e7:a1:94:76:11:0a:3a:6e:dd:9b:d9:d6:a2:c0:
         ed:c7:7e:96:90:23:99:d9:61:e3:f8:31:12:b2:d1:fe:64:96:
         bc:d7:4e:4c:2f:5e:83:f9:64:99:fa:aa:df:b4:c4:29:d2:af:
         5e:4c:9c:93:0f:19:75:1c:d0:c8:89:76:8c:5b:6a:ee:6c:4a:
         ae:90:14:2a:62:18:52:bf:91:5a:1d:a3:75:07:06:cc:37:dc:
         7e:c9:da:0b:7f:b6:27:33:03:ce:bf:1c:2d:e8:a2:d2:8b:c3:
         d8:13:dc:0b:52:32:35:57:30:6f:00:2f:39:f6:e6:0e:8e:0e:
         c9:7e:f9:14:88:f5:c8:f5:28:a5:e0:1e:25:66:76:c9:d4:11:
         74:64:f7:40
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUd9qM2VIRIknkzgqYs6NQtuNsrCcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA4MDAwMDAwWhcNMjMwMzExMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDVkMWI5NDYwNDhlMzZlYmVhMDk1NGNmZjUwZTY1MTJl
MjJkNmZlZDkxMGEwZTVlYzQ4MjA0ZjQ2NDY0Njc1MDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKt8dhNkhZXjK73sOcdJXQ65WbByxHwcM0yn3ktNFvvAvcM6AgoJ
mlhSsD6wlZUPAdHWxB1rBGb7QmJFya67aiQxlnUWFBzmlgC3bj8G4/F/nEP4Y+Gk
fkfh2H9sThBZT2SVWQvbK/dV1FjrZB/zt4wkghjsnRHrXNBXQyDbhbZXjpWbnmpD
T/nRyBn4O9H5gzl7yFw8XJNS1JCqiXRxqavgADEhwig6o0OrB3Zkzge2XYca6g9K
54qQxQzQXrx3eln/cCNr45NuP6dgozqTml5mklyrGYmaoWye5A0HlobV0zprGblX
Yee9poG0x9PkBGCYS3zI1SSixjMcMLy4zSUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQvdfG1hkBM4Gv++du8T1/qhydDBzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODQwMWVjYjMtZWQ5My00MDRkLTg3MzMtYzZmYzg0ZWRkYjUxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHJvf9HSSzpERCQx
o29fEcxwXYjxgP7H9wp+prm4fZFamhyBRM+dQC7mcW4MbRPp790m8goW/PIHvKmc
OccRIQPqUZx4vFt9WlTImL74T5Mk2UgweTZ18vhG3GYtZxPLi/b3IdlycMEwVYW6
rFHHY7fnoZR2EQo6bt2b2daiwO3HfpaQI5nZYeP4MRKy0f5klrzXTkwvXoP5ZJn6
qt+0xCnSr15MnJMPGXUc0MiJdoxbau5sSq6QFCpiGFK/kVodo3UHBsw33H7J2gt/
ticzA86/HC3ootKLw9gT3AtSMjVXMG8ALzn25g6ODsl++RSI9cj1KKXgHiVmdsnU
EXRk90A=
-----END CERTIFICATE-----