Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/85710da9-d51a-46db-bf14-e98449af13b6.roa
File:                     85710da9-d51a-46db-bf14-e98449af13b6.roa (raw, json)
Hash identifier:          mNkvWdTJH4HBTllBCE5AU2C29G5pQ4Y2ES+Y3xI56Vs=
Subject key identifier:   84:F7:75:6D:E8:4A:FC:9E:22:FB:83:5D:88:84:6E:07:E1:0F:A2:27
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3D2D35309180E20D3CAA02874ACA22B76676A6C6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/85710da9-d51a-46db-bf14-e98449af13b6.roa
Signing time:             Sat 11 Mar 2023 00:00:00 +0000
ROA not before:           Sat 11 Mar 2023 00:00:00 +0000
ROA not after:            Tue 14 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:2d:35:30:91:80:e2:0d:3c:aa:02:87:4a:ca:22:b7:66:76:a6:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 11 00:00:00 2023 GMT
            Not After : Mar 14 23:59:59 2023 GMT
        Subject: serialNumber=173e6bca586d2c81b78cfae426ea69efd26705b949bdc6c02be5408770f09546, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e7:02:cd:50:6e:19:41:4e:a6:e6:7f:fc:d1:
                    44:ad:e8:30:3e:fb:96:fe:20:2a:ad:90:34:f2:c0:
                    05:ab:b4:b0:4f:7a:9a:d2:e8:39:5b:15:02:b5:c6:
                    b1:3a:31:1a:29:69:ae:d3:c1:99:a7:ab:31:c8:94:
                    6f:10:e3:10:69:e3:e9:73:f2:82:7b:92:46:a5:59:
                    b4:b1:b4:fa:f9:9f:4d:f6:ed:1a:f4:56:bf:59:1d:
                    da:53:61:e4:d5:ff:c8:d2:37:2f:c9:85:57:16:fb:
                    73:87:34:84:8b:43:4c:ac:25:4d:73:2f:4d:a1:fb:
                    d7:4e:c2:ac:46:b7:b0:3a:28:54:10:8e:5d:8c:62:
                    f4:2b:60:c9:7e:37:af:19:ba:fe:e3:f2:5e:67:90:
                    87:74:80:56:c3:2b:b1:f8:db:af:be:26:63:b3:e0:
                    a3:40:03:fb:2c:7b:6c:30:c5:6c:10:e9:2e:02:14:
                    51:30:af:43:d2:84:ca:f2:ea:9f:9c:c9:c9:72:b7:
                    15:e5:ec:18:38:56:ef:17:71:33:01:dd:99:79:61:
                    6f:d9:b1:c2:03:81:98:fa:1a:10:75:b8:d6:68:6a:
                    e8:29:49:d0:3a:05:71:f9:77:51:c7:7d:de:a1:d0:
                    a8:22:76:fe:e5:43:5c:50:2c:b2:b3:ad:57:bb:ce:
                    35:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:F7:75:6D:E8:4A:FC:9E:22:FB:83:5D:88:84:6E:07:E1:0F:A2:27
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/85710da9-d51a-46db-bf14-e98449af13b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:19:20:98:f6:e8:da:90:fb:33:7f:d0:f3:33:6a:a3:8f:49:
         2e:74:e4:08:fd:35:06:8d:d5:22:5a:dc:98:b4:67:d8:54:5e:
         1b:3f:69:57:26:b1:91:1f:6b:db:12:55:f5:d6:1f:99:1d:78:
         f9:08:9e:44:44:1c:2c:3b:e1:d3:a7:a7:32:1e:80:7c:2d:aa:
         4f:58:10:54:c3:6c:ef:fa:d2:7e:05:a9:fe:78:8d:c9:b1:fd:
         b5:4f:3f:7b:6d:cf:83:57:f0:3e:d5:2c:9c:65:5d:df:ce:49:
         fb:70:4f:30:78:6e:5a:61:30:6f:4f:06:c7:8d:06:10:42:3c:
         c2:8c:96:cf:e8:b0:a3:02:50:64:f6:be:9c:5c:6f:bb:36:50:
         77:4b:0f:8f:87:31:de:79:1b:2a:2b:3e:a1:42:ac:12:05:08:
         c2:67:63:25:7a:cb:43:42:a0:df:dc:9f:97:b6:46:6c:06:84:
         0d:76:1f:ee:36:81:f3:4a:ac:4b:a9:b2:ee:d8:51:ef:33:81:
         d0:11:03:5d:1b:3f:02:df:c0:9e:b7:33:7d:e8:03:08:49:ee:
         6a:29:ca:11:41:dc:a5:c2:12:96:5f:d1:d3:36:fb:e8:7e:f8:
         bd:28:64:30:ec:aa:36:b9:8d:05:5a:4c:6a:72:79:a8:fc:3c:
         81:68:a6:b7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPS01MJGA4g08qgKHSsoit2Z2psYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzExMDAwMDAwWhcNMjMwMzE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTczZTZiY2E1ODZkMmM4MWI3OGNmYWU0MjZlYTY5ZWZk
MjY3MDViOTQ5YmRjNmMwMmJlNTQwODc3MGYwOTU0NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJnnAs1QbhlBTqbmf/zRRK3oMD77lv4gKq2QNPLABau0sE96mtLo
OVsVArXGsToxGilprtPBmaerMciUbxDjEGnj6XPygnuSRqVZtLG0+vmfTfbtGvRW
v1kd2lNh5NX/yNI3L8mFVxb7c4c0hItDTKwlTXMvTaH7107CrEa3sDooVBCOXYxi
9CtgyX43rxm6/uPyXmeQh3SAVsMrsfjbr74mY7Pgo0AD+yx7bDDFbBDpLgIUUTCv
Q9KEyvLqn5zJyXK3FeXsGDhW7xdxMwHdmXlhb9mxwgOBmPoaEHW41mhq6ClJ0DoF
cfl3Ucd93qHQqCJ2/uVDXFAssrOtV7vONQMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSE93Vt6Er8niL7g12IhG4H4Q+iJzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODU3MTBkYTktZDUxYS00NmRiLWJmMTQtZTk4NDQ5YWYxM2I2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABAZIJj26NqQ+zN/
0PMzaqOPSS505Aj9NQaN1SJa3Ji0Z9hUXhs/aVcmsZEfa9sSVfXWH5kdePkInkRE
HCw74dOnpzIegHwtqk9YEFTDbO/60n4Fqf54jcmx/bVPP3ttz4NX8D7VLJxlXd/O
SftwTzB4blphMG9PBseNBhBCPMKMls/osKMCUGT2vpxcb7s2UHdLD4+HMd55Gyor
PqFCrBIFCMJnYyV6y0NCoN/cn5e2RmwGhA12H+42gfNKrEupsu7YUe8zgdARA10b
PwLfwJ63M33oAwhJ7mopyhFB3KXCEpZf0dM2++h++L0oZDDsqja5jQVaTGpyeaj8
PIFoprc=
-----END CERTIFICATE-----