Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/88a7c0e6-6ee3-4b58-9cac-6badaf78a2fa.roa
File:                     88a7c0e6-6ee3-4b58-9cac-6badaf78a2fa.roa (raw, json)
Hash identifier:          /kxptBtl6AOAoli1kH0XWtMpM9zv30eOMgInaGA88hw=
Subject key identifier:   6F:09:01:FC:80:44:31:24:4E:37:7C:C1:94:3C:7E:A6:D5:C1:27:2C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       BD4448E562881280DF10EB8A06FE65F395CEF0
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/88a7c0e6-6ee3-4b58-9cac-6badaf78a2fa.roa
Signing time:             Wed 15 Feb 2023 00:00:00 +0000
ROA not before:           Wed 15 Feb 2023 00:00:00 +0000
ROA not after:            Sat 18 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            bd:44:48:e5:62:88:12:80:df:10:eb:8a:06:fe:65:f3:95:ce:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 15 00:00:00 2023 GMT
            Not After : Feb 18 23:59:59 2023 GMT
        Subject: serialNumber=4796a8388eb48454e17b6ed6ed6ae38fc124b2617192406c92fa4504a807e37b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:75:3a:88:af:a9:d6:10:fb:32:6b:c0:66:ab:
                    96:0f:42:76:4a:1e:6f:ae:69:9f:7d:dd:81:27:46:
                    90:70:65:df:54:11:fa:fd:e4:41:c2:69:2c:20:3f:
                    59:d9:85:55:9c:92:87:aa:38:18:b8:cd:46:07:f7:
                    8d:09:00:c5:5c:78:0a:6c:fb:62:7e:b5:1c:1b:70:
                    97:8b:c2:ae:6a:7a:60:06:d3:4b:a2:9e:ec:1a:2f:
                    57:ee:dd:b0:ff:ba:05:58:22:b3:36:82:85:82:ae:
                    18:e5:14:89:50:53:f1:dd:bd:3b:7d:ee:d3:20:96:
                    0f:84:38:b4:ba:f4:81:e3:32:f9:ae:67:2f:57:5a:
                    38:40:08:ae:26:d6:30:02:cf:ef:73:aa:2f:3a:14:
                    67:3b:bc:cd:e1:2c:b6:53:e5:49:e3:dd:16:9e:43:
                    63:7d:43:28:92:22:c8:72:11:3e:49:fe:62:30:89:
                    32:66:ba:ab:01:56:33:79:7e:6c:ba:88:98:46:26:
                    b1:2a:05:c3:fc:a5:19:3f:98:49:46:3c:6f:47:17:
                    f5:4b:63:0e:46:8b:61:ba:b4:25:49:2d:13:0f:38:
                    f6:c8:33:6d:65:9a:ad:9d:b2:ba:f4:03:0e:7b:21:
                    3b:ca:3c:12:af:75:17:1c:51:84:5b:a9:b5:e8:7f:
                    42:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:09:01:FC:80:44:31:24:4E:37:7C:C1:94:3C:7E:A6:D5:C1:27:2C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/88a7c0e6-6ee3-4b58-9cac-6badaf78a2fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:9f:2d:b6:a5:c4:0b:79:35:71:5d:5e:60:9a:2a:26:64:d2:
         ce:43:a3:57:95:9f:89:7f:d8:80:12:3e:56:4d:3b:14:fc:1b:
         0f:99:58:12:4a:25:b3:09:22:67:35:2d:9d:d3:89:02:d2:20:
         1b:d2:46:91:89:24:4e:61:0e:1e:8c:7d:4c:8a:e8:3f:fc:7f:
         02:5f:b0:60:05:78:58:e7:91:48:2f:2a:11:e3:8b:ab:91:fa:
         62:60:2e:f7:79:21:83:3a:da:95:dd:cd:af:ea:bd:02:ec:72:
         23:7d:ab:fe:0a:1d:de:6a:38:5d:8f:c9:27:4c:84:8b:e5:ea:
         ce:88:37:91:82:06:1e:35:f1:f4:21:65:4d:40:8f:63:e6:ff:
         18:d3:ab:36:1f:e1:f2:18:2e:79:ce:8d:fa:33:ce:19:e6:49:
         d3:40:3d:96:09:9f:48:e2:4e:09:ea:69:52:54:25:b1:7a:57:
         01:80:b7:11:46:d0:90:88:91:74:ca:f0:4c:37:53:54:e0:ed:
         b2:5e:36:f9:2a:a9:1e:39:74:09:b7:a9:90:42:93:5a:07:55:
         97:71:eb:dd:62:de:45:73:f1:70:a9:30:0c:7c:eb:cb:e3:e9:
         68:fe:f9:ce:cd:ad:9e:ad:f2:c1:35:13:da:51:7a:5d:da:bf:
         f9:bd:eb:8d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAL1ESOViiBKA3xDrigb+ZfOVzvAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE1MDAwMDAwWhcNMjMwMjE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDc5NmE4Mzg4ZWI0ODQ1NGUxN2I2ZWQ2ZWQ2YWUzOGZj
MTI0YjI2MTcxOTI0MDZjOTJmYTQ1MDRhODA3ZTM3YjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOV1OoivqdYQ+zJrwGarlg9Cdkoeb65pn33dgSdGkHBl31QR+v3k
QcJpLCA/WdmFVZySh6o4GLjNRgf3jQkAxVx4Cmz7Yn61HBtwl4vCrmp6YAbTS6Ke
7BovV+7dsP+6BVgiszaChYKuGOUUiVBT8d29O33u0yCWD4Q4tLr0geMy+a5nL1da
OEAIribWMALP73OqLzoUZzu8zeEstlPlSePdFp5DY31DKJIiyHIRPkn+YjCJMma6
qwFWM3l+bLqImEYmsSoFw/ylGT+YSUY8b0cX9UtjDkaLYbq0JUktEw849sgzbWWa
rZ2yuvQDDnshO8o8Eq91FxxRhFupteh/Qq8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRvCQH8gEQxJE43fMGUPH6m1cEnLDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODhhN2MwZTYtNmVlMy00YjU4LTljYWMtNmJhZGFmNzhhMmZhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIufLbalxAt5NXFd
XmCaKiZk0s5Do1eVn4l/2IASPlZNOxT8Gw+ZWBJKJbMJImc1LZ3TiQLSIBvSRpGJ
JE5hDh6MfUyK6D/8fwJfsGAFeFjnkUgvKhHji6uR+mJgLvd5IYM62pXdza/qvQLs
ciN9q/4KHd5qOF2PySdMhIvl6s6IN5GCBh418fQhZU1Aj2Pm/xjTqzYf4fIYLnnO
jfozzhnmSdNAPZYJn0jiTgnqaVJUJbF6VwGAtxFG0JCIkXTK8Ew3U1Tg7bJeNvkq
qR45dAm3qZBCk1oHVZdx691i3kVz8XCpMAx868vj6Wj++c7NrZ6t8sE1E9pRel3a
v/m9640=
-----END CERTIFICATE-----