Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8c13d98a-bb6a-48e8-8b4c-3e4a4639bd4e.roa
File:                     8c13d98a-bb6a-48e8-8b4c-3e4a4639bd4e.roa (raw, json)
Hash identifier:          +HyqCuwk8Il3ccMrJztLl92uh6kMk89EbwyHAms+1P4=
Subject key identifier:   2A:D4:FB:1B:F2:40:4C:F7:3B:33:5A:49:1B:34:61:80:EA:31:A2:B3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1195CD06752B9DC6C4DA95F4F60D6B5B93DA4133
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8c13d98a-bb6a-48e8-8b4c-3e4a4639bd4e.roa
Signing time:             Sun 21 Aug 2022 00:00:00 +0000
ROA not before:           Sun 21 Aug 2022 00:00:00 +0000
ROA not after:            Wed 24 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:95:cd:06:75:2b:9d:c6:c4:da:95:f4:f6:0d:6b:5b:93:da:41:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 21 00:00:00 2022 GMT
            Not After : Aug 24 23:59:59 2022 GMT
        Subject: serialNumber=ce6acd84bb6be2ac6ee06334fcd93ed8ce9c3e09876c966072613479c35f4227, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:56:16:55:f6:5f:b7:99:20:17:7d:07:b0:13:
                    7f:9a:09:91:51:af:b2:e7:0c:34:7c:2a:6e:65:4b:
                    89:41:d3:68:85:84:b5:0e:d1:60:e6:6f:a4:f3:ec:
                    c0:4c:55:99:ae:cc:85:50:ca:ce:d7:2e:fd:92:c5:
                    1d:19:ec:2b:87:0a:e1:21:42:a0:a4:95:b6:3e:6e:
                    df:fb:bb:12:87:05:51:c0:eb:72:e3:48:ea:4a:86:
                    7d:98:61:22:ff:cd:be:aa:76:48:79:cd:d7:6e:ff:
                    d0:db:33:38:2b:3c:c3:9e:ce:6a:6b:bd:43:2f:0a:
                    e5:71:c3:a8:84:ef:4c:3e:ca:4e:37:f7:73:46:03:
                    c7:1e:39:fa:d5:e5:1f:9a:cd:7b:c4:96:8f:4b:13:
                    71:12:9e:43:fb:46:cf:a9:51:d2:f3:e4:6a:22:fa:
                    f0:59:30:0c:8a:13:6f:c4:28:5f:e8:0f:85:58:82:
                    5b:27:52:58:ec:f9:44:4f:89:f5:eb:36:36:f3:bf:
                    2e:40:7d:ca:2b:a3:6d:58:5e:43:a0:09:e7:9c:1f:
                    84:82:da:dd:b9:a0:df:27:7d:2e:40:37:5b:be:54:
                    bf:a1:f1:8c:2f:93:79:c9:7c:9d:ed:1f:dc:63:3d:
                    b5:fa:cb:0d:70:1d:2b:cb:ca:ea:d0:7c:a8:35:e9:
                    3b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D4:FB:1B:F2:40:4C:F7:3B:33:5A:49:1B:34:61:80:EA:31:A2:B3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8c13d98a-bb6a-48e8-8b4c-3e4a4639bd4e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:34:45:7d:7c:7b:b2:52:a7:d2:c1:49:89:0e:21:5a:3e:63:
         43:0c:81:f7:29:f1:d7:ca:92:b1:e0:35:f2:85:aa:7f:4c:73:
         35:05:b9:76:bd:0a:b9:33:dc:ab:85:7f:65:d6:44:7a:14:95:
         1d:b5:07:65:b9:79:08:9d:91:fe:5c:fe:98:eb:7e:7b:65:f3:
         50:f2:d4:3b:56:fc:56:23:16:59:f9:83:e4:2a:7b:38:e8:9f:
         3d:3f:06:08:71:e0:54:34:93:42:f1:b4:98:79:8f:43:10:ee:
         c3:b7:a8:ff:c9:cd:c5:d5:6e:fd:1a:31:bc:67:db:8a:ec:74:
         38:53:c1:a7:7f:7c:17:a7:11:d9:35:1a:96:ea:d9:6f:28:8d:
         69:f2:d6:b9:0a:02:8f:ca:1c:cd:f4:20:04:89:28:37:80:2d:
         fc:85:2e:3d:e1:d5:f1:19:58:f0:4b:d0:34:f6:00:5a:03:4d:
         3a:c1:b1:4b:7c:0e:fd:48:2e:15:74:ea:9b:a8:0b:08:6f:0f:
         df:35:ce:b3:a0:96:40:a1:8c:f1:c8:c3:18:bc:bb:4c:16:80:
         f9:2d:4c:b7:3b:ee:3a:cb:dc:37:1e:5a:a4:49:c6:13:01:08:
         54:47:27:c2:62:1e:8c:ba:0a:26:90:08:81:b2:db:07:0e:fc:
         87:f1:48:8d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEZXNBnUrncbE2pX09g1rW5PaQTMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODIxMDAwMDAwWhcNMjIwODI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2U2YWNkODRiYjZiZTJhYzZlZTA2MzM0ZmNkOTNlZDhj
ZTljM2UwOTg3NmM5NjYwNzI2MTM0NzljMzVmNDIyNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL1WFlX2X7eZIBd9B7ATf5oJkVGvsucMNHwqbmVLiUHTaIWEtQ7R
YOZvpPPswExVma7MhVDKztcu/ZLFHRnsK4cK4SFCoKSVtj5u3/u7EocFUcDrcuNI
6kqGfZhhIv/Nvqp2SHnN127/0NszOCs8w57Oamu9Qy8K5XHDqITvTD7KTjf3c0YD
xx45+tXlH5rNe8SWj0sTcRKeQ/tGz6lR0vPkaiL68FkwDIoTb8QoX+gPhViCWydS
WOz5RE+J9es2NvO/LkB9yiujbVheQ6AJ55wfhILa3bmg3yd9LkA3W75Uv6HxjC+T
ecl8ne0f3GM9tfrLDXAdK8vK6tB8qDXpO9MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQq1Psb8kBM9zszWkkbNGGA6jGiszAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGMxM2Q5OGEtYmI2YS00OGU4LThiNGMtM2U0YTQ2MzliZDRlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJs0RX18e7JSp9LB
SYkOIVo+Y0MMgfcp8dfKkrHgNfKFqn9MczUFuXa9Crkz3KuFf2XWRHoUlR21B2W5
eQidkf5c/pjrfntl81Dy1DtW/FYjFln5g+Qqezjonz0/Bghx4FQ0k0LxtJh5j0MQ
7sO3qP/JzcXVbv0aMbxn24rsdDhTwad/fBenEdk1Gpbq2W8ojWny1rkKAo/KHM30
IASJKDeALfyFLj3h1fEZWPBL0DT2AFoDTTrBsUt8Dv1ILhV06puoCwhvD981zrOg
lkChjPHIwxi8u0wWgPktTLc77jrL3DceWqRJxhMBCFRHJ8JiHoy6CiaQCIGy2wcO
/IfxSI0=
-----END CERTIFICATE-----