Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/99f3c56e-fce2-4ec4-be7d-271445894738.roa
File:                     99f3c56e-fce2-4ec4-be7d-271445894738.roa (raw, json)
Hash identifier:          qlWHvGEy75h5dyqFcetECXCbROvv3m2FozIZ4GKDOWk=
Subject key identifier:   2A:69:7F:A8:ED:5F:66:A7:1A:A5:D4:ED:36:E7:B5:56:E8:49:9C:B9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1EE6FCE00069E5C1EFDD09598AC6C5DE02392499
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/99f3c56e-fce2-4ec4-be7d-271445894738.roa
Signing time:             Fri 10 Mar 2023 00:00:00 +0000
ROA not before:           Fri 10 Mar 2023 00:00:00 +0000
ROA not after:            Mon 13 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:e6:fc:e0:00:69:e5:c1:ef:dd:09:59:8a:c6:c5:de:02:39:24:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 10 00:00:00 2023 GMT
            Not After : Mar 13 23:59:59 2023 GMT
        Subject: serialNumber=0d8717fb2164e85b107ce87976da49dfa94cc1d7bbd9f49b35e7536d8f4d14c9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:03:4d:93:ba:fb:0c:ff:8a:23:77:e9:7f:44:
                    07:f5:35:50:35:59:11:a4:8b:e9:9c:46:4d:54:35:
                    c3:86:16:4d:01:7c:a7:a0:ad:b1:a1:d5:22:fe:d0:
                    b1:90:98:e0:60:91:d7:5c:a0:a2:9f:20:25:86:e7:
                    dc:70:ac:47:95:63:89:0a:56:9a:05:c1:52:58:c0:
                    bf:d4:64:1c:a7:fb:c5:0c:8f:60:f1:1b:a5:4b:93:
                    84:ff:44:90:c3:c4:ab:a4:5a:c3:d6:b0:54:d6:f3:
                    0e:1a:23:67:7d:a6:72:b6:42:e2:a2:5a:c8:b2:f9:
                    fd:fb:66:ac:1c:2b:3d:dd:60:57:16:0c:10:e8:e6:
                    9b:17:07:d3:d7:a0:a8:ef:01:a4:01:a1:38:39:b7:
                    9d:b2:83:0e:8c:8a:47:0d:4a:38:1a:e0:cf:d3:41:
                    b4:a4:3c:d7:64:b0:87:97:c2:3d:ab:19:0b:c2:5d:
                    b7:50:ce:0d:bc:c2:f7:45:30:01:42:4d:c2:8d:bd:
                    ab:6b:8c:56:1c:95:2e:f5:df:a3:3e:93:94:1a:d5:
                    68:e0:a1:d5:34:5a:89:de:00:6b:41:91:3c:6b:6d:
                    12:07:ed:66:1f:34:bd:7b:21:72:b2:62:03:0a:8d:
                    ea:24:c3:8c:5e:aa:b7:47:81:b0:a9:24:af:9a:cf:
                    fc:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:69:7F:A8:ED:5F:66:A7:1A:A5:D4:ED:36:E7:B5:56:E8:49:9C:B9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/99f3c56e-fce2-4ec4-be7d-271445894738.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ee:4c:20:02:69:ea:b9:7d:98:e3:3b:cb:72:50:56:4e:f7:
         85:49:bf:5c:78:48:4b:81:bd:53:e1:a1:0a:77:48:e3:59:f3:
         86:85:37:b4:ae:65:f9:c0:0f:aa:54:32:6f:3b:47:8d:93:1d:
         3a:97:b8:ec:9c:3c:e0:f4:0f:b4:fd:ac:3d:bc:5b:9d:84:6c:
         78:06:72:76:8e:c8:41:a7:13:e8:86:4d:cd:2c:64:9c:41:8b:
         45:10:c2:d5:4e:0f:6a:96:7b:e4:b3:00:ff:e3:29:56:2f:f9:
         74:cb:18:21:d8:03:9f:83:4c:da:50:79:8c:db:8d:33:5c:f7:
         cb:be:f9:3e:07:89:9e:ba:ae:8d:cb:db:0f:f8:2f:34:c6:1d:
         ad:1f:cf:78:02:00:3b:7b:db:81:73:75:96:8f:5f:d1:93:16:
         9c:94:6f:68:85:9e:22:5b:3a:e7:bf:30:f8:d8:c8:76:5a:36:
         56:d3:f3:a6:73:59:5f:64:84:38:1b:02:bf:f8:79:16:4d:56:
         84:3c:28:f6:33:64:b2:75:7b:59:3e:33:23:00:4a:69:6e:0b:
         6d:2a:3c:27:dc:31:5f:3a:c6:a6:5e:ed:8f:4a:43:42:18:41:
         bd:c6:f9:36:c8:87:62:8e:cd:5b:dc:c4:fc:28:6c:82:5f:40:
         c5:17:e0:71
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHub84ABp5cHv3QlZisbF3gI5JJkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEwMDAwMDAwWhcNMjMwMzEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGQ4NzE3ZmIyMTY0ZTg1YjEwN2NlODc5NzZkYTQ5ZGZh
OTRjYzFkN2JiZDlmNDliMzVlNzUzNmQ4ZjRkMTRjOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJwDTZO6+wz/iiN36X9EB/U1UDVZEaSL6ZxGTVQ1w4YWTQF8p6Ct
saHVIv7QsZCY4GCR11ygop8gJYbn3HCsR5VjiQpWmgXBUljAv9RkHKf7xQyPYPEb
pUuThP9EkMPEq6Raw9awVNbzDhojZ32mcrZC4qJayLL5/ftmrBwrPd1gVxYMEOjm
mxcH09egqO8BpAGhODm3nbKDDoyKRw1KOBrgz9NBtKQ812Swh5fCPasZC8Jdt1DO
DbzC90UwAUJNwo29q2uMVhyVLvXfoz6TlBrVaOCh1TRaid4Aa0GRPGttEgftZh80
vXshcrJiAwqN6iTDjF6qt0eBsKkkr5rP/H8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQqaX+o7V9mpxql1O0257VW6EmcuTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTlmM2M1NmUtZmNlMi00ZWM0LWJlN2QtMjcxNDQ1ODk0NzM4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFbuTCACaeq5fZjj
O8tyUFZO94VJv1x4SEuBvVPhoQp3SONZ84aFN7SuZfnAD6pUMm87R42THTqXuOyc
POD0D7T9rD28W52EbHgGcnaOyEGnE+iGTc0sZJxBi0UQwtVOD2qWe+SzAP/jKVYv
+XTLGCHYA5+DTNpQeYzbjTNc98u++T4HiZ66ro3L2w/4LzTGHa0fz3gCADt724Fz
dZaPX9GTFpyUb2iFniJbOue/MPjYyHZaNlbT86ZzWV9khDgbAr/4eRZNVoQ8KPYz
ZLJ1e1k+MyMASmluC20qPCfcMV86xqZe7Y9KQ0IYQb3G+TbIh2KOzVvcxPwobIJf
QMUX4HE=
-----END CERTIFICATE-----