Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/99fd0074-3c30-42f5-b059-f825f1e432f4.roa
File:                     99fd0074-3c30-42f5-b059-f825f1e432f4.roa (raw, json)
Hash identifier:          oiC0QltTqJOMexhm67Jp5481mWBidL9pbowcDq9hRRs=
Subject key identifier:   EE:14:8D:45:CB:63:34:BC:44:94:4B:89:B3:23:DE:7D:E4:69:DF:C4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5075368B8E806387998F34F40DBDA1ABAFC0E462
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/99fd0074-3c30-42f5-b059-f825f1e432f4.roa
Signing time:             Thu 09 Mar 2023 00:00:00 +0000
ROA not before:           Thu 09 Mar 2023 00:00:00 +0000
ROA not after:            Sun 12 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:75:36:8b:8e:80:63:87:99:8f:34:f4:0d:bd:a1:ab:af:c0:e4:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  9 00:00:00 2023 GMT
            Not After : Mar 12 23:59:59 2023 GMT
        Subject: serialNumber=706e0f5cbe84eab4ec6e247b8213dd553a7ab1f03ce7740b8132df13e68e3403, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:24:c7:f8:30:7e:08:a3:0e:dc:e0:86:6f:41:
                    de:0c:74:da:f8:d5:85:7e:12:ef:2c:71:ba:2e:62:
                    d5:07:f5:df:c0:c9:19:e8:bf:c5:0f:f0:00:86:f3:
                    f1:e0:36:15:cd:f3:8b:be:73:5f:3f:29:9a:70:9f:
                    b1:3b:7d:ef:85:ec:b5:81:49:8f:13:cd:bf:04:cd:
                    e8:71:f7:c3:ad:44:83:1b:a8:4a:6d:54:fe:f6:ad:
                    12:63:e6:62:d1:13:5f:67:25:70:16:d7:23:98:bb:
                    5e:f3:66:41:3c:c6:3b:23:f0:cd:1e:fc:22:47:cc:
                    69:95:81:2d:63:a4:fc:8e:29:e9:81:c7:e2:c9:8f:
                    31:c7:7a:ce:53:82:cc:bd:66:52:44:b6:be:3c:4d:
                    71:72:bc:54:02:fa:40:ce:c9:27:a1:2b:ba:80:b4:
                    4c:87:46:eb:cd:e6:96:89:28:45:94:79:0b:9f:aa:
                    be:62:a1:9e:a4:ae:31:f2:6f:24:ef:e2:06:64:08:
                    0c:e3:11:d6:e5:e9:14:c2:25:90:cf:09:71:76:cb:
                    12:4d:3b:ed:75:55:bd:3a:6c:59:5c:a7:72:c2:cd:
                    d2:66:6b:d4:a4:ac:f9:1e:7a:8c:aa:37:05:c6:0d:
                    2b:00:9b:76:f7:1a:d8:d1:cb:fd:5d:03:7c:bb:1f:
                    77:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:14:8D:45:CB:63:34:BC:44:94:4B:89:B3:23:DE:7D:E4:69:DF:C4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/99fd0074-3c30-42f5-b059-f825f1e432f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:04:ce:6a:e7:a3:92:bd:45:94:5d:0c:ae:6b:e2:e9:86:2a:
         38:dc:b5:cd:89:18:cc:31:3e:46:fb:d8:3e:f1:91:30:64:32:
         3c:67:2f:ea:df:e4:83:6a:bd:fb:5b:08:7a:70:40:1f:a0:c3:
         26:20:e0:2e:99:5c:9b:81:ae:3d:af:a2:ce:12:e2:c4:02:21:
         dc:54:81:dc:45:b0:7d:0e:ad:4b:c2:e6:66:48:b6:51:15:9a:
         6e:35:99:ce:e0:2d:bc:2e:f8:e4:d3:2d:c8:0b:e4:4a:c2:3e:
         8c:04:3f:3e:ac:8e:65:69:cb:4e:83:ab:3f:2e:d7:2c:b9:fc:
         3e:01:86:61:f0:59:e7:c7:cc:15:c8:10:fb:1d:b6:ba:1c:e5:
         0f:f0:d8:82:50:9d:fa:27:00:59:73:3d:35:c9:d3:76:e6:0a:
         34:3c:4c:3f:b9:a1:a2:19:83:cd:33:72:46:cf:67:97:82:ba:
         37:27:b9:fd:57:cb:e1:11:fd:45:0b:5a:9f:60:ab:e1:44:6d:
         6f:ed:37:0d:b5:72:9a:43:d6:aa:6c:3d:22:1a:b7:c2:46:8e:
         cf:cf:f1:cf:1d:7c:18:4f:7f:c4:e2:fc:eb:11:41:b3:4a:b0:
         39:cd:c6:41:64:31:c3:d7:7c:85:7b:a1:03:3e:7a:95:04:0a:
         8a:6e:76:02
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUHU2i46AY4eZjzT0Db2hq6/A5GIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA5MDAwMDAwWhcNMjMwMzEyMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzA2ZTBmNWNiZTg0ZWFiNGVjNmUyNDdiODIxM2RkNTUz
YTdhYjFmMDNjZTc3NDBiODEzMmRmMTNlNjhlMzQwMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANQkx/gwfgijDtzghm9B3gx02vjVhX4S7yxxui5i1Qf138DJGei/
xQ/wAIbz8eA2Fc3zi75zXz8pmnCfsTt974XstYFJjxPNvwTN6HH3w61EgxuoSm1U
/vatEmPmYtETX2clcBbXI5i7XvNmQTzGOyPwzR78IkfMaZWBLWOk/I4p6YHH4smP
Mcd6zlOCzL1mUkS2vjxNcXK8VAL6QM7JJ6EruoC0TIdG683mlokoRZR5C5+qvmKh
nqSuMfJvJO/iBmQIDOMR1uXpFMIlkM8JcXbLEk077XVVvTpsWVyncsLN0mZr1KSs
+R56jKo3BcYNKwCbdvca2NHL/V0DfLsfd8ECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTuFI1Fy2M0vESUS4mzI9595GnfxDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTlmZDAwNzQtM2MzMC00MmY1LWIwNTktZjgyNWYxZTQzMmY0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ0Ezmrno5K9RZRd
DK5r4umGKjjctc2JGMwxPkb72D7xkTBkMjxnL+rf5INqvftbCHpwQB+gwyYg4C6Z
XJuBrj2vos4S4sQCIdxUgdxFsH0OrUvC5mZItlEVmm41mc7gLbwu+OTTLcgL5ErC
PowEPz6sjmVpy06Dqz8u1yy5/D4BhmHwWefHzBXIEPsdtroc5Q/w2IJQnfonAFlz
PTXJ03bmCjQ8TD+5oaIZg80zckbPZ5eCujcnuf1Xy+ER/UULWp9gq+FEbW/tNw21
cppD1qpsPSIat8JGjs/P8c8dfBhPf8Ti/OsRQbNKsDnNxkFkMcPXfIV7oQM+epUE
CopudgI=
-----END CERTIFICATE-----