Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ad8ba818-8c1e-42ab-a3b9-d1250192ab1b.roa
File:                     ad8ba818-8c1e-42ab-a3b9-d1250192ab1b.roa (raw, json)
Hash identifier:          9LYf7gVMzLmmhKTjpZDspIKtEbsBRM6z2iCocaLhtKc=
Subject key identifier:   8C:A0:C6:A5:F1:AB:6C:E4:71:0F:81:09:4C:7C:67:82:2B:C2:46:92
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       10A9754E251773FF82EB3C6B8BB17D2B2D5C5CAE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ad8ba818-8c1e-42ab-a3b9-d1250192ab1b.roa
Signing time:             Mon 27 Feb 2023 00:00:00 +0000
ROA not before:           Mon 27 Feb 2023 00:00:00 +0000
ROA not after:            Thu 02 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:a9:75:4e:25:17:73:ff:82:eb:3c:6b:8b:b1:7d:2b:2d:5c:5c:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 27 00:00:00 2023 GMT
            Not After : Mar  2 23:59:59 2023 GMT
        Subject: serialNumber=cf07d687b4759b5cee29256bef443279e07dc02311714454fa572419311b2644, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fa:26:21:21:fc:b3:c5:c7:a8:f9:be:5d:9d:
                    b8:5e:8c:68:5b:90:0a:13:e8:44:18:23:5d:16:f1:
                    69:c1:cd:d6:14:b3:b0:55:22:8d:73:4a:6f:67:ab:
                    65:21:20:85:c3:f0:8b:ea:71:7a:c9:37:cf:a1:92:
                    57:b7:00:13:f9:e5:2c:a1:ab:f1:55:69:44:5f:ca:
                    55:16:1a:ef:a8:2a:dd:be:3f:b3:24:f6:33:97:28:
                    7b:76:5d:ef:88:83:1f:f4:d9:bf:ab:92:f4:fb:b1:
                    59:cd:c6:5b:ec:ac:22:5e:ec:a8:2a:19:6b:66:3b:
                    8b:03:36:83:31:f0:7e:17:3b:14:cc:d8:29:78:91:
                    ff:33:ec:2d:c4:50:13:0c:50:45:20:80:c3:4a:08:
                    83:b2:e9:fa:10:ad:5f:4d:8b:38:5c:40:f4:4b:d0:
                    19:2b:3e:3f:90:eb:bd:34:34:ab:6d:44:05:b9:ab:
                    70:bd:90:18:14:79:f5:ee:5a:c5:6b:2f:ac:98:13:
                    75:d5:26:4b:16:af:33:6c:45:50:0d:08:7e:7e:1f:
                    12:e1:3c:59:30:74:da:0a:d1:40:43:23:9e:2e:dd:
                    d8:8a:d8:90:b4:24:a8:cf:c1:d1:dd:2d:ec:25:bb:
                    1b:64:09:1c:8d:7d:20:c9:53:d5:34:eb:c1:51:2e:
                    cc:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A0:C6:A5:F1:AB:6C:E4:71:0F:81:09:4C:7C:67:82:2B:C2:46:92
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ad8ba818-8c1e-42ab-a3b9-d1250192ab1b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:a8:13:a8:25:8b:df:8d:38:de:98:3c:a9:24:bf:11:31:1e:
         03:5e:f3:0e:bd:83:4d:ac:09:41:e1:5c:b6:22:a4:3d:0a:f0:
         aa:21:4a:2a:57:d3:42:e8:d7:c5:dc:4c:c5:28:7a:d7:cf:bd:
         db:d8:4d:cc:56:4c:60:99:da:9b:df:2c:8e:e9:8c:2c:31:67:
         8c:d2:57:45:5f:45:f7:c5:c7:f5:6e:43:bb:bf:68:e1:20:10:
         27:56:7c:e4:ed:ce:e9:81:83:8f:d2:c5:b8:93:61:00:f8:1c:
         34:ac:14:09:d6:3a:d6:52:d7:a5:6d:d3:2c:e7:35:69:c7:5d:
         06:64:61:49:45:1b:34:14:2f:14:64:80:e8:e7:7c:25:63:b8:
         2d:52:2d:c8:a1:a2:09:e1:f7:86:b2:d2:58:99:a3:52:b2:66:
         b7:a1:78:8a:cd:40:fb:0a:a2:c8:5c:33:21:70:9c:2d:80:ed:
         e1:d5:19:7b:1b:e5:48:ba:53:4c:cb:47:1b:39:ab:63:d2:ba:
         1d:2f:4f:1b:d2:75:d2:d7:da:f7:f6:bb:1d:d4:12:36:f3:06:
         8e:83:67:3b:01:15:16:2c:62:b3:73:82:7b:ae:f3:03:9b:0f:
         ca:51:7d:56:6b:4e:ed:69:31:95:9a:3f:d4:c6:78:87:e1:f9:
         09:b3:b6:31
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEKl1TiUXc/+C6zxri7F9Ky1cXK4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI3MDAwMDAwWhcNMjMwMzAyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2YwN2Q2ODdiNDc1OWI1Y2VlMjkyNTZiZWY0NDMyNzll
MDdkYzAyMzExNzE0NDU0ZmE1NzI0MTkzMTFiMjY0NDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL/6JiEh/LPFx6j5vl2duF6MaFuQChPoRBgjXRbxacHN1hSzsFUi
jXNKb2erZSEghcPwi+pxesk3z6GSV7cAE/nlLKGr8VVpRF/KVRYa76gq3b4/syT2
M5coe3Zd74iDH/TZv6uS9PuxWc3GW+ysIl7sqCoZa2Y7iwM2gzHwfhc7FMzYKXiR
/zPsLcRQEwxQRSCAw0oIg7Lp+hCtX02LOFxA9EvQGSs+P5DrvTQ0q21EBbmrcL2Q
GBR59e5axWsvrJgTddUmSxavM2xFUA0Ifn4fEuE8WTB02grRQEMjni7d2IrYkLQk
qM/B0d0t7CW7G2QJHI19IMlT1TTrwVEuzDsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSMoMal8ats5HEPgQlMfGeCK8JGkjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWQ4YmE4MTgtOGMxZS00MmFiLWEzYjktZDEyNTAxOTJhYjFiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEOoE6gli9+NON6Y
PKkkvxExHgNe8w69g02sCUHhXLYipD0K8KohSipX00Lo18XcTMUoetfPvdvYTcxW
TGCZ2pvfLI7pjCwxZ4zSV0VfRffFx/VuQ7u/aOEgECdWfOTtzumBg4/SxbiTYQD4
HDSsFAnWOtZS16Vt0yznNWnHXQZkYUlFGzQULxRkgOjnfCVjuC1SLcihognh94ay
0liZo1KyZreheIrNQPsKoshcMyFwnC2A7eHVGXsb5Ui6U0zLRxs5q2PSuh0vTxvS
ddLX2vf2ux3UEjbzBo6DZzsBFRYsYrNzgnuu8wObD8pRfVZrTu1pMZWaP9TGeIfh
+QmztjE=
-----END CERTIFICATE-----