Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b4164cf8-9c99-4c83-9546-163766e9e96f.roa
File:                     b4164cf8-9c99-4c83-9546-163766e9e96f.roa (raw, json)
Hash identifier:          MDyDGF1jxEJqZuiI7Zoq8bjyXc3AGJhGWHcM4rP/IVw=
Subject key identifier:   59:E5:26:09:A6:7F:01:B6:C4:BB:79:9F:65:01:05:43:96:26:89:5E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6CD51EB2A3006FD6B3BD6C6D58E482C4C076609D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b4164cf8-9c99-4c83-9546-163766e9e96f.roa
Signing time:             Sat 11 Feb 2023 00:00:00 +0000
ROA not before:           Sat 11 Feb 2023 00:00:00 +0000
ROA not after:            Tue 14 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:d5:1e:b2:a3:00:6f:d6:b3:bd:6c:6d:58:e4:82:c4:c0:76:60:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 11 00:00:00 2023 GMT
            Not After : Feb 14 23:59:59 2023 GMT
        Subject: serialNumber=c9a5805c0c6cf681112a1f3743b17ac4631b2cceaffad31fb2b9f3d0bf1021a3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:86:69:ef:bc:54:5c:33:c5:c6:d7:d3:2d:81:
                    53:14:3e:f7:07:1e:58:0d:12:60:cc:73:66:5b:b1:
                    cb:c6:a4:46:85:b4:44:ca:e1:69:22:8d:d6:3b:cb:
                    5f:59:3d:be:12:e2:cf:2a:3d:42:95:d6:6e:58:56:
                    7b:3a:30:f2:d8:83:92:ca:03:99:20:7a:a6:4e:28:
                    c0:94:9f:58:b2:c3:af:2a:af:aa:54:75:0f:3a:48:
                    71:6a:82:e2:dd:27:04:b3:04:93:73:3d:11:a7:f6:
                    b8:17:88:3f:d7:bb:7b:e2:c4:67:17:25:07:ef:29:
                    e8:71:f5:42:9f:f2:68:3a:71:97:fd:79:a8:35:0e:
                    ed:5d:95:70:21:30:89:63:5d:bf:57:ba:e5:9e:37:
                    b5:70:b5:62:1e:27:f6:d0:ab:f5:61:b3:21:fc:9b:
                    a7:16:bd:9d:fe:78:55:c9:78:30:bf:a4:3c:d3:ab:
                    f2:25:1b:ea:e6:e0:c2:5a:81:a7:1e:ef:9d:e3:90:
                    74:70:5b:00:70:5d:a4:3b:8c:4c:25:8f:d0:b5:18:
                    9c:5a:ad:1a:a6:e0:8f:45:d9:68:db:ac:dd:54:b4:
                    b7:f9:e5:0a:fa:8a:f2:27:0a:90:d6:34:70:57:82:
                    aa:45:fb:0f:6d:9a:13:d3:c2:a7:a0:86:2d:9b:26:
                    4a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E5:26:09:A6:7F:01:B6:C4:BB:79:9F:65:01:05:43:96:26:89:5E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b4164cf8-9c99-4c83-9546-163766e9e96f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:db:70:2a:4e:39:5f:02:10:4f:43:36:05:5c:50:39:31:e5:
         d8:d5:c9:dd:cb:85:15:6c:6c:fb:df:21:40:44:52:12:c9:55:
         c1:05:69:43:66:74:23:e3:b3:5c:7a:0a:ee:dd:1f:3d:1f:ff:
         eb:f8:50:ab:c1:a4:f9:ee:90:ec:b2:3e:07:b8:9f:a7:cf:5a:
         0e:97:e0:5f:8d:e1:11:8d:2a:48:1b:62:ab:02:fa:df:9a:3a:
         1f:2d:6a:c6:f9:a9:57:50:9f:fe:fc:00:1e:68:a3:94:11:98:
         3f:f9:cc:cd:eb:ac:cd:61:ec:d8:40:d4:94:2f:d7:7c:6a:e4:
         a3:6d:b4:9b:f8:6b:4f:66:f0:fe:8c:b7:96:56:d9:f5:6b:1a:
         f8:6e:09:0f:a8:a2:84:fa:fc:33:3b:e5:25:06:56:ea:ff:43:
         f8:99:58:91:9c:7d:9c:67:b5:5e:48:a0:3a:3f:91:e0:64:04:
         70:da:32:f8:f7:42:40:da:9d:50:c6:95:5b:55:42:ac:1f:fa:
         fc:ca:98:30:71:72:86:8d:bd:b0:4c:66:3e:c4:88:58:df:51:
         6e:f7:f9:0e:18:e5:17:21:ac:bf:c7:6d:be:95:f0:d7:5e:96:
         3c:a4:9d:e3:5f:52:0b:85:67:e2:51:1d:fb:99:bd:48:46:a7:
         48:40:ec:83
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbNUesqMAb9azvWxtWOSCxMB2YJ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjExMDAwMDAwWhcNMjMwMjE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzlhNTgwNWMwYzZjZjY4MTExMmExZjM3NDNiMTdhYzQ2
MzFiMmNjZWFmZmFkMzFmYjJiOWYzZDBiZjEwMjFhMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJuGae+8VFwzxcbX0y2BUxQ+9wceWA0SYMxzZluxy8akRoW0RMrh
aSKN1jvLX1k9vhLizyo9QpXWblhWezow8tiDksoDmSB6pk4owJSfWLLDryqvqlR1
DzpIcWqC4t0nBLMEk3M9Eaf2uBeIP9e7e+LEZxclB+8p6HH1Qp/yaDpxl/15qDUO
7V2VcCEwiWNdv1e65Z43tXC1Yh4n9tCr9WGzIfybpxa9nf54Vcl4ML+kPNOr8iUb
6ubgwlqBpx7vneOQdHBbAHBdpDuMTCWP0LUYnFqtGqbgj0XZaNus3VS0t/nlCvqK
8icKkNY0cFeCqkX7D22aE9PCp6CGLZsmSu8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRZ5SYJpn8BtsS7eZ9lAQVDliaJXjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjQxNjRjZjgtOWM5OS00YzgzLTk1NDYtMTYzNzY2ZTllOTZmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGzbcCpOOV8CEE9D
NgVcUDkx5djVyd3LhRVsbPvfIUBEUhLJVcEFaUNmdCPjs1x6Cu7dHz0f/+v4UKvB
pPnukOyyPge4n6fPWg6X4F+N4RGNKkgbYqsC+t+aOh8tasb5qVdQn/78AB5oo5QR
mD/5zM3rrM1h7NhA1JQv13xq5KNttJv4a09m8P6Mt5ZW2fVrGvhuCQ+oooT6/DM7
5SUGVur/Q/iZWJGcfZxntV5IoDo/keBkBHDaMvj3QkDanVDGlVtVQqwf+vzKmDBx
coaNvbBMZj7EiFjfUW73+Q4Y5RchrL/Hbb6V8NdeljykneNfUguFZ+JRHfuZvUhG
p0hA7IM=
-----END CERTIFICATE-----