Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b8f370ac-270a-4daf-9600-82be8ede0141.roa
File:                     b8f370ac-270a-4daf-9600-82be8ede0141.roa (raw, json)
Hash identifier:          d1iGH+nCmjOFfaTiQG32SgA+bOvZvdLDe7hyLouvbrg=
Subject key identifier:   F5:FA:EA:1A:96:3C:26:83:C7:37:AE:55:80:64:EA:BA:83:59:07:DC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       095399DC52DD786504437483C9EC1895740B7553
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b8f370ac-270a-4daf-9600-82be8ede0141.roa
Signing time:             Tue 21 Feb 2023 00:00:00 +0000
ROA not before:           Tue 21 Feb 2023 00:00:00 +0000
ROA not after:            Fri 24 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:53:99:dc:52:dd:78:65:04:43:74:83:c9:ec:18:95:74:0b:75:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 21 00:00:00 2023 GMT
            Not After : Feb 24 23:59:59 2023 GMT
        Subject: serialNumber=11a266599bafb1c2c7184a73771f5c89c20193a0aa8770e9866c1b969d9a09a3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:00:a0:30:2e:04:94:ad:b3:53:84:83:66:4e:
                    20:49:82:1c:f9:14:4c:e8:49:c8:a2:04:15:bc:b1:
                    56:2a:82:b1:ee:fe:20:fa:f8:0c:75:1c:39:09:ce:
                    11:1e:68:ab:94:92:ef:74:cc:7d:8c:d7:68:2e:f7:
                    a6:9d:d1:08:fe:85:de:15:53:50:4b:ca:79:1f:cb:
                    76:05:98:97:d3:d0:cb:0d:70:99:90:a9:be:f7:08:
                    22:8a:ab:1b:69:7b:2d:db:f5:d7:ea:2b:7a:1f:43:
                    4c:78:18:68:c1:6f:0d:3b:0e:c3:cb:f3:cc:ee:bf:
                    82:25:37:8d:eb:47:dd:65:f6:79:1e:6a:4c:de:d0:
                    71:6f:18:cc:6e:4f:97:cf:5e:44:e0:c4:68:8e:e9:
                    7d:5c:f7:c8:35:bc:1b:10:0e:47:0e:1d:17:c9:ca:
                    22:24:35:8d:99:66:48:63:d5:17:9b:9f:08:3b:62:
                    f2:04:41:f1:e9:18:05:83:57:76:6d:8e:96:30:7a:
                    9e:b6:b0:e5:62:ee:b5:32:99:19:43:33:e8:55:f7:
                    c6:1a:63:ad:c4:43:3f:5a:46:db:2f:66:25:f8:47:
                    3d:01:23:95:34:05:91:a9:25:43:cb:48:19:62:61:
                    c9:eb:f4:e2:5a:c9:cd:b0:e3:4c:3d:cd:82:1c:fa:
                    26:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:FA:EA:1A:96:3C:26:83:C7:37:AE:55:80:64:EA:BA:83:59:07:DC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b8f370ac-270a-4daf-9600-82be8ede0141.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:c2:02:0d:93:f9:41:d3:a8:e2:e3:00:c2:25:88:84:9c:74:
         ef:8a:53:a4:15:55:42:f1:de:84:fd:cc:44:3d:ad:97:23:ae:
         64:b3:56:e8:bf:0f:24:0c:67:e2:01:2a:98:94:fb:dc:17:3d:
         f2:44:60:61:a8:72:19:53:e4:0b:1e:f4:0d:56:3e:f5:8a:46:
         57:7c:19:9f:48:4b:0f:ae:ab:3c:89:b9:13:58:1f:7b:c8:8e:
         ac:df:ef:6d:bb:27:b2:14:46:7f:ce:50:d7:90:ae:92:6c:a8:
         00:28:bf:80:ca:cb:9c:c4:24:bc:f7:24:aa:4d:9c:07:61:49:
         82:43:fa:42:f6:26:f4:74:8a:9d:d2:30:b9:f2:a4:4e:3d:bd:
         0f:f1:cb:9f:f0:df:a7:f8:85:6e:0b:f6:ec:b0:0a:f3:b6:8d:
         78:e3:4b:98:77:c6:66:e2:8f:a5:96:dc:aa:a1:88:ed:73:01:
         22:6d:33:26:df:ff:44:a2:16:c4:4c:b3:88:ef:ae:0a:fb:fe:
         89:62:aa:ed:19:e7:ab:19:dd:0e:d5:65:82:aa:2f:53:40:ee:
         4b:20:03:4a:7c:e9:57:91:8f:2a:c5:10:ab:26:36:19:51:63:
         f9:c7:e3:22:6c:ab:7d:b5:ce:52:26:1e:fd:11:38:30:d5:32:
         cf:83:9f:a6
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCVOZ3FLdeGUEQ3SDyewYlXQLdVMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIxMDAwMDAwWhcNMjMwMjI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTFhMjY2NTk5YmFmYjFjMmM3MTg0YTczNzcxZjVjODlj
MjAxOTNhMGFhODc3MGU5ODY2YzFiOTY5ZDlhMDlhMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMQAoDAuBJSts1OEg2ZOIEmCHPkUTOhJyKIEFbyxViqCse7+IPr4
DHUcOQnOER5oq5SS73TMfYzXaC73pp3RCP6F3hVTUEvKeR/LdgWYl9PQyw1wmZCp
vvcIIoqrG2l7Ldv11+oreh9DTHgYaMFvDTsOw8vzzO6/giU3jetH3WX2eR5qTN7Q
cW8YzG5Pl89eRODEaI7pfVz3yDW8GxAORw4dF8nKIiQ1jZlmSGPVF5ufCDti8gRB
8ekYBYNXdm2OljB6nraw5WLutTKZGUMz6FX3xhpjrcRDP1pG2y9mJfhHPQEjlTQF
kaklQ8tIGWJhyev04lrJzbDjTD3Nghz6JokCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT1+uoaljwmg8c3rlWAZOq6g1kH3DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjhmMzcwYWMtMjcwYS00ZGFmLTk2MDAtODJiZThlZGUwMTQxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMvCAg2T+UHTqOLj
AMIliIScdO+KU6QVVULx3oT9zEQ9rZcjrmSzVui/DyQMZ+IBKpiU+9wXPfJEYGGo
chlT5Ase9A1WPvWKRld8GZ9ISw+uqzyJuRNYH3vIjqzf7227J7IURn/OUNeQrpJs
qAAov4DKy5zEJLz3JKpNnAdhSYJD+kL2JvR0ip3SMLnypE49vQ/xy5/w36f4hW4L
9uywCvO2jXjjS5h3xmbij6WW3KqhiO1zASJtMybf/0SiFsRMs4jvrgr7/oliqu0Z
56sZ3Q7VZYKqL1NA7ksgA0p86VeRjyrFEKsmNhlRY/nH4yJsq321zlImHv0RODDV
Ms+Dn6Y=
-----END CERTIFICATE-----