Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ba36786b-2d19-4a00-8ba9-e830d852f098.roa
File:                     ba36786b-2d19-4a00-8ba9-e830d852f098.roa (raw, json)
Hash identifier:          SonsFKEuy0KRhgnYaZMrQjhSsbXRcEYLTLtxdLc9z6s=
Subject key identifier:   23:A2:50:59:CE:F0:4E:9D:ED:59:D3:78:CB:44:AA:54:46:E2:03:01
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       72A7D2F35C6DA8897A06B06966A2CA16D80CF915
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ba36786b-2d19-4a00-8ba9-e830d852f098.roa
Signing time:             Wed 24 Aug 2022 00:00:00 +0000
ROA not before:           Wed 24 Aug 2022 00:00:00 +0000
ROA not after:            Sat 27 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:a7:d2:f3:5c:6d:a8:89:7a:06:b0:69:66:a2:ca:16:d8:0c:f9:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 24 00:00:00 2022 GMT
            Not After : Aug 27 23:59:59 2022 GMT
        Subject: serialNumber=6b5256fc4dd0f726f18d09e3b8bbccb49f9319dd622657613733501d65f0462e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:71:dd:fa:3f:3d:57:37:aa:63:58:11:0d:cb:
                    b6:3c:38:f2:24:0e:9b:68:b3:ee:26:55:9e:1b:29:
                    4a:2d:dd:f1:77:48:be:49:eb:e8:f6:c9:30:c3:19:
                    c0:1a:ac:3e:d6:25:df:7a:c5:2c:6c:8d:2c:d4:d7:
                    78:51:62:48:08:12:c6:88:fc:b6:b8:11:da:95:e2:
                    90:d3:a9:09:75:52:b2:11:49:e5:99:a4:c6:42:55:
                    1e:dc:ea:cf:52:61:dd:8a:38:2c:5a:70:90:94:48:
                    ed:f0:f7:07:22:3c:74:c9:e2:e2:c9:f0:cb:ac:2d:
                    d3:05:42:13:05:e7:32:4d:eb:46:cf:92:18:fd:3e:
                    51:80:9e:e2:32:b8:e2:c8:bd:a7:43:31:e3:8b:c5:
                    4c:2e:a7:95:82:e2:5b:eb:4b:92:66:b2:5a:01:d6:
                    ce:62:b7:a2:53:18:28:1b:d3:49:38:dd:30:95:70:
                    9e:15:d2:f2:7b:02:dd:7c:25:a3:1c:7f:d1:93:88:
                    23:40:b6:4b:e2:a6:3c:a3:c0:73:04:a4:98:54:0d:
                    bd:98:95:6f:66:ca:69:b6:aa:06:76:b0:1b:06:60:
                    d9:cc:96:0f:4d:73:0e:de:f3:a2:d5:a3:c5:f6:f4:
                    3e:7b:ca:4b:0c:99:f0:22:5b:18:a5:f7:73:ee:70:
                    02:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:A2:50:59:CE:F0:4E:9D:ED:59:D3:78:CB:44:AA:54:46:E2:03:01
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ba36786b-2d19-4a00-8ba9-e830d852f098.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:5f:f0:a1:65:57:16:c4:02:9b:e9:7e:3c:16:d1:40:d6:59:
         55:c1:de:b7:be:22:87:1b:55:2b:51:bb:35:5b:65:b0:19:6a:
         49:35:7c:04:0d:49:9b:49:2d:ef:14:23:ec:0a:8d:b8:c9:b0:
         2a:bc:78:d5:50:13:db:08:7d:e4:f8:18:b5:0e:d7:a3:1a:ac:
         6f:b3:49:41:ec:11:99:7c:30:d7:78:50:a5:7b:3d:57:41:95:
         e6:8d:23:d1:df:20:bf:66:6e:84:9e:0e:e7:0e:17:06:80:fc:
         11:3e:35:dc:39:44:a8:f2:0c:13:7f:e9:05:ef:a2:05:2a:12:
         3b:13:1d:cc:c6:c3:c4:72:5f:1d:3b:72:ec:31:57:96:14:76:
         3f:f8:08:9f:fb:a4:c0:40:db:b3:d5:54:af:15:dd:e8:e5:8b:
         26:cf:92:95:e9:c4:48:44:55:69:46:1a:dc:4d:3e:94:04:aa:
         ce:ab:03:3b:d4:9c:8d:2a:e9:a3:d5:62:98:10:21:45:c7:43:
         ea:3b:97:57:64:40:58:da:fa:ae:61:e4:55:7b:a8:5b:9f:d1:
         f5:a8:c9:d4:f0:b6:42:2e:ee:7f:2c:2c:10:ee:19:4f:95:4d:
         29:fc:12:57:08:d6:2b:c9:a0:b2:05:2f:1b:23:19:c2:00:3c:
         20:3f:74:31
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcqfS81xtqIl6BrBpZqLKFtgM+RUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODI0MDAwMDAwWhcNMjIwODI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANmI1MjU2ZmM0ZGQwZjcyNmYxOGQwOWUzYjhiYmNjYjQ5
ZjkzMTlkZDYyMjY1NzYxMzczMzUwMWQ2NWYwNDYyZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALdx3fo/PVc3qmNYEQ3Ltjw48iQOm2iz7iZVnhspSi3d8XdIvknr
6PbJMMMZwBqsPtYl33rFLGyNLNTXeFFiSAgSxoj8trgR2pXikNOpCXVSshFJ5Zmk
xkJVHtzqz1Jh3Yo4LFpwkJRI7fD3ByI8dMni4snwy6wt0wVCEwXnMk3rRs+SGP0+
UYCe4jK44si9p0Mx44vFTC6nlYLiW+tLkmayWgHWzmK3olMYKBvTSTjdMJVwnhXS
8nsC3Xwloxx/0ZOII0C2S+KmPKPAcwSkmFQNvZiVb2bKabaqBnawGwZg2cyWD01z
Dt7zotWjxfb0PnvKSwyZ8CJbGKX3c+5wAsMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQjolBZzvBOne1Z03jLRKpURuIDATAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmEzNjc4NmItMmQxOS00YTAwLThiYTktZTgzMGQ4NTJmMDk4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC9f8KFlVxbEApvp
fjwW0UDWWVXB3re+IocbVStRuzVbZbAZakk1fAQNSZtJLe8UI+wKjbjJsCq8eNVQ
E9sIfeT4GLUO16MarG+zSUHsEZl8MNd4UKV7PVdBleaNI9HfIL9mboSeDucOFwaA
/BE+Ndw5RKjyDBN/6QXvogUqEjsTHczGw8RyXx07cuwxV5YUdj/4CJ/7pMBA27PV
VK8V3ejliybPkpXpxEhEVWlGGtxNPpQEqs6rAzvUnI0q6aPVYpgQIUXHQ+o7l1dk
QFja+q5h5FV7qFuf0fWoydTwtkIu7n8sLBDuGU+VTSn8ElcI1ivJoLIFLxsjGcIA
PCA/dDE=
-----END CERTIFICATE-----