Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bb977307-21d8-40ad-b86b-b44990a916c6.roa
File:                     bb977307-21d8-40ad-b86b-b44990a916c6.roa (raw, json)
Hash identifier:          UTOF9OQJ36l7BJJELt7YbudCNObE6yyuJAnov3f//tg=
Subject key identifier:   05:0E:86:5B:FD:B4:C2:C4:38:0A:9B:6A:A4:C0:56:B3:90:FA:F2:13
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0105D3B45561176E448534746D75800A24A3670E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bb977307-21d8-40ad-b86b-b44990a916c6.roa
Signing time:             Thu 15 Dec 2022 00:00:00 +0000
ROA not before:           Thu 15 Dec 2022 00:00:00 +0000
ROA not after:            Sun 18 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:05:d3:b4:55:61:17:6e:44:85:34:74:6d:75:80:0a:24:a3:67:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 15 00:00:00 2022 GMT
            Not After : Dec 18 23:59:59 2022 GMT
        Subject: serialNumber=ca9de8954848de23c74ac8548092dcbe117e12eb3cd7366ea3aac97385d7821f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f7:7e:32:17:0a:b5:ee:60:7d:d2:8f:c4:a0:
                    e0:f2:55:3b:03:03:03:25:d9:75:ef:8d:07:fe:f5:
                    84:3a:7a:ac:69:c3:39:f6:a6:73:be:6c:6d:47:99:
                    c3:99:a0:31:9f:5c:fa:1f:a2:f8:1b:9b:c4:34:b4:
                    29:96:bb:75:f3:95:57:cc:b8:e0:fa:4a:02:88:6c:
                    9f:93:f3:d1:4d:e1:f2:7f:1f:57:15:81:f6:02:4c:
                    38:0c:78:ea:a1:8b:5e:7f:5c:b2:e4:b3:b6:4d:66:
                    d5:b4:9e:54:78:78:71:9b:11:35:45:a9:5b:07:fc:
                    98:7e:e0:a2:d4:34:a3:cd:6b:b4:fe:8d:09:6a:c6:
                    f1:c5:11:1f:c7:57:d5:79:d5:97:b3:5f:31:c2:ac:
                    dc:0f:0d:52:6e:77:ad:18:ab:77:5a:b9:78:d0:a2:
                    56:33:a3:9d:72:2d:7d:1e:41:9a:48:87:21:aa:b3:
                    9c:98:f2:67:50:b0:82:67:4d:a0:26:b9:1d:73:d1:
                    62:51:76:5d:b1:fb:7d:2a:1f:ec:e5:ae:d4:91:2e:
                    21:19:b1:97:68:37:3b:a2:b5:64:61:7f:a8:f0:a9:
                    76:3f:1f:0d:32:b0:51:f4:15:93:ab:8c:3c:9d:32:
                    c0:ed:67:3a:3f:90:6c:10:a6:a1:cb:e0:20:87:36:
                    27:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:0E:86:5B:FD:B4:C2:C4:38:0A:9B:6A:A4:C0:56:B3:90:FA:F2:13
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bb977307-21d8-40ad-b86b-b44990a916c6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:07:f5:94:5f:1e:ad:2c:fd:f4:14:d2:c5:cc:ee:6b:68:30:
         02:8b:76:36:e7:ea:2f:47:66:3d:ea:e5:28:67:28:6c:f9:4b:
         30:4b:5f:60:33:17:a7:d8:78:d3:12:72:56:57:38:90:7e:e6:
         c8:fa:a6:70:68:d6:54:c3:9b:63:59:c2:58:ad:eb:3e:77:2c:
         81:32:ff:91:7a:f5:5e:b3:b1:11:ee:13:97:cf:d5:6e:37:2e:
         83:84:70:c5:73:39:9c:b5:e8:f4:fa:03:07:b2:29:05:74:0f:
         b7:12:01:f9:67:d5:3e:60:0c:97:b8:b6:3a:e2:cc:07:ab:ff:
         78:1d:7c:4c:c0:83:5b:55:86:3c:a2:18:26:74:c8:7c:fa:5f:
         92:83:42:0c:da:4a:a4:48:de:01:cc:01:74:1d:37:27:03:22:
         28:15:44:3a:02:80:ba:2e:e9:ad:c0:51:41:37:ef:21:d4:20:
         5a:bb:8f:0b:38:12:13:cb:2b:08:8d:ce:a0:e6:84:00:de:f4:
         d3:41:ff:57:52:3a:41:45:1b:95:b8:10:a0:cd:c0:d4:ed:bd:
         61:c9:08:97:4c:14:9a:1e:01:fa:e0:9e:00:fb:d0:91:fa:05:
         dc:54:6c:ea:95:9d:44:bf:25:6b:d7:8a:12:46:ab:3e:c0:1a:
         dd:81:f3:bb
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAQXTtFVhF25EhTR0bXWACiSjZw4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE1MDAwMDAwWhcNMjIxMjE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2E5ZGU4OTU0ODQ4ZGUyM2M3NGFjODU0ODA5MmRjYmUx
MTdlMTJlYjNjZDczNjZlYTNhYWM5NzM4NWQ3ODIxZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMT3fjIXCrXuYH3Sj8Sg4PJVOwMDAyXZde+NB/71hDp6rGnDOfam
c75sbUeZw5mgMZ9c+h+i+BubxDS0KZa7dfOVV8y44PpKAohsn5Pz0U3h8n8fVxWB
9gJMOAx46qGLXn9csuSztk1m1bSeVHh4cZsRNUWpWwf8mH7gotQ0o81rtP6NCWrG
8cURH8dX1XnVl7NfMcKs3A8NUm53rRird1q5eNCiVjOjnXItfR5BmkiHIaqznJjy
Z1CwgmdNoCa5HXPRYlF2XbH7fSof7OWu1JEuIRmxl2g3O6K1ZGF/qPCpdj8fDTKw
UfQVk6uMPJ0ywO1nOj+QbBCmocvgIIc2J5ECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQFDoZb/bTCxDgKm2qkwFazkPryEzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmI5NzczMDctMjFkOC00MGFkLWI4NmItYjQ0OTkwYTkxNmM2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALoH9ZRfHq0s/fQU
0sXM7mtoMAKLdjbn6i9HZj3q5ShnKGz5SzBLX2AzF6fYeNMSclZXOJB+5sj6pnBo
1lTDm2NZwlit6z53LIEy/5F69V6zsRHuE5fP1W43LoOEcMVzOZy16PT6AweyKQV0
D7cSAfln1T5gDJe4tjrizAer/3gdfEzAg1tVhjyiGCZ0yHz6X5KDQgzaSqRI3gHM
AXQdNycDIigVRDoCgLou6a3AUUE37yHUIFq7jws4EhPLKwiNzqDmhADe9NNB/1dS
OkFFG5W4EKDNwNTtvWHJCJdMFJoeAfrgngD70JH6BdxUbOqVnUS/JWvXihJGqz7A
Gt2B87s=
-----END CERTIFICATE-----