Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bd90feab-0f85-4bae-854a-4751d0149b52.roa
File:                     bd90feab-0f85-4bae-854a-4751d0149b52.roa (raw, json)
Hash identifier:          506VdXUi2P68GclaKAJMMI4XW/hIHQ8h360NejdmHro=
Subject key identifier:   AA:07:11:BB:72:D9:8B:F3:86:3E:08:F9:1B:FF:E6:FC:86:E1:37:FA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3011E764CEA9A5455C627CC1C9D82EA69C19D07A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bd90feab-0f85-4bae-854a-4751d0149b52.roa
Signing time:             Thu 19 Jan 2023 00:00:00 +0000
ROA not before:           Thu 19 Jan 2023 00:00:00 +0000
ROA not after:            Sun 22 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:11:e7:64:ce:a9:a5:45:5c:62:7c:c1:c9:d8:2e:a6:9c:19:d0:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 19 00:00:00 2023 GMT
            Not After : Jan 22 23:59:59 2023 GMT
        Subject: serialNumber=3ebfcc7d69e132bf785d82d6f8e901d04bccc07d48e946a9dcfb0dd61dc3dfae, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ac:08:41:13:b0:ba:09:43:2a:8b:25:be:77:
                    be:8d:e8:e5:8b:06:cb:41:6f:3a:6e:04:f0:18:47:
                    e6:24:a6:de:1d:c9:d6:83:13:a2:eb:9f:b8:ee:48:
                    4a:d1:7d:32:1a:3a:53:90:0e:83:7c:2f:14:f7:69:
                    23:ea:34:fd:25:58:a5:84:ea:3d:76:2e:3b:ab:e6:
                    e9:72:94:cb:fa:f2:60:f6:1a:e0:ac:c1:b9:ed:d6:
                    60:df:ef:ea:51:9c:bd:14:aa:23:1e:a8:dd:f7:46:
                    37:fd:97:a1:ad:cd:72:80:c6:c9:cf:59:1a:f4:c1:
                    91:82:cd:ca:c4:36:11:2f:d8:b1:5b:0a:b4:b3:dd:
                    17:25:ac:5a:c5:0a:33:97:54:30:dd:11:05:8e:50:
                    d4:c1:0b:61:ce:39:46:31:f3:a3:33:19:ee:d4:b9:
                    d0:b9:09:e4:74:bb:e8:ac:1a:7d:1e:1d:ea:ed:50:
                    99:03:7d:1d:72:41:6e:a7:a2:69:47:9b:ef:f9:8d:
                    15:79:01:3a:1b:6c:26:1b:8c:fd:26:72:91:08:ab:
                    cd:d1:15:19:91:a0:67:e2:9d:34:a4:91:22:6e:27:
                    3f:fe:02:24:f2:56:c4:38:1e:04:b8:b3:a1:14:10:
                    73:81:48:7e:a3:7b:9f:44:fa:f7:6a:c5:e5:d9:6b:
                    74:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:07:11:BB:72:D9:8B:F3:86:3E:08:F9:1B:FF:E6:FC:86:E1:37:FA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bd90feab-0f85-4bae-854a-4751d0149b52.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:92:43:9f:71:ab:84:17:a0:06:dd:a1:9c:8a:c0:bf:8d:41:
         82:21:06:64:fb:3f:70:6f:44:1e:61:9a:30:fd:07:7a:c3:34:
         57:3f:ae:20:cd:96:d2:ea:17:88:c5:a9:c6:18:8f:18:f0:1f:
         a5:c5:97:9b:cf:b2:2b:14:2b:cd:fe:9a:16:b1:75:4a:ae:2a:
         6b:a9:81:2f:cc:c1:f6:f3:1c:5c:4a:38:ce:ed:9c:06:4f:c3:
         ee:9e:7e:68:65:6c:54:2d:d9:c8:90:c2:16:4f:18:a4:03:0c:
         39:de:75:5e:61:8d:b9:7b:93:c2:a3:5b:2d:7f:71:70:31:92:
         36:ad:e9:23:6c:0a:d7:f8:ea:e9:92:c5:54:26:6d:eb:5e:27:
         4a:a4:55:01:89:e1:bd:ae:4e:d1:ac:79:1a:6b:a0:fe:96:2f:
         11:48:80:b2:c3:d2:f9:71:a7:41:04:2a:a3:c6:17:2c:13:31:
         b7:06:f2:81:df:a1:7b:6d:42:02:dd:5f:1d:06:3f:64:df:15:
         a0:81:77:8d:35:04:63:ca:91:19:32:92:4d:f5:88:78:d1:05:
         b4:d0:7a:f3:e1:a9:d7:c5:16:95:59:7a:87:da:fe:e3:a6:f3:
         5a:fd:6d:42:ee:d9:5f:f4:20:d9:e7:7c:fd:22:c5:13:17:b0:
         52:61:a2:4b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMBHnZM6ppUVcYnzBydguppwZ0HowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTE5MDAwMDAwWhcNMjMwMTIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2ViZmNjN2Q2OWUxMzJiZjc4NWQ4MmQ2ZjhlOTAxZDA0
YmNjYzA3ZDQ4ZTk0NmE5ZGNmYjBkZDYxZGMzZGZhZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALasCEETsLoJQyqLJb53vo3o5YsGy0FvOm4E8BhH5iSm3h3J1oMT
ouufuO5IStF9Mho6U5AOg3wvFPdpI+o0/SVYpYTqPXYuO6vm6XKUy/ryYPYa4KzB
ue3WYN/v6lGcvRSqIx6o3fdGN/2Xoa3NcoDGyc9ZGvTBkYLNysQ2ES/YsVsKtLPd
FyWsWsUKM5dUMN0RBY5Q1MELYc45RjHzozMZ7tS50LkJ5HS76KwafR4d6u1QmQN9
HXJBbqeiaUeb7/mNFXkBOhtsJhuM/SZykQirzdEVGZGgZ+KdNKSRIm4nP/4CJPJW
xDgeBLizoRQQc4FIfqN7n0T692rF5dlrdIMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSqBxG7ctmL84Y+CPkb/+b8huE3+jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmQ5MGZlYWItMGY4NS00YmFlLTg1NGEtNDc1MWQwMTQ5YjUyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ+SQ59xq4QXoAbd
oZyKwL+NQYIhBmT7P3BvRB5hmjD9B3rDNFc/riDNltLqF4jFqcYYjxjwH6XFl5vP
sisUK83+mhaxdUquKmupgS/MwfbzHFxKOM7tnAZPw+6efmhlbFQt2ciQwhZPGKQD
DDnedV5hjbl7k8KjWy1/cXAxkjat6SNsCtf46umSxVQmbeteJ0qkVQGJ4b2uTtGs
eRproP6WLxFIgLLD0vlxp0EEKqPGFywTMbcG8oHfoXttQgLdXx0GP2TfFaCBd401
BGPKkRkykk31iHjRBbTQevPhqdfFFpVZeofa/uOm81r9bULu2V/0INnnfP0ixRMX
sFJhoks=
-----END CERTIFICATE-----