Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c2fd2974-ee19-47df-a3df-4314235ffef4.roa
File:                     c2fd2974-ee19-47df-a3df-4314235ffef4.roa (raw, json)
Hash identifier:          CHoYByWtpJSZZVW7o9fFveXDFOtePxwn5eDGshy5T80=
Subject key identifier:   F5:E5:7D:EB:17:DD:5A:1E:98:F7:BB:9E:F0:4E:43:A1:F8:19:B3:10
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7C91C68747A1110D4BFD45C6107AA07641EC39F9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c2fd2974-ee19-47df-a3df-4314235ffef4.roa
Signing time:             Thu 17 Nov 2022 00:00:00 +0000
ROA not before:           Thu 17 Nov 2022 00:00:00 +0000
ROA not after:            Sun 20 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:91:c6:87:47:a1:11:0d:4b:fd:45:c6:10:7a:a0:76:41:ec:39:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov 17 00:00:00 2022 GMT
            Not After : Nov 20 23:59:59 2022 GMT
        Subject: serialNumber=6c8a4190ba7f7aca76beb5eac8610bde8dbb81ec1d7c56dd69c04d23b3eabb98, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:31:b9:cb:19:f5:7d:1a:03:f3:9c:e0:fe:d6:
                    b6:53:a6:b2:64:c0:d1:b7:92:1f:dc:65:0f:35:cf:
                    3b:46:94:63:57:d0:7a:5b:e9:20:f3:16:60:a5:45:
                    a4:d4:a5:f3:53:2e:f4:00:5d:1e:0e:a2:07:65:3a:
                    d9:65:c7:b0:5d:d5:e2:99:c6:03:f3:1d:fd:33:79:
                    e8:3c:f6:08:cc:11:e5:fe:4c:7f:07:8c:ee:1f:36:
                    c2:a6:8d:14:75:e2:ae:ab:f5:a8:0b:ee:bc:f0:9c:
                    e6:28:e4:ab:be:85:18:ac:05:77:33:00:8d:51:fb:
                    d3:b4:a0:7c:30:26:d3:83:2c:c5:ab:72:2d:d0:f8:
                    89:9e:d1:f7:4f:a9:b2:cf:19:e3:e1:cd:a4:31:b6:
                    3a:79:73:11:95:b8:3a:05:9b:73:27:7b:f6:3c:d9:
                    df:e3:26:58:1a:a5:cf:ee:dd:5d:e4:9f:0a:2e:6b:
                    07:f7:2a:87:7f:ef:b4:42:f7:8b:32:7e:2e:5f:2d:
                    84:65:47:5a:b6:ad:d9:ba:d9:9a:0c:3c:73:74:09:
                    7b:ea:ac:8d:32:52:76:2e:99:20:af:32:42:98:97:
                    9a:a5:a2:b6:9f:ed:1a:34:26:2b:41:3f:54:2c:f6:
                    c1:ec:5b:fb:d4:94:fc:af:4a:60:8c:66:d0:f5:77:
                    38:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E5:7D:EB:17:DD:5A:1E:98:F7:BB:9E:F0:4E:43:A1:F8:19:B3:10
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c2fd2974-ee19-47df-a3df-4314235ffef4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:c6:e4:3f:85:e9:cd:5e:53:76:ba:cc:5a:a0:17:e6:cb:60:
         ce:9e:38:dd:43:4c:06:d1:87:98:be:94:35:5e:cf:a0:bf:f4:
         4c:2b:6c:fc:2e:b2:13:e0:1a:82:1a:b5:53:63:8a:60:f4:86:
         f4:28:54:d9:b3:e6:39:d9:b0:66:37:67:ea:11:7b:63:aa:53:
         0f:ea:5a:af:52:3e:85:35:60:a6:f6:86:3a:46:ce:d1:eb:a8:
         71:dc:60:4f:6d:69:cd:fa:0d:47:88:c9:7f:d7:f5:7e:e4:52:
         8d:4f:39:be:1e:cd:6b:83:64:80:86:9e:1d:69:c7:16:2d:c7:
         75:64:56:fc:c3:ab:17:62:2d:d8:67:3b:ac:ff:4e:6e:58:53:
         fa:a0:b9:f7:88:fb:be:2f:4d:6b:67:12:db:a4:82:fd:fc:d4:
         58:40:86:0f:41:ef:33:60:57:87:fb:f6:c6:10:68:07:25:97:
         83:8f:c3:3a:b4:34:4d:9e:3a:d0:a7:3a:06:77:51:76:d5:78:
         f3:87:af:69:e0:4c:25:d0:99:47:ac:89:e3:d1:74:b9:dd:3c:
         41:cf:ad:c9:96:80:fa:01:8a:06:58:c7:46:40:1b:65:63:2f:
         7b:33:ab:8b:3c:a9:9d:b8:24:d3:c7:48:00:07:92:de:f1:d4:
         7a:e2:ea:2c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfJHGh0ehEQ1L/UXGEHqgdkHsOfkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTE3MDAwMDAwWhcNMjIxMTIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANmM4YTQxOTBiYTdmN2FjYTc2YmViNWVhYzg2MTBiZGU4
ZGJiODFlYzFkN2M1NmRkNjljMDRkMjNiM2VhYmI5ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOkxucsZ9X0aA/Oc4P7WtlOmsmTA0beSH9xlDzXPO0aUY1fQelvp
IPMWYKVFpNSl81Mu9ABdHg6iB2U62WXHsF3V4pnGA/Md/TN56Dz2CMwR5f5MfweM
7h82wqaNFHXirqv1qAvuvPCc5ijkq76FGKwFdzMAjVH707SgfDAm04MsxatyLdD4
iZ7R90+pss8Z4+HNpDG2OnlzEZW4OgWbcyd79jzZ3+MmWBqlz+7dXeSfCi5rB/cq
h3/vtEL3izJ+Ll8thGVHWrat2brZmgw8c3QJe+qsjTJSdi6ZIK8yQpiXmqWitp/t
GjQmK0E/VCz2wexb+9SU/K9KYIxm0PV3OEcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT15X3rF91aHpj3u57wTkOh+BmzEDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzJmZDI5NzQtZWUxOS00N2RmLWEzZGYtNDMxNDIzNWZmZWY0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHHG5D+F6c1eU3a6
zFqgF+bLYM6eON1DTAbRh5i+lDVez6C/9EwrbPwushPgGoIatVNjimD0hvQoVNmz
5jnZsGY3Z+oRe2OqUw/qWq9SPoU1YKb2hjpGztHrqHHcYE9tac36DUeIyX/X9X7k
Uo1POb4ezWuDZICGnh1pxxYtx3VkVvzDqxdiLdhnO6z/Tm5YU/qgufeI+74vTWtn
Etukgv381FhAhg9B7zNgV4f79sYQaAcll4OPwzq0NE2eOtCnOgZ3UXbVePOHr2ng
TCXQmUesiePRdLndPEHPrcmWgPoBigZYx0ZAG2VjL3szq4s8qZ24JNPHSAAHkt7x
1Hri6iw=
-----END CERTIFICATE-----