Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dfa0b405-4f0c-432e-92ac-c5e6a15eab9b.roa
File:                     dfa0b405-4f0c-432e-92ac-c5e6a15eab9b.roa (raw, json)
Hash identifier:          Vbu9iQmWkeuoUCVbB/BBs1/mxtpGCoB6NoKihk4Q4+s=
Subject key identifier:   14:DB:74:F0:FA:CD:A0:CE:4E:A3:71:F2:B1:6C:16:A9:13:0E:12:4A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2193426B89204280F8D956D944FB150975EFDFA4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dfa0b405-4f0c-432e-92ac-c5e6a15eab9b.roa
Signing time:             Wed 07 Dec 2022 00:00:00 +0000
ROA not before:           Wed 07 Dec 2022 00:00:00 +0000
ROA not after:            Sat 10 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:93:42:6b:89:20:42:80:f8:d9:56:d9:44:fb:15:09:75:ef:df:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  7 00:00:00 2022 GMT
            Not After : Dec 10 23:59:59 2022 GMT
        Subject: serialNumber=0e3385c8f5480c81728ec5064a5ac0155cd591dbc04676497f572989ee1de22d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:1a:ae:90:a8:4e:70:41:a6:45:09:9e:15:53:
                    3a:61:9c:f2:62:77:b8:9a:53:b8:ab:48:73:ba:dd:
                    e5:5e:0e:ae:60:07:36:1c:8d:c8:7c:5c:4e:64:66:
                    d3:89:31:88:12:e7:de:f1:c0:b2:a5:93:f8:a4:8b:
                    f6:4e:70:5f:72:07:8e:9a:55:e2:a2:94:78:1f:1a:
                    4c:79:35:0d:a4:64:d6:ee:12:b8:5f:32:f3:3e:73:
                    f8:82:22:c9:44:47:20:15:5d:bb:91:86:27:de:11:
                    f3:00:45:7d:53:2b:f0:d0:7e:55:ee:82:df:69:f9:
                    30:f2:ff:6e:b9:34:60:48:74:f2:b9:b5:d2:56:45:
                    08:af:33:e2:7f:32:19:c5:c8:f0:09:a1:0b:94:ef:
                    fb:36:ba:d7:6c:38:e6:a2:e1:2a:81:7a:bc:80:34:
                    a6:93:42:bd:2e:e8:64:87:09:4f:9d:08:9b:35:25:
                    6b:29:46:0f:9b:43:98:f7:ed:10:79:e4:62:62:c7:
                    60:e0:57:d5:2a:7a:0b:9d:8e:d1:8f:4c:52:7f:dc:
                    f5:52:72:0e:db:9d:4e:aa:20:dc:9c:f4:e3:1d:72:
                    4b:c7:39:ae:6b:55:65:f3:ab:96:a7:9c:4c:a1:f8:
                    79:4e:61:93:6d:d3:01:60:3b:e2:10:ab:7a:41:43:
                    aa:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:DB:74:F0:FA:CD:A0:CE:4E:A3:71:F2:B1:6C:16:A9:13:0E:12:4A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dfa0b405-4f0c-432e-92ac-c5e6a15eab9b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:bb:71:c6:2d:36:a1:31:22:5e:ab:5f:66:0a:6f:f9:3f:d8:
         03:b9:f3:81:31:ba:99:8f:49:46:d6:42:b3:ef:51:f7:b4:7a:
         98:cf:71:18:ba:a1:cd:a9:cb:44:fb:3a:28:cd:5d:39:8b:d5:
         1a:b7:a8:98:7e:9a:45:cb:02:89:70:d1:a9:80:90:3f:27:e9:
         6a:70:1c:3b:8c:0d:66:7e:51:7d:e4:77:92:1e:46:21:5a:24:
         bf:f9:ad:73:a6:fb:a1:76:bd:83:90:5d:f0:86:c0:04:88:56:
         51:ae:a0:38:59:ff:ff:37:d4:bd:87:1c:ec:68:1a:37:6a:ce:
         f1:16:7d:09:56:b9:12:1e:a1:ff:e7:21:2f:50:74:76:08:ee:
         0b:42:0e:0f:46:3e:60:b9:48:fd:41:47:0b:82:db:c3:b8:19:
         8b:21:d4:b4:64:f9:04:9b:05:a6:d3:11:0d:b8:24:e8:6c:92:
         df:2a:96:bc:bb:1c:75:61:76:26:c2:02:06:a1:59:4f:06:86:
         d4:19:67:8f:ba:ec:c3:2c:8e:86:ad:ba:c7:67:0c:cf:38:e1:
         ad:d8:bd:82:99:92:dc:97:ef:23:02:46:a1:57:c3:9a:59:9b:
         d7:82:41:3a:39:5d:7d:66:f9:1b:0c:68:77:d6:8b:40:f8:60:
         e7:ab:62:13
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIZNCa4kgQoD42VbZRPsVCXXv36QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjA3MDAwMDAwWhcNMjIxMjEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGUzMzg1YzhmNTQ4MGM4MTcyOGVjNTA2NGE1YWMwMTU1
Y2Q1OTFkYmMwNDY3NjQ5N2Y1NzI5ODllZTFkZTIyZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANIarpCoTnBBpkUJnhVTOmGc8mJ3uJpTuKtIc7rd5V4OrmAHNhyN
yHxcTmRm04kxiBLn3vHAsqWT+KSL9k5wX3IHjppV4qKUeB8aTHk1DaRk1u4SuF8y
8z5z+IIiyURHIBVdu5GGJ94R8wBFfVMr8NB+Ve6C32n5MPL/brk0YEh08rm10lZF
CK8z4n8yGcXI8AmhC5Tv+za612w45qLhKoF6vIA0ppNCvS7oZIcJT50ImzUlaylG
D5tDmPftEHnkYmLHYOBX1Sp6C52O0Y9MUn/c9VJyDtudTqog3Jz04x1yS8c5rmtV
ZfOrlqecTKH4eU5hk23TAWA74hCrekFDqtcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQU23Tw+s2gzk6jcfKxbBapEw4SSjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGZhMGI0MDUtNGYwYy00MzJlLTkyYWMtYzVlNmExNWVhYjliLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI+7ccYtNqExIl6r
X2YKb/k/2AO584ExupmPSUbWQrPvUfe0epjPcRi6oc2py0T7OijNXTmL1Rq3qJh+
mkXLAolw0amAkD8n6WpwHDuMDWZ+UX3kd5IeRiFaJL/5rXOm+6F2vYOQXfCGwASI
VlGuoDhZ//831L2HHOxoGjdqzvEWfQlWuRIeof/nIS9QdHYI7gtCDg9GPmC5SP1B
RwuC28O4GYsh1LRk+QSbBabTEQ24JOhskt8qlry7HHVhdibCAgahWU8GhtQZZ4+6
7MMsjoatusdnDM844a3YvYKZktyX7yMCRqFXw5pZm9eCQTo5XX1m+RsMaHfWi0D4
YOerYhM=
-----END CERTIFICATE-----