Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dff39047-b647-4f57-9054-3b68ce32064f.roa
File:                     dff39047-b647-4f57-9054-3b68ce32064f.roa (raw, json)
Hash identifier:          O44Ag7I2t1wDGbh1v3ovfVtU7GIknfeYYEQ+XugWHgo=
Subject key identifier:   C5:81:4C:A8:C9:EE:15:42:42:9D:CB:A5:63:E4:0A:A5:F5:33:45:64
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       667BB49DBABD25FCE7F6DD0E3B89C508CB2E0D04
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dff39047-b647-4f57-9054-3b68ce32064f.roa
Signing time:             Fri 21 Oct 2022 00:00:00 +0000
ROA not before:           Fri 21 Oct 2022 00:00:00 +0000
ROA not after:            Mon 24 Oct 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:7b:b4:9d:ba:bd:25:fc:e7:f6:dd:0e:3b:89:c5:08:cb:2e:0d:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Oct 21 00:00:00 2022 GMT
            Not After : Oct 24 23:59:59 2022 GMT
        Subject: serialNumber=3ed4e6b26410518b3aa217580e26d022d155656e1db118968e90486d21c77aaf, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e0:7b:be:3e:bc:90:d0:34:42:ec:65:1c:03:
                    ad:f3:3e:0b:e0:75:3a:c2:9a:77:e3:b1:27:33:38:
                    5d:d8:87:c4:4f:de:18:67:20:34:ae:81:10:b4:06:
                    10:e7:4e:af:7f:a4:e9:ab:7b:b8:b9:c7:55:61:47:
                    77:e7:2f:14:ff:08:b8:70:57:10:eb:0f:6a:8b:19:
                    46:79:28:7e:9b:27:00:6d:5d:d3:49:67:c8:df:91:
                    2d:57:b4:23:a4:ba:60:47:18:9e:d0:61:f8:7c:d9:
                    18:f5:2b:80:4f:17:c0:7a:29:16:46:87:f1:f0:25:
                    62:8f:5e:05:63:7e:8d:39:1b:02:11:cb:e3:43:89:
                    c4:c4:22:9b:a3:f2:20:34:2b:18:67:43:c9:5a:4f:
                    86:ec:37:1b:31:1d:f9:fb:39:c5:41:8c:30:35:06:
                    66:80:da:5d:1a:b2:e7:90:de:38:85:29:cd:fd:2e:
                    7b:93:c3:97:d3:18:51:6b:19:26:7d:c4:2d:06:4e:
                    d7:e2:51:f3:6a:ea:20:08:5a:ab:43:10:86:e4:b6:
                    84:c9:49:7a:f8:68:bb:e2:d7:9c:af:83:6d:cc:67:
                    35:39:d6:60:75:7e:47:95:86:04:d7:ef:6d:0b:07:
                    28:df:0f:4d:a0:64:6f:35:43:1b:a7:5e:a9:07:67:
                    b9:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:81:4C:A8:C9:EE:15:42:42:9D:CB:A5:63:E4:0A:A5:F5:33:45:64
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dff39047-b647-4f57-9054-3b68ce32064f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:03:37:9e:73:12:10:85:06:e4:ca:26:dd:df:65:db:f0:a9:
         a1:00:6b:ea:94:7b:15:72:77:44:0e:c8:33:48:5c:4c:3c:82:
         84:60:88:69:3a:9c:a3:92:75:cb:99:9a:fb:15:37:49:f3:71:
         98:70:06:b8:33:3f:6b:93:2a:3d:c1:ba:45:93:a0:3b:c3:1c:
         0d:40:4e:94:4f:70:4b:15:f3:e2:82:50:95:cc:b6:b8:26:d1:
         f8:50:c0:d0:02:55:e6:fd:58:a1:32:25:2a:ce:e8:09:71:c1:
         24:7a:7a:10:0e:25:bb:e1:2d:ae:8e:a2:77:c3:f4:2f:46:96:
         8c:2a:91:65:d5:5d:ed:3f:e7:d5:ed:57:46:72:ed:b1:70:7b:
         5e:6f:b3:b2:0a:7d:4f:66:e5:39:55:16:8c:62:18:7a:6a:2c:
         b4:65:80:86:e2:a8:69:03:82:8c:83:f1:af:2e:be:15:10:24:
         0f:d6:e9:8e:97:75:dd:b6:74:24:39:93:3e:14:c0:39:9e:fb:
         d8:9b:ff:e1:f1:20:da:1e:15:04:2f:a6:1e:5b:1d:2b:a1:12:
         e7:b7:91:24:1e:a5:31:97:51:55:5e:68:fb:6a:b7:48:90:21:
         1a:b4:00:e9:1f:7c:59:2a:a6:1f:ca:42:53:90:e1:23:f2:ab:
         fc:bb:4e:01
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZnu0nbq9Jfzn9t0OO4nFCMsuDQQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMDIxMDAwMDAwWhcNMjIxMDI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2VkNGU2YjI2NDEwNTE4YjNhYTIxNzU4MGUyNmQwMjJk
MTU1NjU2ZTFkYjExODk2OGU5MDQ4NmQyMWM3N2FhZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKvge74+vJDQNELsZRwDrfM+C+B1OsKad+OxJzM4XdiHxE/eGGcg
NK6BELQGEOdOr3+k6at7uLnHVWFHd+cvFP8IuHBXEOsPaosZRnkofpsnAG1d00ln
yN+RLVe0I6S6YEcYntBh+HzZGPUrgE8XwHopFkaH8fAlYo9eBWN+jTkbAhHL40OJ
xMQim6PyIDQrGGdDyVpPhuw3GzEd+fs5xUGMMDUGZoDaXRqy55DeOIUpzf0ue5PD
l9MYUWsZJn3ELQZO1+JR82rqIAhaq0MQhuS2hMlJevhou+LXnK+DbcxnNTnWYHV+
R5WGBNfvbQsHKN8PTaBkbzVDG6deqQdnuWcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTFgUyoye4VQkKdy6Vj5Aql9TNFZDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGZmMzkwNDctYjY0Ny00ZjU3LTkwNTQtM2I2OGNlMzIwNjRmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIoDN55zEhCFBuTK
Jt3fZdvwqaEAa+qUexVyd0QOyDNIXEw8goRgiGk6nKOSdcuZmvsVN0nzcZhwBrgz
P2uTKj3BukWToDvDHA1ATpRPcEsV8+KCUJXMtrgm0fhQwNACVeb9WKEyJSrO6Alx
wSR6ehAOJbvhLa6OonfD9C9GlowqkWXVXe0/59XtV0Zy7bFwe15vs7IKfU9m5TlV
FoxiGHpqLLRlgIbiqGkDgoyD8a8uvhUQJA/W6Y6Xdd22dCQ5kz4UwDme+9ib/+Hx
INoeFQQvph5bHSuhEue3kSQepTGXUVVeaPtqt0iQIRq0AOkffFkqph/KQlOQ4SPy
q/y7TgE=
-----END CERTIFICATE-----