Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e358276f-1daa-4ac7-84cc-0417a95be78d.roa
File:                     e358276f-1daa-4ac7-84cc-0417a95be78d.roa (raw, json)
Hash identifier:          8jx9m7awj/u5J6SYz9cS3Zi/f8Y4E/pS3HQQvs3YQa8=
Subject key identifier:   36:C7:F5:B4:ED:E8:33:1A:EC:3E:E3:42:C9:33:54:12:2D:D3:16:C2
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       77E5F4F6E8CBF6743C9A635D3DD3C383AB2A5374
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e358276f-1daa-4ac7-84cc-0417a95be78d.roa
Signing time:             Fri 20 Jan 2023 00:00:00 +0000
ROA not before:           Fri 20 Jan 2023 00:00:00 +0000
ROA not after:            Mon 23 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:e5:f4:f6:e8:cb:f6:74:3c:9a:63:5d:3d:d3:c3:83:ab:2a:53:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 20 00:00:00 2023 GMT
            Not After : Jan 23 23:59:59 2023 GMT
        Subject: serialNumber=19c71aede14dbaf0a36284094bb6dc64a1c1f81d1ec63e59c39d1a5d0869f0b7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fd:f9:77:a9:7e:62:95:eb:5e:f3:98:f4:fe:
                    f5:54:31:ca:39:ae:52:4a:88:bb:c6:79:13:75:17:
                    18:16:e2:6c:b5:01:d4:75:69:d3:1f:67:2b:31:b1:
                    22:45:ae:1b:f9:cf:0e:c1:55:97:2b:0b:aa:32:99:
                    6f:9c:76:18:5f:11:19:70:50:ed:79:95:7a:fb:ed:
                    29:d4:d3:8c:23:82:5a:f5:af:99:6f:21:58:34:4d:
                    f4:d6:f6:6d:2a:96:9d:75:26:15:a2:65:22:cf:35:
                    98:8e:82:ef:8b:8f:b2:0f:0c:b8:ef:17:91:f5:b7:
                    69:91:bb:5a:be:83:7a:b9:2c:9d:46:77:3a:c5:5a:
                    a9:e5:dd:c7:7b:f1:79:ec:68:fb:6a:f6:58:71:76:
                    d1:7e:2c:0d:8f:c4:33:3c:db:c7:bf:f8:54:93:a7:
                    15:1d:27:db:ff:95:54:e6:f0:d2:35:29:06:08:72:
                    28:54:1a:4e:51:dd:7b:f0:68:79:4c:61:b9:51:f2:
                    23:7f:26:d2:d8:a0:c4:12:7a:0a:c7:aa:d4:67:f6:
                    fe:13:d9:d4:c2:10:c1:c3:d1:e9:1f:f7:df:79:74:
                    75:95:16:4a:a1:3e:d8:cd:ab:f2:25:d3:e5:2f:2d:
                    ec:a7:60:22:35:91:e3:b0:e6:c3:65:8a:57:03:69:
                    cd:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:C7:F5:B4:ED:E8:33:1A:EC:3E:E3:42:C9:33:54:12:2D:D3:16:C2
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e358276f-1daa-4ac7-84cc-0417a95be78d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:b9:e2:64:11:26:f4:1d:71:c3:39:28:3d:ad:15:06:4f:09:
         57:69:73:60:94:ad:6c:4d:7f:fa:ab:fa:ad:f6:6f:a0:df:da:
         5f:3b:62:10:83:3e:7b:ec:a3:d4:e4:72:63:8d:f7:3b:a9:85:
         d9:d1:f2:bd:ef:fd:86:f6:3b:8e:93:07:da:34:2b:2e:06:7a:
         b0:ed:e9:c9:7f:40:78:3a:78:1e:d8:13:76:78:7a:04:cc:4f:
         ed:ff:63:29:e3:58:92:f4:b1:09:85:37:02:2d:a9:d3:97:0a:
         2c:05:b6:f4:e2:aa:80:a8:56:5c:e2:2e:75:af:cd:5f:d1:f2:
         35:8a:61:bb:db:ec:b3:f4:cf:48:87:60:a3:2e:05:a1:44:55:
         91:6e:de:b7:54:7e:97:51:56:aa:0d:3a:f0:aa:1a:8a:13:27:
         9d:c8:af:53:65:11:ed:c4:a6:70:c4:01:84:39:53:29:74:21:
         af:6c:0f:39:1b:7e:c7:3e:e5:6a:e4:1b:6b:f9:24:f9:a8:ee:
         77:46:4a:65:c7:2b:7f:9d:49:45:b9:8e:a0:c5:4f:49:b5:69:
         c1:63:c1:12:94:11:be:90:a8:1d:4d:1f:f6:2f:6f:5b:ef:56:
         42:a8:c8:5e:7e:c7:1f:89:a0:f4:ab:81:29:a5:e0:fd:9f:4c:
         83:3e:91:72
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUd+X09ujL9nQ8mmNdPdPDg6sqU3QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTIwMDAwMDAwWhcNMjMwMTIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTljNzFhZWRlMTRkYmFmMGEzNjI4NDA5NGJiNmRjNjRh
MWMxZjgxZDFlYzYzZTU5YzM5ZDFhNWQwODY5ZjBiNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANT9+XepfmKV617zmPT+9VQxyjmuUkqIu8Z5E3UXGBbibLUB1HVp
0x9nKzGxIkWuG/nPDsFVlysLqjKZb5x2GF8RGXBQ7XmVevvtKdTTjCOCWvWvmW8h
WDRN9Nb2bSqWnXUmFaJlIs81mI6C74uPsg8MuO8XkfW3aZG7Wr6DerksnUZ3OsVa
qeXdx3vxeexo+2r2WHF20X4sDY/EMzzbx7/4VJOnFR0n2/+VVObw0jUpBghyKFQa
TlHde/BoeUxhuVHyI38m0tigxBJ6Cseq1Gf2/hPZ1MIQwcPR6R/333l0dZUWSqE+
2M2r8iXT5S8t7KdgIjWR47Dmw2WKVwNpzQkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ2x/W07egzGuw+40LJM1QSLdMWwjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTM1ODI3NmYtMWRhYS00YWM3LTg0Y2MtMDQxN2E5NWJlNzhkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACq54mQRJvQdccM5
KD2tFQZPCVdpc2CUrWxNf/qr+q32b6Df2l87YhCDPnvso9TkcmON9zuphdnR8r3v
/Yb2O46TB9o0Ky4GerDt6cl/QHg6eB7YE3Z4egTMT+3/YynjWJL0sQmFNwItqdOX
CiwFtvTiqoCoVlziLnWvzV/R8jWKYbvb7LP0z0iHYKMuBaFEVZFu3rdUfpdRVqoN
OvCqGooTJ53Ir1NlEe3EpnDEAYQ5Uyl0Ia9sDzkbfsc+5WrkG2v5JPmo7ndGSmXH
K3+dSUW5jqDFT0m1acFjwRKUEb6QqB1NH/Yvb1vvVkKoyF5+xx+JoPSrgSml4P2f
TIM+kXI=
-----END CERTIFICATE-----