Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e574856e-96f1-44f3-91b7-d44c854aeab0.roa
File:                     e574856e-96f1-44f3-91b7-d44c854aeab0.roa (raw, json)
Hash identifier:          jUIQLtt6rrNtKQKbmgLvLQpkDBwoYw93SkLV1hdIuyg=
Subject key identifier:   DC:7D:43:A3:A4:38:D1:97:B1:18:BE:7C:56:B3:23:0F:59:95:51:A7
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       347D467DC6A6252643A21CFDB76571A8865A8AEE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e574856e-96f1-44f3-91b7-d44c854aeab0.roa
Signing time:             Fri 02 Dec 2022 00:00:00 +0000
ROA not before:           Fri 02 Dec 2022 00:00:00 +0000
ROA not after:            Mon 05 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:7d:46:7d:c6:a6:25:26:43:a2:1c:fd:b7:65:71:a8:86:5a:8a:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  2 00:00:00 2022 GMT
            Not After : Dec  5 23:59:59 2022 GMT
        Subject: serialNumber=2dba13eefc326d835e3cb4a216075df6b4408a76c601f917bec63a21fc9ca23f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b0:01:ad:70:66:ae:1e:f0:a0:8d:ef:55:02:
                    06:8e:d5:0f:05:9a:43:d7:e3:f4:23:dc:33:b3:72:
                    8b:9d:d0:8a:9a:a2:07:ec:10:d1:18:0c:dd:bd:1a:
                    4e:62:29:50:6f:ca:e8:d9:b7:a8:d2:b6:b9:1e:d9:
                    15:36:3d:16:8c:64:74:ea:4a:e9:56:6e:85:72:d3:
                    31:90:d7:14:c0:08:89:8b:0b:1c:92:76:92:93:6a:
                    3f:9f:77:9f:bf:83:f5:86:cb:30:92:2b:b5:3f:9b:
                    67:ea:35:8a:18:80:3e:30:cb:ca:19:a9:83:0c:86:
                    d3:2b:31:60:82:e5:9c:94:ca:57:fc:bb:2e:b4:5d:
                    fe:50:cb:98:17:60:57:f8:a7:d4:1d:ec:e9:31:4b:
                    f2:13:db:c8:14:69:f4:60:38:15:cf:36:0e:3d:6b:
                    cd:e9:80:90:ce:ad:97:d9:3c:78:b2:97:ce:7d:5e:
                    e9:bf:1b:d0:78:40:0f:5d:4e:87:6d:e4:ee:24:bd:
                    9c:28:00:9e:21:69:84:b1:d9:b1:f3:7e:5d:3e:5c:
                    38:f4:60:dd:7f:8c:df:7e:28:22:9d:e6:c6:c1:35:
                    7d:2c:40:ef:d8:9d:d7:77:b6:04:a1:ef:58:0d:3f:
                    b4:5d:d3:1b:05:40:77:68:44:8d:80:55:77:bd:57:
                    dd:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7D:43:A3:A4:38:D1:97:B1:18:BE:7C:56:B3:23:0F:59:95:51:A7
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e574856e-96f1-44f3-91b7-d44c854aeab0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:bb:90:ae:f8:37:56:d2:f2:ce:97:79:4a:be:17:2d:26:ba:
         9c:72:fa:b8:83:58:98:6e:d9:51:76:54:55:8a:d3:3d:6d:f4:
         77:92:5d:6b:83:28:fa:8b:69:1a:e3:a6:c1:04:27:7c:8a:14:
         e5:8d:a2:25:e8:cb:10:d9:e6:9d:ab:69:24:e1:52:8c:85:db:
         c5:2a:e8:16:04:89:96:db:d3:21:99:9e:43:9c:25:c8:c3:b5:
         05:79:23:32:e9:f4:43:5c:ae:c3:61:c0:7e:b2:30:52:d9:26:
         c2:93:f5:62:8a:07:f9:43:4f:cd:5b:3e:42:db:b4:9d:11:d2:
         b2:96:8c:3b:19:86:05:19:06:a5:d5:8e:39:78:6d:c7:97:db:
         8d:d5:d9:7c:75:81:c4:fe:c8:c9:ea:a0:fd:a2:b4:8a:6d:df:
         fa:45:b1:94:ea:04:7d:55:72:e1:ea:c3:af:da:4a:48:45:80:
         2b:d4:10:f3:cc:34:42:ab:64:86:92:b3:a6:2f:bb:c5:2a:a4:
         98:7d:b3:c2:4f:98:10:69:7d:93:e0:8a:be:d6:f0:3f:09:ff:
         bd:54:3a:3a:c9:57:c9:7b:7a:c6:f8:d7:43:46:8d:55:d2:b1:
         79:5c:45:1d:8b:8a:a5:7a:4d:63:2c:d3:86:b4:12:85:ad:ee:
         c7:80:1f:1f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNH1GfcamJSZDohz9t2VxqIZaiu4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjAyMDAwMDAwWhcNMjIxMjA1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmRiYTEzZWVmYzMyNmQ4MzVlM2NiNGEyMTYwNzVkZjZi
NDQwOGE3NmM2MDFmOTE3YmVjNjNhMjFmYzljYTIzZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALmwAa1wZq4e8KCN71UCBo7VDwWaQ9fj9CPcM7Nyi53QipqiB+wQ
0RgM3b0aTmIpUG/K6Nm3qNK2uR7ZFTY9FoxkdOpK6VZuhXLTMZDXFMAIiYsLHJJ2
kpNqP593n7+D9YbLMJIrtT+bZ+o1ihiAPjDLyhmpgwyG0ysxYILlnJTKV/y7LrRd
/lDLmBdgV/in1B3s6TFL8hPbyBRp9GA4Fc82Dj1rzemAkM6tl9k8eLKXzn1e6b8b
0HhAD11Oh23k7iS9nCgAniFphLHZsfN+XT5cOPRg3X+M334oIp3mxsE1fSxA79id
13e2BKHvWA0/tF3TGwVAd2hEjYBVd71X3fkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTcfUOjpDjRl7EYvnxWsyMPWZVRpzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTU3NDg1NmUtOTZmMS00NGYzLTkxYjctZDQ0Yzg1NGFlYWIwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAu7kK74N1bS8s6X
eUq+Fy0mupxy+riDWJhu2VF2VFWK0z1t9HeSXWuDKPqLaRrjpsEEJ3yKFOWNoiXo
yxDZ5p2raSThUoyF28Uq6BYEiZbb0yGZnkOcJcjDtQV5IzLp9ENcrsNhwH6yMFLZ
JsKT9WKKB/lDT81bPkLbtJ0R0rKWjDsZhgUZBqXVjjl4bceX243V2Xx1gcT+yMnq
oP2itIpt3/pFsZTqBH1VcuHqw6/aSkhFgCvUEPPMNEKrZIaSs6Yvu8UqpJh9s8JP
mBBpfZPgir7W8D8J/71UOjrJV8l7esb410NGjVXSsXlcRR2LiqV6TWMs04a0EoWt
7seAHx8=
-----END CERTIFICATE-----