Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ef24a0ec-5dab-4918-9213-ac609c4021c2.roa
File:                     ef24a0ec-5dab-4918-9213-ac609c4021c2.roa (raw, json)
Hash identifier:          ymWA/cF4TGKCQz9cUeFBNwBwyres3DxjyZnhxJVm/ic=
Subject key identifier:   08:A6:36:64:E4:B0:F2:4E:9F:96:DC:71:6C:50:6D:D2:A4:0C:31:AF
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       65CBFEB3A230E163181ABF6244D4D53E149DE570
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ef24a0ec-5dab-4918-9213-ac609c4021c2.roa
Signing time:             Wed 14 Sep 2022 00:00:00 +0000
ROA not before:           Wed 14 Sep 2022 00:00:00 +0000
ROA not after:            Sat 17 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:cb:fe:b3:a2:30:e1:63:18:1a:bf:62:44:d4:d5:3e:14:9d:e5:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 14 00:00:00 2022 GMT
            Not After : Sep 17 23:59:59 2022 GMT
        Subject: serialNumber=09fc5d772a67fa7e83cfa248498889a3b00159a10a3f461261f6d1bfa54bfa74, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:18:86:67:38:5c:97:d3:05:93:35:a4:40:c4:
                    d2:82:13:98:40:e8:f4:e1:bb:c5:e7:3d:f1:7a:07:
                    32:25:cd:a1:9f:c8:64:96:21:4d:4c:94:12:6d:de:
                    4a:31:66:3a:74:5c:a1:fe:e9:64:23:e6:60:ed:cc:
                    62:33:7d:5d:cb:64:a3:9c:b7:33:5a:fc:02:e8:58:
                    42:7b:ba:fe:cf:d0:55:e5:bd:73:06:22:80:fd:76:
                    c5:b6:51:7b:f8:84:9a:42:c0:5a:d6:e4:d4:c2:2c:
                    23:1b:d0:cd:21:3d:61:3f:87:3d:a9:e1:47:6f:24:
                    05:9a:cf:c3:44:4c:c0:be:61:e3:dc:88:20:2e:91:
                    c2:de:6f:d8:91:04:9e:25:ba:ef:8b:b4:fa:65:14:
                    14:ca:8d:10:c9:44:b8:04:11:5d:ac:6b:8c:b5:08:
                    00:0c:f7:84:fe:ff:5b:55:d3:60:bd:10:dd:64:72:
                    61:11:48:57:fa:a7:32:3d:92:f0:c8:b6:5a:43:41:
                    c7:e3:e5:83:44:de:e0:55:ac:b7:7b:a7:46:d0:5d:
                    86:08:e5:f8:3f:e7:b2:e1:8b:bd:eb:2c:73:0f:18:
                    38:e7:7d:fc:c2:3b:12:26:9f:c0:79:8d:b0:b3:10:
                    c6:eb:ae:4e:d9:10:95:68:02:27:24:40:94:d2:7f:
                    76:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A6:36:64:E4:B0:F2:4E:9F:96:DC:71:6C:50:6D:D2:A4:0C:31:AF
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ef24a0ec-5dab-4918-9213-ac609c4021c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:68:ec:54:b0:ad:ce:df:46:3f:68:db:6c:ac:64:74:15:4c:
         ec:96:db:c9:64:d5:91:62:51:03:3e:bf:80:20:16:68:0d:9c:
         2a:6f:8d:84:13:9e:fd:38:6c:d7:73:b9:29:d8:53:00:50:18:
         d9:c8:52:a8:48:1e:61:b9:ed:3b:03:e1:78:97:42:b4:20:9b:
         d7:51:3f:d6:20:8d:55:fe:98:ec:de:11:64:d1:fd:54:0f:5b:
         98:ec:8f:b2:81:80:20:92:bb:9d:5a:4c:73:b3:4b:ee:eb:ab:
         ef:2a:6a:a5:70:5d:85:9d:08:25:22:52:74:d6:bd:51:6b:73:
         6b:19:58:66:a5:6e:56:2e:d3:32:04:83:58:7e:b1:70:ae:96:
         e5:3b:ee:2c:cc:e6:81:60:94:b1:9b:1f:f3:3c:24:cc:42:85:
         77:9a:a2:4d:27:95:d3:38:22:d0:08:ba:78:41:a9:92:c8:06:
         22:91:79:c5:57:ef:20:10:9b:56:3f:14:4e:07:7e:86:7f:f6:
         a6:ad:a3:3e:78:c8:fa:b5:0d:2b:ea:57:28:45:b4:b9:0c:83:
         d2:cb:d7:66:bc:d6:f8:d2:28:8e:fe:cd:3b:7d:de:37:5d:95:
         d9:aa:d1:55:d9:47:ec:c7:f7:6c:d1:13:87:b4:7d:af:7b:b6:
         cc:7d:6d:d1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZcv+s6Iw4WMYGr9iRNTVPhSd5XAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTE0MDAwMDAwWhcNMjIwOTE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDlmYzVkNzcyYTY3ZmE3ZTgzY2ZhMjQ4NDk4ODg5YTNi
MDAxNTlhMTBhM2Y0NjEyNjFmNmQxYmZhNTRiZmE3NDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL8Yhmc4XJfTBZM1pEDE0oITmEDo9OG7xec98XoHMiXNoZ/IZJYh
TUyUEm3eSjFmOnRcof7pZCPmYO3MYjN9Xctko5y3M1r8AuhYQnu6/s/QVeW9cwYi
gP12xbZRe/iEmkLAWtbk1MIsIxvQzSE9YT+HPanhR28kBZrPw0RMwL5h49yIIC6R
wt5v2JEEniW674u0+mUUFMqNEMlEuAQRXaxrjLUIAAz3hP7/W1XTYL0Q3WRyYRFI
V/qnMj2S8Mi2WkNBx+Plg0Te4FWst3unRtBdhgjl+D/nsuGLvesscw8YOOd9/MI7
EiafwHmNsLMQxuuuTtkQlWgCJyRAlNJ/dtkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQIpjZk5LDyTp+W3HFsUG3SpAwxrzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZWYyNGEwZWMtNWRhYi00OTE4LTkyMTMtYWM2MDljNDAyMWMyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAElo7FSwrc7fRj9o
22ysZHQVTOyW28lk1ZFiUQM+v4AgFmgNnCpvjYQTnv04bNdzuSnYUwBQGNnIUqhI
HmG57TsD4XiXQrQgm9dRP9YgjVX+mOzeEWTR/VQPW5jsj7KBgCCSu51aTHOzS+7r
q+8qaqVwXYWdCCUiUnTWvVFrc2sZWGalblYu0zIEg1h+sXCuluU77izM5oFglLGb
H/M8JMxChXeaok0nldM4ItAIunhBqZLIBiKRecVX7yAQm1Y/FE4HfoZ/9qatoz54
yPq1DSvqVyhFtLkMg9LL12a81vjSKI7+zTt93jddldmq0VXZR+zH92zRE4e0fa97
tsx9bdE=
-----END CERTIFICATE-----