Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f0f71603-1e2e-409a-bf92-a76f0b0d9df6.roa
File:                     f0f71603-1e2e-409a-bf92-a76f0b0d9df6.roa (raw, json)
Hash identifier:          wvhAmI+YqJTXG/H7UVYeMIIZ+6YpbiwJS2KZRtKFqwk=
Subject key identifier:   F7:D0:7E:17:0A:6F:00:AD:5A:54:6F:77:31:34:87:F4:A1:4D:8E:73
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7C76938998A6707FDCF376B10544F7897AD7CEF8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f0f71603-1e2e-409a-bf92-a76f0b0d9df6.roa
Signing time:             Fri 24 Mar 2023 00:00:00 +0000
ROA not before:           Fri 24 Mar 2023 00:00:00 +0000
ROA not after:            Mon 27 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:76:93:89:98:a6:70:7f:dc:f3:76:b1:05:44:f7:89:7a:d7:ce:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 24 00:00:00 2023 GMT
            Not After : Mar 27 23:59:59 2023 GMT
        Subject: serialNumber=84346176815fa1d3889c14ca891028416265a5ae9d9ff81d7d7401f926ed8c2f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:47:86:e9:60:ec:e4:e2:48:01:1a:f6:dc:95:
                    f4:9b:e5:5b:3a:0e:a6:57:ec:53:29:f2:43:7d:70:
                    62:e9:4d:82:83:a4:f1:75:92:e7:79:be:92:24:38:
                    d6:ea:40:9b:63:e9:54:25:e2:8b:73:4c:59:aa:e7:
                    54:6d:7e:da:60:24:d3:a3:08:44:5b:c7:73:2f:e6:
                    42:eb:97:b9:59:71:de:a9:6f:4d:5c:5d:28:6e:ca:
                    3e:0b:42:7c:b7:6a:44:c9:c3:e2:e6:37:76:8f:19:
                    75:e5:f3:e3:4b:e1:83:9b:bb:3d:6d:b6:d3:11:c7:
                    ce:13:d6:9e:4f:f1:00:6a:d8:d5:f7:9a:e9:31:b1:
                    f9:5b:41:31:5f:9f:8a:4a:59:5e:83:b2:f6:e5:3a:
                    30:6b:26:b5:40:f7:80:7e:3e:6c:d2:b3:8b:98:df:
                    a9:e1:54:10:da:1b:89:5f:37:46:bb:a5:62:09:85:
                    2c:eb:83:66:e1:78:98:1a:8c:c4:b7:d1:55:14:ba:
                    73:16:72:4a:ad:8c:93:fc:cc:6f:ff:1f:4f:93:8e:
                    94:ad:c8:56:c4:d4:1d:c8:69:6e:39:ff:3e:43:c7:
                    45:51:f4:3e:f7:42:4c:01:3a:bb:0b:8d:55:80:c2:
                    79:06:c2:89:94:76:57:fe:8f:6f:e5:c6:33:f0:39:
                    03:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:D0:7E:17:0A:6F:00:AD:5A:54:6F:77:31:34:87:F4:A1:4D:8E:73
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f0f71603-1e2e-409a-bf92-a76f0b0d9df6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:01:7a:3d:b0:61:b1:97:cc:56:83:53:57:53:f3:50:a0:8e:
         69:d1:3d:d9:fd:07:8e:00:79:06:f2:8c:31:1e:d0:a4:42:60:
         46:10:ae:1b:da:76:d4:f5:e3:56:0a:77:81:86:1b:ab:6d:51:
         28:f0:be:21:55:ce:ae:05:35:f0:26:5d:82:7c:e2:67:e0:9f:
         20:6f:ae:6f:d4:2f:30:4b:fa:3a:b7:b6:bc:3f:39:86:e3:32:
         98:75:6d:45:a6:ed:29:4b:51:e5:a7:48:63:57:0e:07:fa:52:
         62:d5:ba:e5:5a:b8:8d:c1:e7:01:3f:5d:bd:a1:9b:98:63:01:
         36:26:53:64:4a:38:0f:e0:68:49:c0:6d:e1:77:d8:dc:06:89:
         9a:16:2c:bd:62:e8:79:e2:f8:29:8e:0e:e6:9c:77:ee:6b:31:
         8c:c5:18:ef:5f:da:17:ee:5a:c9:03:8e:95:96:89:02:12:57:
         49:d9:fa:56:56:e9:6a:89:df:9d:b2:24:4e:9d:e7:9d:ca:c9:
         27:d7:6e:0a:bb:10:0d:30:a5:08:da:f4:f2:3b:7c:8f:1c:74:
         37:79:03:08:bc:4e:fc:d5:68:16:a5:20:c7:67:fe:8d:06:b4:
         19:e7:ca:3b:00:c7:04:fa:22:ee:d4:e5:ac:a4:e1:e6:5a:8b:
         dc:a8:93:0a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfHaTiZimcH/c83axBUT3iXrXzvgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI0MDAwMDAwWhcNMjMwMzI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODQzNDYxNzY4MTVmYTFkMzg4OWMxNGNhODkxMDI4NDE2
MjY1YTVhZTlkOWZmODFkN2Q3NDAxZjkyNmVkOGMyZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMtHhulg7OTiSAEa9tyV9JvlWzoOplfsUynyQ31wYulNgoOk8XWS
53m+kiQ41upAm2PpVCXii3NMWarnVG1+2mAk06MIRFvHcy/mQuuXuVlx3qlvTVxd
KG7KPgtCfLdqRMnD4uY3do8ZdeXz40vhg5u7PW220xHHzhPWnk/xAGrY1fea6TGx
+VtBMV+fikpZXoOy9uU6MGsmtUD3gH4+bNKzi5jfqeFUENobiV83RrulYgmFLOuD
ZuF4mBqMxLfRVRS6cxZySq2Mk/zMb/8fT5OOlK3IVsTUHchpbjn/PkPHRVH0PvdC
TAE6uwuNVYDCeQbCiZR2V/6Pb+XGM/A5A38CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT30H4XCm8ArVpUb3cxNIf0oU2OczAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjBmNzE2MDMtMWUyZS00MDlhLWJmOTItYTc2ZjBiMGQ5ZGY2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFYBej2wYbGXzFaD
U1dT81CgjmnRPdn9B44AeQbyjDEe0KRCYEYQrhvadtT141YKd4GGG6ttUSjwviFV
zq4FNfAmXYJ84mfgnyBvrm/ULzBL+jq3trw/OYbjMph1bUWm7SlLUeWnSGNXDgf6
UmLVuuVauI3B5wE/Xb2hm5hjATYmU2RKOA/gaEnAbeF32NwGiZoWLL1i6Hni+CmO
Duacd+5rMYzFGO9f2hfuWskDjpWWiQISV0nZ+lZW6WqJ352yJE6d553KySfXbgq7
EA0wpQja9PI7fI8cdDd5Awi8TvzVaBalIMdn/o0GtBnnyjsAxwT6Iu7U5ayk4eZa
i9yokwo=
-----END CERTIFICATE-----