Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f296a24a-7b4f-4b06-957f-50d9d78b73e9.roa
File:                     f296a24a-7b4f-4b06-957f-50d9d78b73e9.roa (raw, json)
Hash identifier:          eiwpWhOaS2buVSIZzkyoH56FxL6cNtdbGMKZ2RdrvjA=
Subject key identifier:   DB:4E:09:00:0A:64:06:3B:5D:07:EA:C6:59:2B:DF:E2:A0:C0:F1:49
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7AB58C3D7DDA38E120458D1651D3B92CFDE16A9E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f296a24a-7b4f-4b06-957f-50d9d78b73e9.roa
Signing time:             Mon 16 Jan 2023 00:00:00 +0000
ROA not before:           Mon 16 Jan 2023 00:00:00 +0000
ROA not after:            Thu 19 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:b5:8c:3d:7d:da:38:e1:20:45:8d:16:51:d3:b9:2c:fd:e1:6a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 16 00:00:00 2023 GMT
            Not After : Jan 19 23:59:59 2023 GMT
        Subject: serialNumber=7a7560423f3824137167a7c7ea08d39cf83b2f356a3c1244154c8b934758909d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8e:b1:07:55:86:80:4c:cc:59:b9:87:bc:ff:
                    44:76:51:b5:8c:cb:1c:8f:e9:5e:6c:52:9c:e1:12:
                    73:33:9e:80:de:e4:e0:9b:ee:b8:d8:36:9e:33:c1:
                    26:92:1f:a8:cc:cb:f4:3c:87:f5:92:82:29:9c:61:
                    30:93:1d:45:d3:34:28:74:44:3f:e5:7c:54:ef:3b:
                    02:eb:82:8f:d4:09:01:27:a7:98:b0:c3:79:21:a0:
                    35:c9:36:c6:b1:c8:80:04:60:de:be:b4:f0:78:35:
                    00:86:93:76:84:b0:34:9b:92:c3:bb:98:b3:c7:54:
                    01:7f:f3:6b:6f:04:37:4f:ba:ae:93:58:89:70:1a:
                    d4:27:14:c4:8d:37:70:c8:cc:76:90:d2:3f:1b:5e:
                    7d:81:2a:a7:0d:42:7a:dc:ff:cc:41:72:9e:d9:dc:
                    f8:d6:2c:4d:d5:f6:c9:0f:ae:01:72:d4:99:bb:b7:
                    79:6d:bf:70:b7:73:08:3f:df:8f:69:72:c7:d9:35:
                    9f:5f:21:76:f6:8b:37:8f:9c:f0:78:7a:2f:75:07:
                    ff:f2:8c:fe:6b:91:ba:2e:90:f0:21:7e:fe:da:a9:
                    62:48:9c:88:e3:aa:05:43:3a:85:84:d1:9e:8c:8e:
                    86:91:3a:67:15:24:4e:21:9d:5d:29:b5:8a:79:73:
                    77:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:4E:09:00:0A:64:06:3B:5D:07:EA:C6:59:2B:DF:E2:A0:C0:F1:49
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f296a24a-7b4f-4b06-957f-50d9d78b73e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:72:2d:81:1c:49:46:32:2e:70:e3:a3:d8:e4:5d:c3:be:31:
         de:f5:f6:a5:e7:96:b7:cc:e2:0a:ad:6c:60:55:b4:ec:11:88:
         0c:11:25:0e:56:a0:34:b1:a8:4d:a1:43:a7:95:9f:27:29:3c:
         de:99:e4:5a:4c:a3:ce:b9:c8:31:94:9d:06:70:6f:6e:d6:8e:
         f2:98:f6:26:b0:a4:e7:c3:e2:d6:72:26:96:cb:63:f9:17:1a:
         6b:84:c2:83:f1:9a:13:e7:8d:11:85:5d:ca:e8:61:f1:ab:4a:
         c9:6a:9f:2c:fa:dc:db:0b:ca:41:65:70:00:a5:ee:5f:a6:1e:
         da:19:e4:77:12:24:15:7a:96:8a:1a:3b:21:61:d5:b2:31:ca:
         47:2a:38:c4:c5:d0:23:b8:ed:2c:de:4d:41:b5:05:d1:1b:67:
         43:2e:87:0a:b0:2f:79:8d:24:c3:8e:4c:17:57:f5:4d:c8:da:
         a3:b7:7d:10:66:7c:02:b2:52:a3:f8:8d:ff:46:f3:ed:06:a0:
         db:66:bb:04:3b:4f:92:5c:54:be:b4:e3:26:7f:57:03:cb:2e:
         a4:38:7c:d2:c3:15:e9:24:aa:91:88:a0:25:99:34:3b:76:26:
         c3:e2:85:ec:cf:ce:c8:7f:d9:d3:b7:b7:19:e0:21:e6:b7:69:
         dd:27:51:0a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUerWMPX3aOOEgRY0WUdO5LP3hap4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTE2MDAwMDAwWhcNMjMwMTE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAN2E3NTYwNDIzZjM4MjQxMzcxNjdhN2M3ZWEwOGQzOWNm
ODNiMmYzNTZhM2MxMjQ0MTU0YzhiOTM0NzU4OTA5ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKmOsQdVhoBMzFm5h7z/RHZRtYzLHI/pXmxSnOESczOegN7k4Jvu
uNg2njPBJpIfqMzL9DyH9ZKCKZxhMJMdRdM0KHREP+V8VO87AuuCj9QJASenmLDD
eSGgNck2xrHIgARg3r608Hg1AIaTdoSwNJuSw7uYs8dUAX/za28EN0+6rpNYiXAa
1CcUxI03cMjMdpDSPxtefYEqpw1Cetz/zEFyntnc+NYsTdX2yQ+uAXLUmbu3eW2/
cLdzCD/fj2lyx9k1n18hdvaLN4+c8Hh6L3UH//KM/muRui6Q8CF+/tqpYkiciOOq
BUM6hYTRnoyOhpE6ZxUkTiGdXSm1inlzdysCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTbTgkACmQGO10H6sZZK9/ioMDxSTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjI5NmEyNGEtN2I0Zi00YjA2LTk1N2YtNTBkOWQ3OGI3M2U5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFNyLYEcSUYyLnDj
o9jkXcO+Md719qXnlrfM4gqtbGBVtOwRiAwRJQ5WoDSxqE2hQ6eVnycpPN6Z5FpM
o865yDGUnQZwb27WjvKY9iawpOfD4tZyJpbLY/kXGmuEwoPxmhPnjRGFXcroYfGr
Sslqnyz63NsLykFlcACl7l+mHtoZ5HcSJBV6looaOyFh1bIxykcqOMTF0CO47Sze
TUG1BdEbZ0MuhwqwL3mNJMOOTBdX9U3I2qO3fRBmfAKyUqP4jf9G8+0GoNtmuwQ7
T5JcVL604yZ/VwPLLqQ4fNLDFekkqpGIoCWZNDt2JsPihezPzsh/2dO3txngIea3
ad0nUQo=
-----END CERTIFICATE-----