Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f7c475b3-5219-4664-9143-85a1d33ca75c.roa
File:                     f7c475b3-5219-4664-9143-85a1d33ca75c.roa (raw, json)
Hash identifier:          b3gn0LoCjcYBibw5666f/e4WzZhpDa1Nx6TL1vzw7rc=
Subject key identifier:   4B:54:97:D2:0C:83:EC:A4:30:71:01:0C:FE:CD:10:AA:1F:8C:F0:B8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1CF7B53E0AC6ABA30B191E718E00FB50CD3465DA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f7c475b3-5219-4664-9143-85a1d33ca75c.roa
Signing time:             Sun 18 Dec 2022 00:00:00 +0000
ROA not before:           Sun 18 Dec 2022 00:00:00 +0000
ROA not after:            Wed 21 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:f7:b5:3e:0a:c6:ab:a3:0b:19:1e:71:8e:00:fb:50:cd:34:65:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 18 00:00:00 2022 GMT
            Not After : Dec 21 23:59:59 2022 GMT
        Subject: serialNumber=f8e519cfe09d5fa91528c516b80c3217ef10f71cd94511152e62ebf8afaf3a4e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:36:c4:f7:30:19:bc:6c:e0:3a:ae:3b:91:f9:
                    86:63:3e:a8:fb:43:66:d4:a7:bc:bd:6a:3a:cd:cc:
                    3d:fc:9e:ff:dd:43:3f:9f:73:0b:43:bc:d4:da:fa:
                    e6:b4:63:e5:fb:75:5b:b5:db:9b:27:0c:ae:2c:a2:
                    1e:5e:53:1a:18:68:5c:52:35:51:ad:b8:59:07:c0:
                    22:a1:0a:70:24:07:81:54:69:eb:d5:4e:90:e2:cd:
                    ff:76:e0:f2:33:6c:70:5a:31:7c:ef:9c:b4:a7:cd:
                    c7:e6:db:c5:75:36:f9:8b:8d:df:55:ce:0c:a4:89:
                    46:da:8f:2f:89:1b:13:2a:31:7c:4d:27:c7:d0:ea:
                    f3:7c:c5:60:b0:a6:17:71:3c:31:f1:97:db:47:45:
                    69:33:2c:1b:4f:4c:6c:70:0f:17:23:e3:0c:7e:db:
                    67:4f:ee:35:2a:ea:0c:3c:be:6f:31:99:1c:69:3c:
                    d2:a7:b9:3a:c9:aa:4e:db:81:33:cc:43:7f:c0:2a:
                    18:fb:a1:47:af:4f:97:fb:e7:70:e5:9f:6e:76:be:
                    9b:88:c2:2b:01:76:c6:ea:12:d3:eb:16:82:43:c0:
                    51:3b:8e:a9:72:af:2e:d9:fb:c4:7a:23:82:a4:f3:
                    80:43:59:dc:23:49:41:b2:27:fa:7c:99:eb:74:e4:
                    19:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:54:97:D2:0C:83:EC:A4:30:71:01:0C:FE:CD:10:AA:1F:8C:F0:B8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f7c475b3-5219-4664-9143-85a1d33ca75c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:a4:1e:29:8d:77:87:22:78:63:e0:f2:7f:17:f3:13:e0:83:
         e5:c3:96:b0:be:42:e6:76:70:46:4f:4a:3a:4a:a9:b0:e8:9b:
         f4:7a:5b:d1:9c:22:f1:8a:da:ec:27:7a:ac:3e:93:cb:de:63:
         b8:b3:b7:4e:0e:1a:d4:eb:c9:22:0e:c5:d1:94:99:be:9a:93:
         b3:fb:ea:fb:1d:f9:8b:17:d3:55:c5:10:b6:5b:72:62:a6:c9:
         d7:8d:b0:eb:c9:64:b7:24:2d:ff:4e:84:71:8f:72:70:f8:85:
         2d:b1:da:89:6c:44:c5:44:ee:ef:cf:fc:41:81:8e:d5:7f:d6:
         d6:88:eb:cc:8a:6a:52:e1:b5:01:c9:7e:5d:71:b4:4a:9a:dc:
         76:25:22:d1:9c:fb:4f:43:d1:a6:12:9f:84:b4:86:8c:25:a2:
         19:35:88:b9:fc:7f:c2:34:81:43:41:ba:34:a3:00:8f:e7:b7:
         b2:db:40:89:14:f5:29:ac:13:cb:22:bc:43:da:b7:42:c1:36:
         fd:a4:86:c4:8c:7d:5e:92:e8:67:06:5f:4d:47:67:70:bd:e0:
         20:fa:84:f7:07:f2:82:32:38:7b:a1:ed:8b:8b:f0:e6:54:06:
         a7:f4:eb:34:73:6d:3c:6b:8b:f9:9a:3d:a7:f3:da:75:68:e7:
         45:62:49:f2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHPe1PgrGq6MLGR5xjgD7UM00ZdowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE4MDAwMDAwWhcNMjIxMjIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjhlNTE5Y2ZlMDlkNWZhOTE1MjhjNTE2YjgwYzMyMTdl
ZjEwZjcxY2Q5NDUxMTE1MmU2MmViZjhhZmFmM2E0ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMI2xPcwGbxs4DquO5H5hmM+qPtDZtSnvL1qOs3MPfye/91DP59z
C0O81Nr65rRj5ft1W7XbmycMriyiHl5TGhhoXFI1Ua24WQfAIqEKcCQHgVRp69VO
kOLN/3bg8jNscFoxfO+ctKfNx+bbxXU2+YuN31XODKSJRtqPL4kbEyoxfE0nx9Dq
83zFYLCmF3E8MfGX20dFaTMsG09MbHAPFyPjDH7bZ0/uNSrqDDy+bzGZHGk80qe5
OsmqTtuBM8xDf8AqGPuhR69Pl/vncOWfbna+m4jCKwF2xuoS0+sWgkPAUTuOqXKv
Ltn7xHojgqTzgENZ3CNJQbIn+nyZ63TkGTECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRLVJfSDIPspDBxAQz+zRCqH4zwuDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjdjNDc1YjMtNTIxOS00NjY0LTkxNDMtODVhMWQzM2NhNzVjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABGkHimNd4cieGPg
8n8X8xPgg+XDlrC+QuZ2cEZPSjpKqbDom/R6W9GcIvGK2uwneqw+k8veY7izt04O
GtTrySIOxdGUmb6ak7P76vsd+YsX01XFELZbcmKmydeNsOvJZLckLf9OhHGPcnD4
hS2x2olsRMVE7u/P/EGBjtV/1taI68yKalLhtQHJfl1xtEqa3HYlItGc+09D0aYS
n4S0howlohk1iLn8f8I0gUNBujSjAI/nt7LbQIkU9SmsE8sivEPat0LBNv2khsSM
fV6S6GcGX01HZ3C94CD6hPcH8oIyOHuh7YuL8OZUBqf06zRzbTxri/maPafz2nVo
50ViSfI=
-----END CERTIFICATE-----