Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fa8ced84-6e20-4cda-9280-017251bb5070.roa
File:                     fa8ced84-6e20-4cda-9280-017251bb5070.roa (raw, json)
Hash identifier:          AAScjEjpKfdby/JroYZz0VTfT0Sbf7fJVDw8grm8tF0=
Subject key identifier:   31:83:64:13:DD:CD:56:8F:8A:27:9D:59:EC:F3:2A:B5:02:44:05:CD
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       39454ED9E10707BDE007A7F110AAFD7F5A56CFAB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fa8ced84-6e20-4cda-9280-017251bb5070.roa
Signing time:             Wed 22 Feb 2023 00:00:00 +0000
ROA not before:           Wed 22 Feb 2023 00:00:00 +0000
ROA not after:            Sat 25 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:45:4e:d9:e1:07:07:bd:e0:07:a7:f1:10:aa:fd:7f:5a:56:cf:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 22 00:00:00 2023 GMT
            Not After : Feb 25 23:59:59 2023 GMT
        Subject: serialNumber=df2893dd1809b454ec5dc97e5a5b67324515027928fa7f18d18fb64b4cc04a7f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:36:6e:53:5e:57:c9:21:c4:c8:b6:8b:ba:17:
                    64:ce:17:65:d5:0a:4b:07:5c:c9:bb:83:36:00:f9:
                    ee:fa:a1:1e:e6:b5:b2:2c:ee:df:e3:a9:9a:e0:b5:
                    d6:df:9c:c3:5d:ad:4a:64:19:e7:7a:2a:26:a8:4e:
                    ac:cc:8e:c6:cb:8f:cc:89:14:54:43:82:35:28:88:
                    52:90:74:0d:02:31:7a:56:9e:8b:b4:28:74:34:6f:
                    87:a9:4a:ba:2d:4f:f4:79:4e:4d:eb:47:01:aa:52:
                    c0:1f:fb:d5:0b:c3:30:da:0c:b3:50:ea:19:5f:39:
                    41:7f:0d:20:35:15:bd:b6:e9:66:21:39:c2:01:1c:
                    d2:76:db:5a:7d:13:fb:bf:39:89:85:9f:ef:0e:ab:
                    45:36:d9:91:85:20:e7:17:8a:ad:66:2a:5b:fe:73:
                    5d:50:0a:00:6f:dc:00:20:e2:ef:1d:38:eb:da:81:
                    fa:9f:4c:76:1a:c0:10:28:7c:b3:e7:36:06:fd:ac:
                    7f:75:cf:cb:2f:f1:bf:32:6e:5b:5c:bd:3d:e8:ee:
                    38:c2:40:81:1b:7b:0f:b5:d5:24:18:43:85:04:96:
                    56:6a:9e:f0:28:4b:81:6d:f7:a9:5b:fd:4e:76:73:
                    1d:e6:80:60:80:01:a0:5f:22:35:b7:89:25:dd:fe:
                    8b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:83:64:13:DD:CD:56:8F:8A:27:9D:59:EC:F3:2A:B5:02:44:05:CD
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fa8ced84-6e20-4cda-9280-017251bb5070.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:24:5c:32:46:3d:e0:b8:04:0b:9d:cc:f1:2c:09:a5:cf:ad:
         fa:ae:80:60:3c:4a:91:f9:87:f8:fd:f3:14:ff:38:ab:d8:52:
         f8:e7:2d:67:ac:6f:14:60:3c:06:78:51:cd:cd:ef:1c:e3:a9:
         e0:d7:73:c5:74:0e:51:e8:b8:e7:97:29:b2:c0:74:8c:54:e9:
         f0:f7:da:2b:fd:5c:21:48:7c:64:6e:7c:8c:07:40:c5:a8:26:
         56:cc:37:df:fe:96:eb:1f:dd:f9:d0:f8:1c:43:09:c0:49:87:
         1c:5e:96:6a:0e:52:d3:21:55:b2:20:b0:c1:0c:92:56:9b:a3:
         5b:3f:32:10:e2:68:c5:14:0f:fc:20:60:56:9b:39:2d:81:89:
         47:90:c4:f4:de:3a:4d:08:e2:74:39:a9:e7:5b:cf:9c:0e:6f:
         5e:d7:34:dd:c2:2d:04:01:be:f7:f1:ff:54:52:df:f3:b7:c9:
         9b:34:55:b2:9b:20:0a:86:80:9b:46:29:16:64:43:65:13:76:
         25:1b:ee:6a:00:36:a8:42:30:95:25:4a:05:6d:cf:ef:d6:27:
         06:1a:b3:ae:ce:ff:b2:b9:5a:cc:60:6e:d6:9f:9d:fa:bb:22:
         7c:37:af:39:50:07:3f:ce:c2:09:d7:a2:b6:a6:f6:10:d0:b5:
         39:93:cf:43
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUOUVO2eEHB73gB6fxEKr9f1pWz6swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIyMDAwMDAwWhcNMjMwMjI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGYyODkzZGQxODA5YjQ1NGVjNWRjOTdlNWE1YjY3MzI0
NTE1MDI3OTI4ZmE3ZjE4ZDE4ZmI2NGI0Y2MwNGE3ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALs2blNeV8khxMi2i7oXZM4XZdUKSwdcybuDNgD57vqhHua1sizu
3+OpmuC11t+cw12tSmQZ53oqJqhOrMyOxsuPzIkUVEOCNSiIUpB0DQIxelaei7Qo
dDRvh6lKui1P9HlOTetHAapSwB/71QvDMNoMs1DqGV85QX8NIDUVvbbpZiE5wgEc
0nbbWn0T+785iYWf7w6rRTbZkYUg5xeKrWYqW/5zXVAKAG/cACDi7x0469qB+p9M
dhrAECh8s+c2Bv2sf3XPyy/xvzJuW1y9PejuOMJAgRt7D7XVJBhDhQSWVmqe8ChL
gW33qVv9TnZzHeaAYIABoF8iNbeJJd3+i90CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQxg2QT3c1Wj4onnVns8yq1AkQFzTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZmE4Y2VkODQtNmUyMC00Y2RhLTkyODAtMDE3MjUxYmI1MDcwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAL8kXDJGPeC4BAud
zPEsCaXPrfqugGA8SpH5h/j98xT/OKvYUvjnLWesbxRgPAZ4Uc3N7xzjqeDXc8V0
DlHouOeXKbLAdIxU6fD32iv9XCFIfGRufIwHQMWoJlbMN9/+lusf3fnQ+BxDCcBJ
hxxelmoOUtMhVbIgsMEMklabo1s/MhDiaMUUD/wgYFabOS2BiUeQxPTeOk0I4nQ5
qedbz5wOb17XNN3CLQQBvvfx/1RS3/O3yZs0VbKbIAqGgJtGKRZkQ2UTdiUb7moA
NqhCMJUlSgVtz+/WJwYas67O/7K5Wsxgbtafnfq7Inw3rzlQBz/OwgnXoram9hDQ
tTmTz0M=
-----END CERTIFICATE-----