Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/03c914f4-76a5-450e-9fa3-2018ecb321b7.roa
File:                     03c914f4-76a5-450e-9fa3-2018ecb321b7.roa (raw, json)
Hash identifier:          lefewFf8DathmmVfFaDQcOLMwr9bOyKeExBTuHTq7Pk=
Subject key identifier:   4C:6D:D8:B1:FC:97:93:D0:4E:F8:2D:9F:87:5C:CC:26:44:EE:27:60
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0F0518298A59A3E70D7C47E3098584DCE4FAF817
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/03c914f4-76a5-450e-9fa3-2018ecb321b7.roa
Signing time:             Sat 03 Dec 2022 00:00:00 +0000
ROA not before:           Sat 03 Dec 2022 00:00:00 +0000
ROA not after:            Tue 06 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:05:18:29:8a:59:a3:e7:0d:7c:47:e3:09:85:84:dc:e4:fa:f8:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  3 00:00:00 2022 GMT
            Not After : Dec  6 23:59:59 2022 GMT
        Subject: serialNumber=c54e385854e0bf873b242da85a1996374b027f02af0fd8c0b20ef7c9458afebe, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:60:89:cc:0d:3e:7f:6b:fd:c5:09:66:62:ff:
                    ef:89:0b:9d:19:d3:98:df:fd:ed:11:47:60:07:4c:
                    f6:38:e8:4c:18:0c:e4:ca:8b:7b:f5:5e:80:03:66:
                    f7:09:b8:32:4e:35:31:ac:ec:97:11:7d:2f:e4:c1:
                    8a:02:1f:49:9a:58:8e:72:46:19:69:39:0c:06:c7:
                    5f:fa:af:14:58:95:50:c0:d8:e9:73:4f:4e:d6:b7:
                    5f:41:2b:4d:34:fb:01:70:63:1e:20:de:59:27:86:
                    35:8f:a7:21:72:88:7b:e9:11:08:ac:aa:8a:b6:f9:
                    74:b9:b8:2c:10:70:36:cc:f4:a7:62:40:da:aa:1d:
                    2e:3c:b2:c1:e0:51:b0:4d:fb:46:ce:9c:05:e9:a3:
                    c5:fb:51:3f:87:3d:68:d8:86:d9:29:41:fb:19:2b:
                    9b:db:7e:b9:2f:72:b1:3b:a9:c5:78:ff:dc:ab:20:
                    79:28:ab:51:dc:e3:1b:91:ca:f2:34:86:5c:2a:a0:
                    34:79:8a:1f:98:70:b9:de:08:03:e5:9b:45:f7:48:
                    f7:f6:38:c4:bd:3f:54:fd:8e:4d:39:de:00:43:c6:
                    38:1f:3f:07:4f:eb:8b:a1:07:f3:b1:f3:28:e7:35:
                    59:47:b2:53:d9:32:37:c3:7b:dc:24:eb:ce:ef:a2:
                    c8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:6D:D8:B1:FC:97:93:D0:4E:F8:2D:9F:87:5C:CC:26:44:EE:27:60
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/03c914f4-76a5-450e-9fa3-2018ecb321b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:20:5f:8d:8c:23:db:33:93:23:dd:93:b1:18:6f:24:95:d2:
         50:a4:d8:bf:b3:51:ec:0c:bc:41:ed:e4:f6:78:a2:db:84:dd:
         2e:b5:89:84:c6:3c:a6:de:37:fd:b0:00:e4:66:be:c2:00:b9:
         c3:93:6c:10:b2:a7:c4:0d:7b:d3:1e:28:cb:84:f6:70:2c:19:
         0d:39:e4:0b:37:a0:61:b5:2a:06:5b:f5:0b:54:d8:25:b1:d3:
         24:8c:23:48:3d:4d:bc:d2:ca:39:02:84:bc:39:51:10:17:83:
         ae:04:63:a4:d8:ae:89:55:e8:b5:06:aa:d6:2c:5a:64:63:0d:
         30:64:ad:f4:1a:75:51:0d:89:c2:fe:b5:98:5a:09:a5:6e:84:
         5d:91:00:6e:b4:91:54:56:64:55:1b:23:bd:0b:71:17:7b:52:
         b8:74:a0:7e:23:ee:ef:53:a9:a2:32:a8:2d:ca:bb:8f:48:63:
         64:59:77:76:e6:cc:d1:1d:cc:1c:bd:d7:a0:55:59:d1:b4:6c:
         57:c3:92:6d:d2:c7:f4:28:67:b5:1b:1e:a8:11:22:9b:62:a9:
         af:c0:41:8c:c8:09:b6:82:38:f6:57:f5:fa:ad:fd:fe:9d:69:
         44:6d:b2:5c:92:80:af:33:90:da:0f:3a:d8:10:5b:09:bd:8f:
         2a:d9:43:29
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDwUYKYpZo+cNfEfjCYWE3OT6+BcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjAzMDAwMDAwWhcNMjIxMjA2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzU0ZTM4NTg1NGUwYmY4NzNiMjQyZGE4NWExOTk2Mzc0
YjAyN2YwMmFmMGZkOGMwYjIwZWY3Yzk0NThhZmViZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALlgicwNPn9r/cUJZmL/74kLnRnTmN/97RFHYAdM9jjoTBgM5MqL
e/VegANm9wm4Mk41MazslxF9L+TBigIfSZpYjnJGGWk5DAbHX/qvFFiVUMDY6XNP
Tta3X0ErTTT7AXBjHiDeWSeGNY+nIXKIe+kRCKyqirb5dLm4LBBwNsz0p2JA2qod
LjyyweBRsE37Rs6cBemjxftRP4c9aNiG2SlB+xkrm9t+uS9ysTupxXj/3KsgeSir
UdzjG5HK8jSGXCqgNHmKH5hwud4IA+WbRfdI9/Y4xL0/VP2OTTneAEPGOB8/B0/r
i6EH87HzKOc1WUeyU9kyN8N73CTrzu+iyP0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRMbdix/JeT0E74LZ+HXMwmRO4nYDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDNjOTE0ZjQtNzZhNS00NTBlLTlmYTMtMjAxOGVjYjMyMWI3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALggX42MI9szkyPd
k7EYbySV0lCk2L+zUewMvEHt5PZ4otuE3S61iYTGPKbeN/2wAORmvsIAucOTbBCy
p8QNe9MeKMuE9nAsGQ055As3oGG1KgZb9QtU2CWx0ySMI0g9TbzSyjkChLw5URAX
g64EY6TYrolV6LUGqtYsWmRjDTBkrfQadVENicL+tZhaCaVuhF2RAG60kVRWZFUb
I70LcRd7Urh0oH4j7u9TqaIyqC3Ku49IY2RZd3bmzNEdzBy916BVWdG0bFfDkm3S
x/QoZ7UbHqgRIptiqa/AQYzICbaCOPZX9fqt/f6daURtslySgK8zkNoPOtgQWwm9
jyrZQyk=
-----END CERTIFICATE-----