Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/07a4b8b5-af6d-4fde-ada0-584d525b8b54.roa
File:                     07a4b8b5-af6d-4fde-ada0-584d525b8b54.roa (raw, json)
Hash identifier:          TN4VPEM17EuszN9yDN10qGfiK4d1Bv0PqS+N2NePBcc=
Subject key identifier:   D4:1F:1F:FE:02:0E:55:2D:B9:79:82:20:BD:37:D3:74:2E:0F:B2:76
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       70733DC2DD1F805ADAFB5129B3FB178F6A5FECFF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/07a4b8b5-af6d-4fde-ada0-584d525b8b54.roa
Signing time:             Sat 24 Dec 2022 00:00:00 +0000
ROA not before:           Sat 24 Dec 2022 00:00:00 +0000
ROA not after:            Tue 27 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:73:3d:c2:dd:1f:80:5a:da:fb:51:29:b3:fb:17:8f:6a:5f:ec:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 24 00:00:00 2022 GMT
            Not After : Dec 27 23:59:59 2022 GMT
        Subject: serialNumber=d377fc8a8fd898cdc8151ab2fc864a001dfed4091a777407ad7c9d151804fdee, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:1a:ed:b2:da:5a:70:23:97:10:75:40:81:ee:
                    b1:25:86:cc:64:57:24:b0:49:4b:6c:5c:66:e3:70:
                    6a:e7:14:e4:ae:2f:f6:b9:69:39:31:93:ae:ab:72:
                    ec:bb:4e:ed:45:cb:e3:c4:50:4e:c0:96:73:50:03:
                    9c:69:21:e8:3c:39:72:a4:40:c4:4f:9b:34:b1:63:
                    71:aa:0a:99:21:1f:cd:c7:c5:18:fc:7b:0b:21:63:
                    8f:09:ff:37:cf:fe:73:8b:fe:ad:51:89:6e:9b:94:
                    70:ab:9a:11:ff:22:3b:a3:66:e8:16:65:f8:7a:7f:
                    a4:5a:af:f0:d5:0f:09:f5:b6:4c:cc:b3:43:e2:c8:
                    4e:d5:e2:61:8a:dc:75:73:63:52:41:47:5e:bf:d6:
                    76:6b:1e:6e:67:3e:37:5d:c9:bf:ca:de:1e:74:c3:
                    7e:4b:03:42:cb:c9:90:08:95:15:c3:d5:12:ea:8b:
                    0e:e8:af:13:b2:fa:0a:43:14:ca:e0:f8:64:da:50:
                    84:86:23:92:f3:37:06:bb:2b:cb:d0:58:ae:5a:cb:
                    83:69:fe:48:4f:e8:8a:dd:15:56:fa:43:38:2f:c0:
                    0b:a0:6c:22:bb:c8:86:c0:d7:46:a7:27:40:4f:64:
                    7f:35:ea:41:cc:0e:44:3a:57:2d:26:1d:6a:ea:e5:
                    fc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:1F:1F:FE:02:0E:55:2D:B9:79:82:20:BD:37:D3:74:2E:0F:B2:76
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/07a4b8b5-af6d-4fde-ada0-584d525b8b54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:f1:2d:63:3e:80:b3:db:0d:2d:7b:5e:33:be:8b:12:0f:48:
         0b:47:10:da:a2:75:7e:1a:a4:75:a6:bf:41:e5:85:a7:b4:11:
         45:f0:c6:9d:41:43:9b:b3:56:43:7d:e6:2e:ab:06:d7:5f:47:
         5d:c5:18:1e:4b:53:03:43:c4:22:30:33:98:c4:6a:a9:f0:72:
         22:d0:7b:58:71:05:50:ef:be:04:24:45:80:51:dd:79:af:a2:
         92:ba:b7:12:be:46:61:e9:b2:cd:48:f1:23:db:a0:c6:2d:72:
         b4:76:b0:e2:4c:41:77:b2:19:9a:6a:b5:92:20:82:1a:3b:df:
         a4:15:f9:05:1a:4c:75:93:c2:93:95:74:c8:50:2d:51:72:2b:
         8f:93:0b:e6:6e:f8:29:32:56:4b:3e:ed:8b:01:cf:0d:c2:9a:
         76:5a:44:b9:9c:b0:0b:b6:21:8c:37:92:ba:8e:32:98:83:d5:
         54:0d:a2:9a:30:38:bf:c7:f0:73:14:06:e0:fa:ac:70:e5:28:
         f7:49:9a:82:d9:e4:ec:e3:7f:7f:e4:2e:7f:07:93:61:4f:47:
         3e:10:2e:5a:78:6a:d7:f9:6c:0d:c5:84:12:ad:aa:51:e8:6d:
         13:5a:f5:e5:04:2b:7a:31:c4:3a:50:4e:b1:cb:1d:d7:5c:23:
         5f:e5:3f:75
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcHM9wt0fgFra+1Eps/sXj2pf7P8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI0MDAwMDAwWhcNMjIxMjI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDM3N2ZjOGE4ZmQ4OThjZGM4MTUxYWIyZmM4NjRhMDAx
ZGZlZDQwOTFhNzc3NDA3YWQ3YzlkMTUxODA0ZmRlZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIsa7bLaWnAjlxB1QIHusSWGzGRXJLBJS2xcZuNwaucU5K4v9rlp
OTGTrqty7LtO7UXL48RQTsCWc1ADnGkh6Dw5cqRAxE+bNLFjcaoKmSEfzcfFGPx7
CyFjjwn/N8/+c4v+rVGJbpuUcKuaEf8iO6Nm6BZl+Hp/pFqv8NUPCfW2TMyzQ+LI
TtXiYYrcdXNjUkFHXr/Wdmsebmc+N13Jv8reHnTDfksDQsvJkAiVFcPVEuqLDuiv
E7L6CkMUyuD4ZNpQhIYjkvM3Brsry9BYrlrLg2n+SE/oit0VVvpDOC/AC6BsIrvI
hsDXRqcnQE9kfzXqQcwORDpXLSYdaurl/KsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTUHx/+Ag5VLbl5giC9N9N0Lg+ydjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDdhNGI4YjUtYWY2ZC00ZmRlLWFkYTAtNTg0ZDUyNWI4YjU0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADPxLWM+gLPbDS17
XjO+ixIPSAtHENqidX4apHWmv0Hlhae0EUXwxp1BQ5uzVkN95i6rBtdfR13FGB5L
UwNDxCIwM5jEaqnwciLQe1hxBVDvvgQkRYBR3XmvopK6txK+RmHpss1I8SPboMYt
crR2sOJMQXeyGZpqtZIggho736QV+QUaTHWTwpOVdMhQLVFyK4+TC+Zu+CkyVks+
7YsBzw3CmnZaRLmcsAu2IYw3krqOMpiD1VQNopowOL/H8HMUBuD6rHDlKPdJmoLZ
5Ozjf3/kLn8Hk2FPRz4QLlp4atf5bA3FhBKtqlHobRNa9eUEK3oxxDpQTrHLHddc
I1/lP3U=
-----END CERTIFICATE-----