Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0853b2e4-2466-457c-a209-a436222f49dc.roa
File:                     0853b2e4-2466-457c-a209-a436222f49dc.roa (raw, json)
Hash identifier:          CFOefALkDndPzNNiQqyN4CmWeEfeksQeUetyQeQoTi0=
Subject key identifier:   2D:ED:5A:28:DF:0C:57:AD:6F:BB:02:76:14:51:29:C9:42:37:0D:1F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7719C77242BBA20458D7A073B8BFF0FED80F5F9F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0853b2e4-2466-457c-a209-a436222f49dc.roa
Signing time:             Thu 21 Jul 2022 00:00:00 +0000
ROA not before:           Thu 21 Jul 2022 00:00:00 +0000
ROA not after:            Sun 24 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:19:c7:72:42:bb:a2:04:58:d7:a0:73:b8:bf:f0:fe:d8:0f:5f:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 21 00:00:00 2022 GMT
            Not After : Jul 24 23:59:59 2022 GMT
        Subject: serialNumber=92090628160948883294f94c441ca63cdecab2bf4a5bce4cc84fc204fc7455d2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7d:25:64:71:d8:07:c4:51:bf:a4:86:44:04:
                    94:b4:30:03:f9:d9:ec:a5:8d:e2:cc:f8:17:c0:84:
                    21:89:95:e1:55:88:b3:d5:35:d3:9f:9a:2c:7a:a6:
                    99:b9:49:af:38:ae:65:cf:5c:d6:a7:27:3d:d1:9f:
                    2d:77:f0:fd:35:b0:fa:85:cc:4c:a8:ec:81:30:94:
                    ba:21:b8:f9:63:4f:92:28:f6:ab:85:47:54:ae:cc:
                    12:89:48:0a:ad:c0:5e:cd:93:60:f4:52:c6:30:1f:
                    9f:c8:25:0d:3e:f7:d3:08:c0:22:11:87:09:40:6a:
                    9f:c3:0b:be:39:bf:7c:af:d2:a1:f4:94:00:6c:d8:
                    42:9b:39:70:0d:f9:19:e6:04:e6:d9:32:25:be:2e:
                    ab:a2:61:0f:d9:9e:3d:e8:09:7a:5f:4d:0d:4c:1b:
                    a4:01:3a:59:15:3e:4e:11:a3:e6:40:78:29:a8:94:
                    6b:2b:2b:04:21:27:6d:fb:83:89:ed:b2:18:40:a3:
                    16:f5:f9:25:ca:ef:ac:d6:23:ea:52:b7:a8:7e:33:
                    f6:2d:48:2d:5f:4a:26:56:a0:1a:84:6d:45:ef:50:
                    a4:fe:4f:3f:ee:5a:dd:00:91:bb:4d:6b:85:d5:bd:
                    23:03:63:94:d5:22:8c:64:15:44:b8:d5:dd:41:ca:
                    74:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:ED:5A:28:DF:0C:57:AD:6F:BB:02:76:14:51:29:C9:42:37:0D:1F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0853b2e4-2466-457c-a209-a436222f49dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:f9:8d:9c:27:b5:35:88:f7:35:02:b6:76:97:2e:fb:41:79:
         e4:72:79:f8:62:3b:d0:a5:8d:52:e8:5d:0f:8e:0b:75:5b:26:
         aa:8a:f8:dc:2e:2e:c5:42:5f:93:7c:31:05:dd:70:91:b6:cd:
         ce:e5:85:43:2c:3b:be:8d:5b:cf:f1:f3:c2:c0:67:4d:35:ca:
         d7:29:96:14:66:82:6b:cb:66:fe:5e:e3:a2:a8:41:bb:96:a9:
         74:5a:30:9a:b5:48:2c:5f:48:47:e1:ac:0b:69:ba:14:77:f2:
         3d:1f:d1:24:0d:0f:6b:bc:f5:bb:a5:66:31:ab:19:c8:d8:b6:
         17:49:bf:b4:11:5f:c2:a6:9b:a7:c3:df:c8:b4:27:20:86:e6:
         ee:ab:16:c5:eb:33:2d:57:35:b3:ea:63:03:cc:cc:c9:fc:2e:
         b2:e0:d8:99:51:68:4c:46:c5:34:8d:7b:91:76:ac:b0:bc:f7:
         a3:5f:39:bb:1a:f8:9f:dc:8f:e5:89:03:e7:59:75:b3:ec:f2:
         60:89:5d:ca:fa:af:c5:75:bf:c1:1e:ac:03:2c:b2:fb:05:9d:
         e8:ba:fc:a1:f2:d3:f7:f3:03:78:ee:8a:12:34:61:62:e8:0c:
         00:78:ec:15:9d:bd:cf:3a:77:b4:48:c0:35:0e:37:87:6a:2c:
         27:5a:c9:d7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdxnHckK7ogRY16BzuL/w/tgPX58wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzIxMDAwMDAwWhcNMjIwNzI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTIwOTA2MjgxNjA5NDg4ODMyOTRmOTRjNDQxY2E2M2Nk
ZWNhYjJiZjRhNWJjZTRjYzg0ZmMyMDRmYzc0NTVkMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALh9JWRx2AfEUb+khkQElLQwA/nZ7KWN4sz4F8CEIYmV4VWIs9U1
05+aLHqmmblJrziuZc9c1qcnPdGfLXfw/TWw+oXMTKjsgTCUuiG4+WNPkij2q4VH
VK7MEolICq3AXs2TYPRSxjAfn8glDT730wjAIhGHCUBqn8MLvjm/fK/SofSUAGzY
Qps5cA35GeYE5tkyJb4uq6JhD9mePegJel9NDUwbpAE6WRU+ThGj5kB4KaiUaysr
BCEnbfuDie2yGECjFvX5JcrvrNYj6lK3qH4z9i1ILV9KJlagGoRtRe9QpP5PP+5a
3QCRu01rhdW9IwNjlNUijGQVRLjV3UHKdMMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQt7Voo3wxXrW+7AnYUUSnJQjcNHzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDg1M2IyZTQtMjQ2Ni00NTdjLWEyMDktYTQzNjIyMmY0OWRjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJr5jZwntTWI9zUC
tnaXLvtBeeRyefhiO9CljVLoXQ+OC3VbJqqK+NwuLsVCX5N8MQXdcJG2zc7lhUMs
O76NW8/x88LAZ001ytcplhRmgmvLZv5e46KoQbuWqXRaMJq1SCxfSEfhrAtpuhR3
8j0f0SQND2u89bulZjGrGcjYthdJv7QRX8Kmm6fD38i0JyCG5u6rFsXrMy1XNbPq
YwPMzMn8LrLg2JlRaExGxTSNe5F2rLC896NfObsa+J/cj+WJA+dZdbPs8mCJXcr6
r8V1v8EerAMssvsFnei6/KHy0/fzA3juihI0YWLoDAB47BWdvc86d7RIwDUON4dq
LCdaydc=
-----END CERTIFICATE-----