Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/091e153d-32ea-45cb-9c7a-12a586551d74.roa
File:                     091e153d-32ea-45cb-9c7a-12a586551d74.roa (raw, json)
Hash identifier:          Mh3/NlaOzV3lMz190V3kBbf5b4h0BZAMbzSnO8w8xFU=
Subject key identifier:   EB:8F:38:55:F1:99:7F:DA:4A:55:CD:3D:96:F1:14:BB:E4:F7:28:26
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1E03FE4E93620F03F887431EBC01ACCC37DFFC33
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/091e153d-32ea-45cb-9c7a-12a586551d74.roa
Signing time:             Wed 07 Sep 2022 00:00:00 +0000
ROA not before:           Wed 07 Sep 2022 00:00:00 +0000
ROA not after:            Sat 10 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:03:fe:4e:93:62:0f:03:f8:87:43:1e:bc:01:ac:cc:37:df:fc:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep  7 00:00:00 2022 GMT
            Not After : Sep 10 23:59:59 2022 GMT
        Subject: serialNumber=728087225cc3b0bcdf9b61193d11083e36b676f602d8cc71ba80a0c85110657a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:da:4e:e8:a6:4d:38:12:02:13:8c:ab:f3:17:
                    4a:03:74:59:e0:99:54:22:32:4c:dd:c2:94:4c:f5:
                    ac:9c:02:b3:2a:cc:4a:f3:ad:f2:bd:6c:df:f8:d6:
                    ae:5d:c8:ad:03:cd:a6:5c:3b:57:b0:06:f7:93:e2:
                    3c:b3:3c:a0:b3:73:0d:74:fd:77:68:55:b5:39:75:
                    08:1a:63:3e:22:11:9b:cf:4e:6d:81:a0:7d:fe:d1:
                    28:10:58:94:6a:9e:16:e4:b1:5d:b7:a4:9d:e1:3d:
                    6f:db:54:8a:82:bd:34:35:0c:72:a8:d2:18:20:82:
                    d2:69:77:0c:23:82:1c:cd:bd:9d:c3:9b:d2:15:3e:
                    24:e0:a9:fe:1c:a2:10:54:53:d1:7e:ff:ea:04:5f:
                    42:fd:d2:97:56:41:6a:60:76:3d:da:3c:cd:6d:d0:
                    4f:3f:69:bd:18:0b:31:53:9c:1a:d4:91:03:75:33:
                    e8:d0:11:35:2b:93:92:ec:1d:22:55:72:ef:86:ff:
                    9e:a4:25:c0:90:2b:5c:4a:d0:0a:d9:07:be:d9:d4:
                    af:03:9c:4b:3f:9b:ed:49:66:e4:11:a5:a0:e0:e0:
                    ef:97:93:c1:eb:4f:fd:f4:9e:67:7a:51:7d:4a:11:
                    15:26:6b:4c:e7:f3:de:a8:9f:6c:03:e9:04:ed:08:
                    1d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:8F:38:55:F1:99:7F:DA:4A:55:CD:3D:96:F1:14:BB:E4:F7:28:26
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/091e153d-32ea-45cb-9c7a-12a586551d74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:25:9c:b4:c3:70:c3:4f:85:11:c3:bf:9f:3a:60:03:7c:ff:
         19:df:7c:0b:c4:8f:d7:01:ab:b6:19:44:07:b1:62:f8:81:11:
         4a:5f:b5:b8:4b:81:cf:f8:33:38:64:a1:60:5e:ca:89:a1:85:
         48:34:a5:7d:f6:e8:23:44:08:33:45:2d:cd:ec:c0:98:3f:4e:
         ed:be:d5:fc:86:a6:46:79:dc:4a:63:97:b1:f8:a3:c9:37:f1:
         31:73:f9:a0:b0:23:ad:98:fc:56:ca:27:91:9c:39:1b:cd:58:
         be:57:9a:cd:2f:11:49:78:52:c4:49:25:1c:24:03:44:17:1c:
         25:12:61:d7:60:9a:c7:64:47:ba:32:54:d2:df:96:9c:25:df:
         56:fb:77:89:ea:f6:bf:4d:b0:4c:3e:1f:a9:5a:93:bd:db:5a:
         05:fe:26:ed:bf:1a:3d:a3:aa:9d:56:bf:9f:ee:ec:d5:d2:d9:
         2e:2b:67:07:ae:7e:2b:26:52:90:cc:9c:6a:1f:21:ba:7d:01:
         e2:73:1b:69:7d:78:b7:fc:28:b9:cc:c4:75:13:4e:33:e1:9a:
         21:97:1d:41:2c:22:52:fc:08:f3:95:0b:d1:a8:88:30:ff:1a:
         7d:35:5e:9b:ef:0b:30:3d:2e:53:33:bc:5b:e1:b3:77:a0:47:
         4d:87:76:91
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHgP+TpNiDwP4h0MevAGszDff/DMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTA3MDAwMDAwWhcNMjIwOTEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzI4MDg3MjI1Y2MzYjBiY2RmOWI2MTE5M2QxMTA4M2Uz
NmI2NzZmNjAyZDhjYzcxYmE4MGEwYzg1MTEwNjU3YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK3aTuimTTgSAhOMq/MXSgN0WeCZVCIyTN3ClEz1rJwCsyrMSvOt
8r1s3/jWrl3IrQPNplw7V7AG95PiPLM8oLNzDXT9d2hVtTl1CBpjPiIRm89ObYGg
ff7RKBBYlGqeFuSxXbekneE9b9tUioK9NDUMcqjSGCCC0ml3DCOCHM29ncOb0hU+
JOCp/hyiEFRT0X7/6gRfQv3Sl1ZBamB2Pdo8zW3QTz9pvRgLMVOcGtSRA3Uz6NAR
NSuTkuwdIlVy74b/nqQlwJArXErQCtkHvtnUrwOcSz+b7Ulm5BGloODg75eTwetP
/fSeZ3pRfUoRFSZrTOfz3qifbAPpBO0IHXUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTrjzhV8Zl/2kpVzT2W8RS75PcoJjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDkxZTE1M2QtMzJlYS00NWNiLTljN2EtMTJhNTg2NTUxZDc0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADwlnLTDcMNPhRHD
v586YAN8/xnffAvEj9cBq7YZRAexYviBEUpftbhLgc/4MzhkoWBeyomhhUg0pX32
6CNECDNFLc3swJg/Tu2+1fyGpkZ53Epjl7H4o8k38TFz+aCwI62Y/FbKJ5GcORvN
WL5Xms0vEUl4UsRJJRwkA0QXHCUSYddgmsdkR7oyVNLflpwl31b7d4nq9r9NsEw+
H6lak73bWgX+Ju2/Gj2jqp1Wv5/u7NXS2S4rZweufismUpDMnGofIbp9AeJzG2l9
eLf8KLnMxHUTTjPhmiGXHUEsIlL8CPOVC9GoiDD/Gn01XpvvCzA9LlMzvFvhs3eg
R02HdpE=
-----END CERTIFICATE-----