Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0933c89e-1af2-4d7e-b1fa-ecba151dc649.roa
File:                     0933c89e-1af2-4d7e-b1fa-ecba151dc649.roa (raw, json)
Hash identifier:          /cWLX+JA+PiTWgUPmGq9GX7PqWKdvAR4GKeEHV/17Dk=
Subject key identifier:   06:55:85:79:15:82:86:47:57:3A:3B:B0:D1:20:9C:EB:68:31:E3:AE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       103A6169482D61E144F9BF577CE513BDAE3CA2DC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0933c89e-1af2-4d7e-b1fa-ecba151dc649.roa
Signing time:             Mon 12 Dec 2022 00:00:00 +0000
ROA not before:           Mon 12 Dec 2022 00:00:00 +0000
ROA not after:            Thu 15 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:3a:61:69:48:2d:61:e1:44:f9:bf:57:7c:e5:13:bd:ae:3c:a2:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 12 00:00:00 2022 GMT
            Not After : Dec 15 23:59:59 2022 GMT
        Subject: serialNumber=653ff1349dc6b702dab65a3b7ad3eb6fc9917b46adb946a1e76ad12e03d78d91, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bb:10:61:2a:6d:a0:3a:3a:b4:69:3f:26:ca:
                    11:c1:64:19:01:b0:d1:31:7a:36:84:af:d1:8e:ec:
                    67:01:4f:c4:ce:25:4c:3d:85:61:10:df:ff:2e:d0:
                    5f:07:a1:71:3f:8d:59:4d:ac:99:c6:48:2a:12:9a:
                    ed:07:82:85:b4:10:81:e9:99:0f:80:e2:12:f3:99:
                    82:c0:82:0a:07:5a:16:be:93:bf:bf:b4:61:d8:14:
                    f8:f3:a5:33:ca:fa:20:1f:ee:6f:f2:4e:46:b9:a1:
                    ac:0e:c3:6a:5a:d8:58:25:71:69:2e:27:ab:3f:40:
                    47:5b:eb:ea:47:9f:9f:73:58:52:8b:42:d2:82:25:
                    d6:2d:c4:c6:12:2d:36:fc:1f:f4:6f:df:ee:98:98:
                    75:2e:84:7d:a7:7a:1e:53:c3:dd:84:36:7f:ee:46:
                    24:3f:76:34:f2:06:4b:c8:92:8a:a9:16:4f:0a:03:
                    0b:98:2f:1f:f5:b4:cb:dd:98:4f:0a:54:48:bb:83:
                    45:c1:ba:4c:71:0d:30:7d:c0:70:f8:b8:de:20:03:
                    6a:1f:4e:87:0c:33:52:4b:ee:ac:88:a1:f0:8e:13:
                    61:92:61:0a:b5:b7:7d:6f:db:90:da:b9:1f:b8:11:
                    05:5a:7e:d5:a0:be:e9:60:78:ab:00:86:d9:ee:bf:
                    58:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:55:85:79:15:82:86:47:57:3A:3B:B0:D1:20:9C:EB:68:31:E3:AE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0933c89e-1af2-4d7e-b1fa-ecba151dc649.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:7d:a5:c5:ac:1c:7f:41:16:0a:01:3a:92:4a:59:2d:38:d3:
         97:7a:1b:7d:d8:6b:59:93:26:ef:a1:a9:48:a4:58:59:ab:b4:
         1b:94:f2:10:18:fd:1d:f1:4a:f4:b9:04:a9:4d:ef:ba:1c:50:
         80:8c:2e:e2:ea:73:f5:32:07:6b:ea:63:84:bb:74:e0:a4:79:
         56:09:84:b5:96:01:d3:c4:44:c9:8e:38:b9:72:db:86:d5:53:
         cf:03:0e:d5:88:59:ed:78:91:a7:27:88:df:55:1b:9c:99:cf:
         f4:13:ca:56:6b:a1:1b:b7:42:04:7e:6d:85:c4:67:9f:9c:7e:
         5a:67:f5:10:93:92:ba:e0:b9:49:a0:a8:e6:0d:05:ea:71:d1:
         17:d0:ac:25:aa:96:0b:62:06:de:56:d1:89:ad:0e:5f:2b:f6:
         a2:e7:72:73:c2:63:83:15:f6:60:cb:3d:2f:1e:a6:df:e5:26:
         41:4c:a9:5b:45:ac:78:6c:5d:9e:b8:92:d5:d7:17:16:5d:ad:
         9a:d6:93:b3:4f:69:6d:a6:64:c2:a8:9f:9e:99:ba:0f:61:fb:
         b5:aa:6e:00:4e:66:32:5d:6d:d7:a3:db:3a:8b:c9:70:98:4d:
         d6:74:41:6f:61:db:90:0a:f0:47:bd:16:8b:36:53:50:95:d5:
         96:a7:21:3a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEDphaUgtYeFE+b9XfOUTva48otwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjEyMDAwMDAwWhcNMjIxMjE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjUzZmYxMzQ5ZGM2YjcwMmRhYjY1YTNiN2FkM2ViNmZj
OTkxN2I0NmFkYjk0NmExZTc2YWQxMmUwM2Q3OGQ5MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM27EGEqbaA6OrRpPybKEcFkGQGw0TF6NoSv0Y7sZwFPxM4lTD2F
YRDf/y7QXwehcT+NWU2smcZIKhKa7QeChbQQgemZD4DiEvOZgsCCCgdaFr6Tv7+0
YdgU+POlM8r6IB/ub/JORrmhrA7DalrYWCVxaS4nqz9AR1vr6kefn3NYUotC0oIl
1i3ExhItNvwf9G/f7piYdS6Efad6HlPD3YQ2f+5GJD92NPIGS8iSiqkWTwoDC5gv
H/W0y92YTwpUSLuDRcG6THENMH3AcPi43iADah9OhwwzUkvurIih8I4TYZJhCrW3
fW/bkNq5H7gRBVp+1aC+6WB4qwCG2e6/WBcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQGVYV5FYKGR1c6O7DRIJzraDHjrjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDkzM2M4OWUtMWFmMi00ZDdlLWIxZmEtZWNiYTE1MWRjNjQ5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAL19pcWsHH9BFgoB
OpJKWS0405d6G33Ya1mTJu+hqUikWFmrtBuU8hAY/R3xSvS5BKlN77ocUICMLuLq
c/UyB2vqY4S7dOCkeVYJhLWWAdPERMmOOLly24bVU88DDtWIWe14kacniN9VG5yZ
z/QTylZroRu3QgR+bYXEZ5+cflpn9RCTkrrguUmgqOYNBepx0RfQrCWqlgtiBt5W
0YmtDl8r9qLncnPCY4MV9mDLPS8ept/lJkFMqVtFrHhsXZ64ktXXFxZdrZrWk7NP
aW2mZMKon56Zug9h+7WqbgBOZjJdbdej2zqLyXCYTdZ0QW9h25AK8Ee9Fos2U1CV
1ZanITo=
-----END CERTIFICATE-----