Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0b0c0a25-5eda-4eda-8cc9-2f307c9cda2c.roa
File:                     0b0c0a25-5eda-4eda-8cc9-2f307c9cda2c.roa (raw, json)
Hash identifier:          KkxG41eNSOGI6Sl/xl3kbJ0/ESZHwroxuHcQPIQPiFY=
Subject key identifier:   CD:BA:40:AF:2E:5E:E2:78:37:4C:53:38:79:A2:5E:7A:55:06:97:46
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3EC6B855960FC30CCC9E94C563CB46F2BE79EC3B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0b0c0a25-5eda-4eda-8cc9-2f307c9cda2c.roa
Signing time:             Fri 02 Dec 2022 00:00:00 +0000
ROA not before:           Fri 02 Dec 2022 00:00:00 +0000
ROA not after:            Mon 05 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:c6:b8:55:96:0f:c3:0c:cc:9e:94:c5:63:cb:46:f2:be:79:ec:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  2 00:00:00 2022 GMT
            Not After : Dec  5 23:59:59 2022 GMT
        Subject: serialNumber=c47bbd0759be3da4e46708ff110742dc038f83d739e24730781c931405704102, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1d:12:4a:ae:d2:d5:85:23:da:ed:3a:04:46:
                    a4:51:92:65:8e:17:21:69:6b:2e:24:4b:4d:75:89:
                    55:3e:50:b1:ab:1f:de:24:bb:a4:6e:07:e0:1a:85:
                    11:ad:c2:9b:fd:17:19:7e:3e:f7:d4:22:f9:44:13:
                    6d:fb:84:a2:22:e3:37:54:fd:9a:fe:69:f3:f9:e0:
                    09:cf:f1:6b:7c:cc:77:aa:4e:3d:90:5b:17:97:d5:
                    18:94:54:af:84:0d:c5:11:84:8b:79:de:12:47:7d:
                    11:6a:9e:3d:e6:b1:74:5b:bc:74:11:d6:5c:76:4f:
                    19:b3:22:de:88:a3:49:1f:1f:bd:1e:65:bb:2a:47:
                    f8:d4:06:5a:33:cc:0b:56:c7:cd:4e:3e:f1:2d:75:
                    bb:a1:7b:59:c0:43:0b:5a:7e:d9:d4:ee:6c:17:34:
                    17:83:e9:f9:b4:8c:8e:50:93:04:d7:76:a5:98:1d:
                    d7:f8:4b:b1:24:62:d2:a3:d8:58:8f:f7:98:b1:f3:
                    c4:ce:db:9c:e8:67:17:f3:f6:59:c5:1c:5e:ea:8f:
                    a6:43:0c:7e:22:43:d0:68:3f:e2:2b:bd:7a:f2:e7:
                    c0:1b:72:7a:68:9e:ea:10:05:d4:84:89:f3:72:05:
                    35:47:de:6d:71:ff:88:76:ea:09:a5:d9:af:af:c0:
                    fb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:BA:40:AF:2E:5E:E2:78:37:4C:53:38:79:A2:5E:7A:55:06:97:46
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0b0c0a25-5eda-4eda-8cc9-2f307c9cda2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:9e:a9:c5:1d:7e:d1:f6:40:92:a0:96:5e:dc:ef:7c:9e:fd:
         09:d5:7e:8d:7c:5d:1a:49:0f:b2:20:f4:40:84:c6:a2:98:02:
         55:78:fe:97:cb:9f:11:49:ae:61:93:f7:89:c0:d9:e8:06:6b:
         55:7f:85:be:f2:1d:f3:d9:a6:8f:87:2b:f7:f9:86:b8:ce:63:
         cb:37:94:5a:27:09:c7:89:83:55:bd:6b:40:fe:a5:b0:b8:ce:
         ca:e6:f4:e7:16:e6:dc:9c:83:15:81:0f:11:28:54:b8:e5:c3:
         ba:9d:2c:81:a6:66:77:49:95:59:0b:99:c6:f2:a4:fa:e1:4a:
         aa:db:a7:38:d4:53:c7:b6:db:6d:64:02:b4:dd:57:fb:75:1d:
         3e:6d:f4:b2:0f:f1:25:fb:70:dd:15:ad:8f:1e:53:9e:0c:c1:
         2d:29:32:09:81:dc:80:f5:11:44:eb:a0:ac:ff:ae:f2:bc:14:
         8d:15:ef:ae:9b:09:31:d1:74:fa:15:c2:d1:9d:6f:fd:a5:10:
         08:c8:e2:63:b4:34:5c:f6:33:44:98:3c:db:77:cc:1e:c9:91:
         50:90:91:41:cc:65:25:6c:f3:b1:45:85:ed:bf:e7:fe:20:98:
         81:b2:8e:e7:24:ca:10:07:e3:54:d0:81:bc:27:70:61:b3:04:
         29:85:3b:50
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPsa4VZYPwwzMnpTFY8tG8r557DswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjAyMDAwMDAwWhcNMjIxMjA1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzQ3YmJkMDc1OWJlM2RhNGU0NjcwOGZmMTEwNzQyZGMw
MzhmODNkNzM5ZTI0NzMwNzgxYzkzMTQwNTcwNDEwMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJUdEkqu0tWFI9rtOgRGpFGSZY4XIWlrLiRLTXWJVT5Qsasf3iS7
pG4H4BqFEa3Cm/0XGX4+99Qi+UQTbfuEoiLjN1T9mv5p8/ngCc/xa3zMd6pOPZBb
F5fVGJRUr4QNxRGEi3neEkd9EWqePeaxdFu8dBHWXHZPGbMi3oijSR8fvR5luypH
+NQGWjPMC1bHzU4+8S11u6F7WcBDC1p+2dTubBc0F4Pp+bSMjlCTBNd2pZgd1/hL
sSRi0qPYWI/3mLHzxM7bnOhnF/P2WcUcXuqPpkMMfiJD0Gg/4iu9evLnwBtyemie
6hAF1ISJ83IFNUfebXH/iHbqCaXZr6/A+10CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTNukCvLl7ieDdMUzh5ol56VQaXRjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMGIwYzBhMjUtNWVkYS00ZWRhLThjYzktMmYzMDdjOWNkYTJjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA+eqcUdftH2QJKg
ll7c73ye/QnVfo18XRpJD7Ig9ECExqKYAlV4/pfLnxFJrmGT94nA2egGa1V/hb7y
HfPZpo+HK/f5hrjOY8s3lFonCceJg1W9a0D+pbC4zsrm9OcW5tycgxWBDxEoVLjl
w7qdLIGmZndJlVkLmcbypPrhSqrbpzjUU8e2221kArTdV/t1HT5t9LIP8SX7cN0V
rY8eU54MwS0pMgmB3ID1EUTroKz/rvK8FI0V766bCTHRdPoVwtGdb/2lEAjI4mO0
NFz2M0SYPNt3zB7JkVCQkUHMZSVs87FFhe2/5/4gmIGyjuckyhAH41TQgbwncGGz
BCmFO1A=
-----END CERTIFICATE-----