Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0b4e1f27-05d1-41ac-9e4f-2248b0266aa2.roa
File:                     0b4e1f27-05d1-41ac-9e4f-2248b0266aa2.roa (raw, json)
Hash identifier:          xa1/slNgH5fUzz6+v8hEHTnNJUOVEvSYM5JiHmaBGw0=
Subject key identifier:   B2:05:A4:D1:44:1D:BC:B8:17:19:7D:61:93:A5:F4:C1:7B:5A:4D:6F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       43F98A4D8D410D07CBE3F986EC63D7F8548AED9F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0b4e1f27-05d1-41ac-9e4f-2248b0266aa2.roa
Signing time:             Thu 15 Dec 2022 00:00:00 +0000
ROA not before:           Thu 15 Dec 2022 00:00:00 +0000
ROA not after:            Sun 18 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:f9:8a:4d:8d:41:0d:07:cb:e3:f9:86:ec:63:d7:f8:54:8a:ed:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 15 00:00:00 2022 GMT
            Not After : Dec 18 23:59:59 2022 GMT
        Subject: serialNumber=77ad48ac0eb7abf863b34026e2f3ae7d036d86276f8f2a4006ae30335fed6e7a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:04:1f:d6:05:b1:2a:bc:f6:f5:40:04:de:08:
                    fd:1b:34:62:a2:84:bc:12:e3:fa:53:92:93:20:0a:
                    16:63:9f:e9:59:39:1b:fc:79:68:4e:72:87:01:2b:
                    6c:5c:85:bc:eb:7e:41:cf:d3:c8:9e:36:6b:60:34:
                    55:49:99:1b:74:17:cb:ff:a4:b7:8b:0c:6a:b0:fa:
                    a2:27:53:b8:e1:8a:46:71:ab:98:d6:33:72:db:0c:
                    7a:1e:4b:69:84:ef:80:e6:31:14:ae:c8:2c:c5:ba:
                    3a:b0:e3:08:9a:a5:f3:65:a1:bf:fe:6f:36:fd:31:
                    ed:81:ab:d3:f0:69:d6:be:b0:45:c3:c4:35:28:cd:
                    9a:5a:aa:1d:e3:f0:82:45:4f:67:b6:e2:3f:a2:4b:
                    a6:3d:61:f4:a9:68:c8:33:4d:37:64:5a:a3:9f:aa:
                    da:ec:d9:b8:b4:5a:04:5c:44:1f:f9:dc:fa:61:94:
                    19:78:90:b1:2a:70:40:5a:78:0f:b4:bd:72:4e:94:
                    90:ba:59:75:71:9d:01:81:75:a6:9f:b6:7a:65:05:
                    1d:1c:c0:6e:56:f4:92:2c:2b:05:4b:ae:08:6e:86:
                    f6:bc:1c:66:a0:11:be:b3:76:e2:9b:7c:4b:97:60:
                    cf:eb:c5:a6:19:f4:9d:6c:5f:ff:78:f2:71:df:2f:
                    dc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:05:A4:D1:44:1D:BC:B8:17:19:7D:61:93:A5:F4:C1:7B:5A:4D:6F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0b4e1f27-05d1-41ac-9e4f-2248b0266aa2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:14:7c:c0:94:f1:b7:8c:38:cf:81:f2:97:7d:6f:46:ee:b9:
         c2:3b:22:64:e2:ec:81:a4:ff:c3:2d:e3:05:34:4a:a1:fa:50:
         00:a6:35:0e:55:dc:a1:3b:ce:54:90:95:63:e8:0a:69:79:00:
         ea:72:a4:a6:e7:90:d1:96:ea:dc:96:aa:63:cf:1a:90:e9:cc:
         93:53:ee:e1:bc:fc:55:7d:83:a1:7f:89:3e:1c:4c:f3:8b:86:
         3a:30:27:0b:75:0b:49:1b:ff:86:9c:b5:24:0a:00:79:6c:9f:
         b7:03:20:1b:0e:40:24:d8:53:9c:5d:e3:06:a2:d0:ba:db:73:
         d2:c7:09:80:39:66:6e:26:9d:be:b6:e1:7f:68:66:4e:cf:62:
         86:75:c8:d6:55:14:b7:2a:45:31:5d:ff:6e:8f:a3:0d:32:9c:
         c4:1d:c4:f5:c9:19:3a:ff:37:81:5c:b1:70:02:97:d9:ca:aa:
         b5:bf:b9:07:32:81:7a:52:60:38:97:25:6b:80:c0:a6:03:e1:
         bb:96:29:66:10:86:9e:a2:04:39:9f:82:d7:c4:46:be:9f:da:
         20:c0:1e:e0:6f:aa:72:3f:e6:cc:23:a0:4e:c7:f9:a3:90:2d:
         d6:d3:54:3a:f5:a3:e0:e5:e0:30:49:16:91:72:4e:50:82:3b:
         a4:02:cf:0f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQ/mKTY1BDQfL4/mG7GPX+FSK7Z8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE1MDAwMDAwWhcNMjIxMjE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzdhZDQ4YWMwZWI3YWJmODYzYjM0MDI2ZTJmM2FlN2Qw
MzZkODYyNzZmOGYyYTQwMDZhZTMwMzM1ZmVkNmU3YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI8EH9YFsSq89vVABN4I/Rs0YqKEvBLj+lOSkyAKFmOf6Vk5G/x5
aE5yhwErbFyFvOt+Qc/TyJ42a2A0VUmZG3QXy/+kt4sMarD6oidTuOGKRnGrmNYz
ctsMeh5LaYTvgOYxFK7ILMW6OrDjCJql82Whv/5vNv0x7YGr0/Bp1r6wRcPENSjN
mlqqHePwgkVPZ7biP6JLpj1h9KloyDNNN2Rao5+q2uzZuLRaBFxEH/nc+mGUGXiQ
sSpwQFp4D7S9ck6UkLpZdXGdAYF1pp+2emUFHRzAblb0kiwrBUuuCG6G9rwcZqAR
vrN24pt8S5dgz+vFphn0nWxf/3jycd8v3G0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSyBaTRRB28uBcZfWGTpfTBe1pNbzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMGI0ZTFmMjctMDVkMS00MWFjLTllNGYtMjI0OGIwMjY2YWEyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADAUfMCU8beMOM+B
8pd9b0buucI7ImTi7IGk/8Mt4wU0SqH6UACmNQ5V3KE7zlSQlWPoCml5AOpypKbn
kNGW6tyWqmPPGpDpzJNT7uG8/FV9g6F/iT4cTPOLhjowJwt1C0kb/4actSQKAHls
n7cDIBsOQCTYU5xd4wai0Lrbc9LHCYA5Zm4mnb624X9oZk7PYoZ1yNZVFLcqRTFd
/26Pow0ynMQdxPXJGTr/N4FcsXACl9nKqrW/uQcygXpSYDiXJWuAwKYD4buWKWYQ
hp6iBDmfgtfERr6f2iDAHuBvqnI/5swjoE7H+aOQLdbTVDr1o+Dl4DBJFpFyTlCC
O6QCzw8=
-----END CERTIFICATE-----