Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0daddea6-c953-4b5d-9c87-1f0be6d89521.roa
File:                     0daddea6-c953-4b5d-9c87-1f0be6d89521.roa (raw, json)
Hash identifier:          uTfKZ8mGhj6ObOQC+/BCeESenBEOCkvxVbcg9CSJ5ks=
Subject key identifier:   2C:AC:91:F7:93:F0:4C:C1:2C:5B:07:D2:65:D4:E7:65:86:D3:C6:1B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       34206227A2585FD144B97BDD879435280C79A3EA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0daddea6-c953-4b5d-9c87-1f0be6d89521.roa
Signing time:             Wed 07 Dec 2022 00:00:00 +0000
ROA not before:           Wed 07 Dec 2022 00:00:00 +0000
ROA not after:            Sat 10 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:20:62:27:a2:58:5f:d1:44:b9:7b:dd:87:94:35:28:0c:79:a3:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  7 00:00:00 2022 GMT
            Not After : Dec 10 23:59:59 2022 GMT
        Subject: serialNumber=172505223685bdcee0c948544d1fd0d6b125c5b2a707c60c4adfa96f2fc4f105, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c9:7f:cd:b6:1e:75:41:be:f1:31:e0:1e:6b:
                    0a:a8:a1:b7:8e:29:b1:b7:3a:b0:5a:63:e5:36:23:
                    b8:9c:75:86:95:af:de:2f:37:53:81:fd:cc:1d:ec:
                    3f:0f:d5:49:95:8e:e0:97:0d:c9:7b:8c:1a:ae:76:
                    e7:5a:17:8b:9f:db:1d:97:e7:1c:a5:a6:0a:56:2e:
                    c9:18:bf:1c:c1:b2:a1:6e:2a:e7:2d:6b:f7:03:f6:
                    a2:ed:49:7d:a2:79:06:9e:bd:41:7d:7e:e6:dc:fb:
                    bc:31:2d:5e:11:bc:93:4b:88:84:e0:44:ee:51:1f:
                    9a:f7:34:75:92:66:c9:e6:f9:91:7d:e0:33:2e:9c:
                    98:c6:65:28:4b:c6:e9:65:3f:3d:e3:c6:c0:14:47:
                    cb:73:37:89:68:91:0a:13:82:d3:ca:d2:2a:7f:70:
                    ef:45:1e:32:11:9a:b2:4c:62:2f:0a:56:e2:ba:3c:
                    73:1b:6c:87:bb:e6:8e:1f:90:aa:44:f3:ae:28:22:
                    c5:e1:9e:64:56:d1:81:00:b6:cc:d5:f8:6e:71:b4:
                    c0:3a:c1:bb:a5:32:9a:06:30:d0:5b:82:e7:55:76:
                    ce:9b:dc:a4:9f:84:16:d1:10:e3:54:17:08:43:44:
                    fe:4f:09:71:4d:c5:2c:1f:84:6f:d1:dc:2e:4e:e5:
                    9d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:AC:91:F7:93:F0:4C:C1:2C:5B:07:D2:65:D4:E7:65:86:D3:C6:1B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0daddea6-c953-4b5d-9c87-1f0be6d89521.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:cd:ab:a9:e2:d9:dd:db:e1:d6:45:ad:6e:46:09:9b:7c:90:
         52:f6:43:8c:59:cf:a0:1a:19:72:63:ae:da:de:43:64:6e:4d:
         62:9b:03:15:5a:06:e4:4a:75:43:f5:6e:f9:ef:53:de:d3:e7:
         eb:99:43:23:74:8c:c7:6e:1c:23:5d:56:f7:30:be:d4:06:f1:
         53:24:2c:91:97:14:47:ef:10:32:d3:ca:8a:88:a9:31:40:89:
         0a:00:66:9d:d0:bb:5b:e9:43:ea:64:84:68:13:ba:db:b3:fb:
         bc:82:f7:e9:86:58:bd:be:14:58:f4:c2:08:e4:f9:47:a1:46:
         90:ab:3e:47:3a:ec:21:a3:09:95:6e:11:92:e3:e7:06:b2:0e:
         80:d7:97:52:5e:93:bf:91:a7:40:11:ed:b9:db:60:2e:16:74:
         e0:87:21:fd:92:b9:c0:53:4f:80:40:37:56:9f:8e:73:36:e7:
         de:f7:dc:8b:f9:3e:cd:40:62:fa:09:c4:ba:87:6e:d7:b8:e7:
         2c:6b:94:c6:04:34:df:da:b5:cf:af:08:c2:70:4c:27:ee:34:
         cb:af:5b:3f:e2:67:8b:42:e1:ad:c0:b4:07:00:e9:97:26:5f:
         d4:e6:de:d0:8c:a8:62:0f:3d:70:ee:9a:2e:f4:65:d9:d1:25:
         d5:ac:70:c8
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNCBiJ6JYX9FEuXvdh5Q1KAx5o+owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjA3MDAwMDAwWhcNMjIxMjEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTcyNTA1MjIzNjg1YmRjZWUwYzk0ODU0NGQxZmQwZDZi
MTI1YzViMmE3MDdjNjBjNGFkZmE5NmYyZmM0ZjEwNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKvJf822HnVBvvEx4B5rCqiht44psbc6sFpj5TYjuJx1hpWv3i83
U4H9zB3sPw/VSZWO4JcNyXuMGq5251oXi5/bHZfnHKWmClYuyRi/HMGyoW4q5y1r
9wP2ou1JfaJ5Bp69QX1+5tz7vDEtXhG8k0uIhOBE7lEfmvc0dZJmyeb5kX3gMy6c
mMZlKEvG6WU/PePGwBRHy3M3iWiRChOC08rSKn9w70UeMhGaskxiLwpW4ro8cxts
h7vmjh+QqkTzrigixeGeZFbRgQC2zNX4bnG0wDrBu6UymgYw0FuC51V2zpvcpJ+E
FtEQ41QXCENE/k8JcU3FLB+Eb9HcLk7lnbkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQsrJH3k/BMwSxbB9Jl1OdlhtPGGzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMGRhZGRlYTYtYzk1My00YjVkLTljODctMWYwYmU2ZDg5NTIxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABnNq6ni2d3b4dZF
rW5GCZt8kFL2Q4xZz6AaGXJjrtreQ2RuTWKbAxVaBuRKdUP1bvnvU97T5+uZQyN0
jMduHCNdVvcwvtQG8VMkLJGXFEfvEDLTyoqIqTFAiQoAZp3Qu1vpQ+pkhGgTutuz
+7yC9+mGWL2+FFj0wgjk+UehRpCrPkc67CGjCZVuEZLj5wayDoDXl1Jek7+Rp0AR
7bnbYC4WdOCHIf2SucBTT4BAN1afjnM259733Iv5Ps1AYvoJxLqHbte45yxrlMYE
NN/atc+vCMJwTCfuNMuvWz/iZ4tC4a3AtAcA6ZcmX9Tm3tCMqGIPPXDumi70ZdnR
JdWscMg=
-----END CERTIFICATE-----