Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1164cff2-fa7a-4ea8-b2a6-0fbcc6b67640.roa
File:                     1164cff2-fa7a-4ea8-b2a6-0fbcc6b67640.roa (raw, json)
Hash identifier:          bBu6zH9r7nqkk43V4d50cd40/ZYNV5/WJ1P9viq6FEA=
Subject key identifier:   94:04:5F:C8:2C:8F:CE:9D:8E:A7:BB:C4:9F:B1:66:1B:27:43:6F:81
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       618C84E111228D3BCBED82714CFE47772D7DB741
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1164cff2-fa7a-4ea8-b2a6-0fbcc6b67640.roa
Signing time:             Sat 24 Dec 2022 00:00:00 +0000
ROA not before:           Sat 24 Dec 2022 00:00:00 +0000
ROA not after:            Tue 27 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:8c:84:e1:11:22:8d:3b:cb:ed:82:71:4c:fe:47:77:2d:7d:b7:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 24 00:00:00 2022 GMT
            Not After : Dec 27 23:59:59 2022 GMT
        Subject: serialNumber=5c2db94f18d06e6e766900827848f975e955783e070091aeb41435e0bcb0c43f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:81:a6:cc:ac:84:de:87:cf:5e:a0:56:2d:f1:
                    6c:78:47:4b:5e:c4:e4:8c:db:f7:65:c2:11:23:fa:
                    f9:c4:40:20:44:7f:44:d7:5b:09:f4:e0:de:12:1f:
                    0d:5e:fa:fb:37:cb:c1:33:76:76:19:a9:d3:07:a3:
                    58:5f:c7:e1:d0:92:41:38:de:03:90:70:41:6a:89:
                    6e:16:9b:dd:5a:79:a7:3f:6d:54:a0:c3:57:43:92:
                    35:fe:11:b1:25:b4:cd:99:1a:61:81:5f:de:b7:b9:
                    ec:03:28:64:56:ee:3f:20:9f:69:40:02:49:dd:64:
                    4d:08:24:98:73:2f:91:52:2d:83:89:80:3a:ca:e8:
                    67:c3:a0:16:27:ba:21:91:4c:18:0b:b3:8b:3c:e0:
                    e8:11:57:f5:3d:b7:15:ec:e2:19:9f:98:b1:46:a1:
                    bc:37:91:8c:c9:b3:49:2a:3c:78:79:12:fd:f7:04:
                    93:b6:1d:5d:32:2d:d8:5e:e2:9b:53:c5:5c:f5:80:
                    7f:d9:17:1f:08:0e:7c:eb:a7:8c:1a:20:bb:69:f6:
                    1f:65:64:15:a0:1c:49:fa:46:eb:87:83:c1:f6:b5:
                    c1:dc:c8:1f:8f:c5:7e:0a:6d:9c:aa:c9:10:d3:2d:
                    3a:66:07:52:b2:ae:d8:3f:52:3f:57:15:79:48:35:
                    aa:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:04:5F:C8:2C:8F:CE:9D:8E:A7:BB:C4:9F:B1:66:1B:27:43:6F:81
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1164cff2-fa7a-4ea8-b2a6-0fbcc6b67640.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:9d:51:22:85:db:24:d7:95:8c:b7:39:30:7f:6d:4f:d3:01:
         0a:57:f2:0c:aa:fa:d1:01:3f:f5:76:a5:94:34:d7:1b:25:e4:
         d4:9a:9e:27:e8:f4:af:39:31:ba:b3:23:3c:d8:aa:35:ba:37:
         37:ad:97:b2:5d:a3:50:92:23:a6:9d:15:c1:e9:c2:96:5d:a9:
         2c:b2:1e:70:56:13:09:b4:a3:d1:4f:7f:a8:94:71:90:fd:99:
         9f:85:de:a2:71:df:3e:b2:a3:30:4d:90:8f:bd:97:7e:57:9c:
         70:b6:af:a6:e4:3d:ad:8a:73:1d:8f:c2:66:ba:2b:c2:b2:e4:
         52:b5:c7:6a:2c:7c:92:24:6c:d8:13:2b:0e:ed:3c:97:08:14:
         9a:9e:e5:1e:ff:c5:05:20:88:09:b2:44:2d:a8:06:21:ac:85:
         64:17:a3:b3:3b:7f:82:e0:19:8d:9d:9c:48:50:df:ab:38:7f:
         6d:46:79:e8:69:8c:db:20:79:50:81:21:74:6b:e3:c6:ae:6a:
         4d:86:3f:07:8d:eb:4b:ff:f7:2f:55:ea:52:95:f0:e2:e6:43:
         8a:96:4c:39:7d:1c:b6:41:4a:36:54:b1:9b:8e:c4:f1:73:9d:
         41:2a:20:93:1b:5c:12:89:c3:c2:7e:9d:21:ed:c4:66:73:02:
         c0:6b:96:91
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYYyE4REijTvL7YJxTP5Hdy19t0EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI0MDAwMDAwWhcNMjIxMjI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANWMyZGI5NGYxOGQwNmU2ZTc2NjkwMDgyNzg0OGY5NzVl
OTU1NzgzZTA3MDA5MWFlYjQxNDM1ZTBiY2IwYzQzZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ6BpsyshN6Hz16gVi3xbHhHS17E5Izb92XCESP6+cRAIER/RNdb
CfTg3hIfDV76+zfLwTN2dhmp0wejWF/H4dCSQTjeA5BwQWqJbhab3Vp5pz9tVKDD
V0OSNf4RsSW0zZkaYYFf3re57AMoZFbuPyCfaUACSd1kTQgkmHMvkVItg4mAOsro
Z8OgFie6IZFMGAuzizzg6BFX9T23FeziGZ+YsUahvDeRjMmzSSo8eHkS/fcEk7Yd
XTIt2F7im1PFXPWAf9kXHwgOfOunjBogu2n2H2VkFaAcSfpG64eDwfa1wdzIH4/F
fgptnKrJENMtOmYHUrKu2D9SP1cVeUg1qm0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSUBF/ILI/OnY6nu8SfsWYbJ0NvgTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTE2NGNmZjItZmE3YS00ZWE4LWIyYTYtMGZiY2M2YjY3NjQwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC6dUSKF2yTXlYy3
OTB/bU/TAQpX8gyq+tEBP/V2pZQ01xsl5NSanifo9K85MbqzIzzYqjW6Nzetl7Jd
o1CSI6adFcHpwpZdqSyyHnBWEwm0o9FPf6iUcZD9mZ+F3qJx3z6yozBNkI+9l35X
nHC2r6bkPa2Kcx2Pwma6K8Ky5FK1x2osfJIkbNgTKw7tPJcIFJqe5R7/xQUgiAmy
RC2oBiGshWQXo7M7f4LgGY2dnEhQ36s4f21GeehpjNsgeVCBIXRr48auak2GPweN
60v/9y9V6lKV8OLmQ4qWTDl9HLZBSjZUsZuOxPFznUEqIJMbXBKJw8J+nSHtxGZz
AsBrlpE=
-----END CERTIFICATE-----