Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1286a0c1-158f-45da-a66d-fb54608db9f1.roa
File:                     1286a0c1-158f-45da-a66d-fb54608db9f1.roa (raw, json)
Hash identifier:          xYSbVBNniiDJIcYoEqYIL7rQ1gwRc8+F2JoSVLjP08k=
Subject key identifier:   38:D6:D6:BB:4D:E2:8E:14:F3:82:7C:7F:F4:E5:98:A7:38:8B:79:84
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       73C0E34D425D943C9DD4A428079DC03D0B07201F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1286a0c1-158f-45da-a66d-fb54608db9f1.roa
Signing time:             Wed 28 Dec 2022 00:00:00 +0000
ROA not before:           Wed 28 Dec 2022 00:00:00 +0000
ROA not after:            Sat 31 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:c0:e3:4d:42:5d:94:3c:9d:d4:a4:28:07:9d:c0:3d:0b:07:20:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 28 00:00:00 2022 GMT
            Not After : Dec 31 23:59:59 2022 GMT
        Subject: serialNumber=03073cc5c9becf79329e418391fbbbdb624d174844bcb95dd124dfb600a17346, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:32:fc:b4:62:17:e2:31:4a:28:71:fa:f3:ec:
                    04:92:b8:a5:3b:b1:0d:02:07:da:db:1b:a1:3b:5c:
                    08:a1:bd:c9:83:ae:ed:41:1b:c7:4d:ef:d8:a9:e7:
                    41:5f:26:ce:8f:66:62:49:6b:fa:1b:9a:61:e9:ef:
                    41:fa:8f:12:21:ee:3d:01:8b:ce:6a:16:29:51:66:
                    e0:57:38:50:f8:53:e5:4a:ea:3f:89:d5:d4:45:b6:
                    c3:b2:c6:10:68:00:5b:24:0e:3d:b5:7e:12:24:e9:
                    65:2d:7b:7f:60:03:96:94:6d:79:f8:e5:b7:cc:05:
                    b2:e4:ec:a2:be:0a:f6:f0:4f:a9:7b:b5:cc:c5:71:
                    8c:8f:cf:8d:6e:45:ee:8f:ed:15:12:0e:10:65:c0:
                    a6:92:cd:73:55:b3:72:0a:0a:db:6a:dd:9b:f7:7e:
                    88:ea:9a:e2:8e:34:7d:a5:c7:38:a5:db:f7:9c:da:
                    7b:77:46:22:5b:a0:f6:4a:07:be:ec:4d:01:5b:0a:
                    11:a7:1c:47:21:fa:3f:8e:91:76:e7:fd:ee:c4:3a:
                    82:bb:50:16:fc:67:fc:f6:45:3d:21:09:a4:b6:95:
                    75:bc:1d:01:0d:4f:18:bd:4d:f5:1d:a1:c0:09:cb:
                    a2:6c:38:db:9d:1f:6e:3f:77:c4:d1:8d:bb:db:9e:
                    17:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D6:D6:BB:4D:E2:8E:14:F3:82:7C:7F:F4:E5:98:A7:38:8B:79:84
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1286a0c1-158f-45da-a66d-fb54608db9f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:10:6e:12:d7:42:bd:b8:77:61:11:77:d5:fe:4d:fb:71:23:
         28:45:5e:8a:ae:b5:00:ac:cd:54:73:f1:f7:6e:d2:f2:de:52:
         a8:52:2a:e8:1c:4c:93:22:63:01:08:ea:17:eb:dc:26:ad:bc:
         27:4b:f3:b5:3b:d0:83:13:c2:3d:db:c1:19:76:79:f8:84:7a:
         51:53:98:c8:c1:d4:fd:c1:b3:21:b8:c9:ff:e6:aa:64:bc:8c:
         2e:44:4c:95:a5:13:45:36:46:18:9f:c2:6a:d1:69:78:eb:95:
         c7:62:70:66:d9:da:d8:ef:fc:0a:65:0f:a4:f9:84:f9:a0:8f:
         9f:d9:53:b4:8c:19:5f:40:26:3c:57:eb:cd:f1:1b:84:dd:4c:
         02:d8:ef:d5:99:59:9c:e7:fe:7d:c6:c4:f2:48:ec:3f:41:20:
         b1:ce:15:eb:a9:d0:04:30:c2:66:e1:76:26:b8:8e:6e:7d:83:
         1c:0b:46:eb:fd:4c:1a:0f:49:4b:d9:2c:55:da:80:ff:8d:0e:
         4a:be:46:c2:10:d1:74:c6:0a:c4:e3:2d:35:0d:f5:a3:91:a4:
         74:73:da:e6:5c:ef:94:69:b7:e6:46:98:04:ed:f0:6d:42:f7:
         a2:74:fe:8e:bc:c6:97:41:91:fe:02:50:3d:ed:c3:16:7a:8c:
         29:69:f1:17
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUc8DjTUJdlDyd1KQoB53APQsHIB8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI4MDAwMDAwWhcNMjIxMjMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDMwNzNjYzVjOWJlY2Y3OTMyOWU0MTgzOTFmYmJiZGI2
MjRkMTc0ODQ0YmNiOTVkZDEyNGRmYjYwMGExNzM0NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJcy/LRiF+IxSihx+vPsBJK4pTuxDQIH2tsboTtcCKG9yYOu7UEb
x03v2KnnQV8mzo9mYklr+huaYenvQfqPEiHuPQGLzmoWKVFm4Fc4UPhT5UrqP4nV
1EW2w7LGEGgAWyQOPbV+EiTpZS17f2ADlpRtefjlt8wFsuTsor4K9vBPqXu1zMVx
jI/PjW5F7o/tFRIOEGXAppLNc1WzcgoK22rdm/d+iOqa4o40faXHOKXb95zae3dG
Ilug9koHvuxNAVsKEaccRyH6P46Rduf97sQ6grtQFvxn/PZFPSEJpLaVdbwdAQ1P
GL1N9R2hwAnLomw4250fbj93xNGNu9ueFwMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ41ta7TeKOFPOCfH/05ZinOIt5hDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTI4NmEwYzEtMTU4Zi00NWRhLWE2NmQtZmI1NDYwOGRiOWYxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHsQbhLXQr24d2ER
d9X+TftxIyhFXoqutQCszVRz8fdu0vLeUqhSKugcTJMiYwEI6hfr3CatvCdL87U7
0IMTwj3bwRl2efiEelFTmMjB1P3BsyG4yf/mqmS8jC5ETJWlE0U2RhifwmrRaXjr
lcdicGbZ2tjv/AplD6T5hPmgj5/ZU7SMGV9AJjxX683xG4TdTALY79WZWZzn/n3G
xPJI7D9BILHOFeup0AQwwmbhdia4jm59gxwLRuv9TBoPSUvZLFXagP+NDkq+RsIQ
0XTGCsTjLTUN9aORpHRz2uZc75Rpt+ZGmATt8G1C96J0/o68xpdBkf4CUD3twxZ6
jClp8Rc=
-----END CERTIFICATE-----