Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/169cbf3a-db73-4c74-b6be-c94baa2749f8.roa
File:                     169cbf3a-db73-4c74-b6be-c94baa2749f8.roa (raw, json)
Hash identifier:          KAPjcWfRHV7kY2IIrqIedrmwhYLf+VBt6/7VbSioMZ4=
Subject key identifier:   51:23:B7:77:87:26:81:63:DB:53:E1:6A:02:3E:B9:EE:32:32:E0:C8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       685181CF1C2153509A4C5DFD7DA2027861365346
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/169cbf3a-db73-4c74-b6be-c94baa2749f8.roa
Signing time:             Wed 28 Dec 2022 00:00:00 +0000
ROA not before:           Wed 28 Dec 2022 00:00:00 +0000
ROA not after:            Sat 31 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:51:81:cf:1c:21:53:50:9a:4c:5d:fd:7d:a2:02:78:61:36:53:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 28 00:00:00 2022 GMT
            Not After : Dec 31 23:59:59 2022 GMT
        Subject: serialNumber=ec914376877cdd1dbd3c64678d6e8890b1470bcad4d89ef8cd1639002cf9e7ba, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2e:3e:f1:2b:d8:1e:99:9f:8a:de:c5:a0:e6:
                    7e:6e:b7:83:1c:67:b7:0d:93:e0:24:5b:68:60:42:
                    67:62:e4:bf:e1:9d:69:5a:99:71:3c:72:f6:d3:6b:
                    78:9a:eb:e9:7d:64:07:98:89:92:31:a7:7f:fa:cc:
                    15:7b:77:cb:a9:c3:37:90:3f:3a:c2:ac:d7:de:66:
                    f0:46:d2:42:5c:dc:d2:d6:65:7b:3f:ed:76:f5:91:
                    98:66:7d:06:41:66:2a:bf:ac:6f:90:1d:a4:1d:e2:
                    0c:af:45:8b:89:8c:24:07:32:59:45:62:af:c7:39:
                    75:ed:b7:9c:49:98:15:90:a2:8f:3e:d1:79:66:2a:
                    0c:4a:3f:e3:ac:10:cc:fb:d8:88:cb:c1:c1:c1:e0:
                    80:4d:f4:05:56:3f:a7:c0:93:45:13:93:6d:36:d9:
                    76:f4:fa:6a:c1:94:ef:dc:a4:ac:c1:dc:97:55:06:
                    4a:7b:b2:de:ea:f8:5a:cc:2a:95:30:b0:2f:f8:19:
                    7d:0a:9c:c7:f5:b4:f7:17:c9:7a:4f:55:55:10:b8:
                    1c:f9:db:4d:91:ad:4b:c3:bf:e8:4f:ed:bc:6f:0e:
                    1f:ab:3c:86:52:1c:06:77:f1:46:23:74:7b:5d:18:
                    74:e8:8b:4f:9c:b4:ec:3b:26:05:8d:39:ec:4e:e9:
                    7a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:23:B7:77:87:26:81:63:DB:53:E1:6A:02:3E:B9:EE:32:32:E0:C8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/169cbf3a-db73-4c74-b6be-c94baa2749f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:42:0b:2f:a8:de:96:af:42:9e:3d:79:53:c4:f7:f6:68:cb:
         d2:b8:87:09:32:0c:30:3f:29:a4:e5:62:b0:46:48:58:7d:85:
         d3:2e:28:26:a5:a2:cd:0a:47:7f:76:4a:a5:a1:0c:3f:13:14:
         93:fe:c9:c8:0a:37:53:66:8f:44:ab:55:6c:7b:17:3e:02:10:
         d7:83:db:d4:9e:3d:fa:6f:ab:d4:34:3f:69:89:f8:06:27:a5:
         59:30:b5:46:24:fe:1c:00:42:f2:b0:be:c0:10:33:3f:53:d8:
         2e:35:d7:18:c9:83:91:30:d3:1a:0d:50:ff:31:cf:21:b8:e0:
         71:fc:63:9c:3f:72:13:03:f2:3f:e2:25:5e:2b:b5:6a:f0:19:
         4f:0a:e1:0f:79:9a:2c:9a:dc:b7:6b:1f:90:b1:2d:7d:b1:1e:
         6e:fb:3a:44:28:49:3f:a2:12:aa:f3:b0:d0:4c:ef:0e:08:83:
         d8:c0:6f:b8:5e:03:6b:67:eb:16:42:5d:33:00:f3:35:11:42:
         b4:c1:eb:72:ca:62:c6:ac:5d:b9:c2:10:45:4f:fb:6c:df:30:
         e2:16:01:1e:68:e8:4c:ac:11:21:fe:ca:52:b3:c1:d6:e5:f1:
         3e:73:ec:6b:e8:15:be:45:8a:f5:cf:38:60:98:e1:9c:6e:af:
         fd:07:14:26
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUaFGBzxwhU1CaTF39faICeGE2U0YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI4MDAwMDAwWhcNMjIxMjMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZWM5MTQzNzY4NzdjZGQxZGJkM2M2NDY3OGQ2ZTg4OTBi
MTQ3MGJjYWQ0ZDg5ZWY4Y2QxNjM5MDAyY2Y5ZTdiYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIsuPvEr2B6Zn4rexaDmfm63gxxntw2T4CRbaGBCZ2Lkv+GdaVqZ
cTxy9tNreJrr6X1kB5iJkjGnf/rMFXt3y6nDN5A/OsKs195m8EbSQlzc0tZlez/t
dvWRmGZ9BkFmKr+sb5AdpB3iDK9Fi4mMJAcyWUVir8c5de23nEmYFZCijz7ReWYq
DEo/46wQzPvYiMvBwcHggE30BVY/p8CTRROTbTbZdvT6asGU79ykrMHcl1UGSnuy
3ur4WswqlTCwL/gZfQqcx/W09xfJek9VVRC4HPnbTZGtS8O/6E/tvG8OH6s8hlIc
BnfxRiN0e10YdOiLT5y07DsmBY057E7pevkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRRI7d3hyaBY9tT4WoCPrnuMjLgyDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTY5Y2JmM2EtZGI3My00Yzc0LWI2YmUtYzk0YmFhMjc0OWY4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMdCCy+o3pavQp49
eVPE9/Zoy9K4hwkyDDA/KaTlYrBGSFh9hdMuKCalos0KR392SqWhDD8TFJP+ycgK
N1Nmj0SrVWx7Fz4CENeD29SePfpvq9Q0P2mJ+AYnpVkwtUYk/hwAQvKwvsAQMz9T
2C411xjJg5Ew0xoNUP8xzyG44HH8Y5w/chMD8j/iJV4rtWrwGU8K4Q95miya3Ldr
H5CxLX2xHm77OkQoST+iEqrzsNBM7w4Ig9jAb7heA2tn6xZCXTMA8zURQrTB63LK
YsasXbnCEEVP+2zfMOIWAR5o6EysESH+ylKzwdbl8T5z7GvoFb5FivXPOGCY4Zxu
r/0HFCY=
-----END CERTIFICATE-----