Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/16c2c4b9-09d2-4694-8057-397910dcb94f.roa
File:                     16c2c4b9-09d2-4694-8057-397910dcb94f.roa (raw, json)
Hash identifier:          d5CihtwXShSLqh+uR7HmXAu28mw/DLtgfXWuZEhJ8Bk=
Subject key identifier:   B8:8A:38:45:AF:B6:23:A9:98:0C:E5:68:DE:3B:E2:31:86:AC:68:89
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4FFA4A28E2E63C081931956256CBCF8EC69675E1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/16c2c4b9-09d2-4694-8057-397910dcb94f.roa
Signing time:             Tue 20 Sep 2022 00:00:00 +0000
ROA not before:           Tue 20 Sep 2022 00:00:00 +0000
ROA not after:            Fri 23 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:fa:4a:28:e2:e6:3c:08:19:31:95:62:56:cb:cf:8e:c6:96:75:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 20 00:00:00 2022 GMT
            Not After : Sep 23 23:59:59 2022 GMT
        Subject: serialNumber=d348ac5f8eaff9281077d29ec5760e73b5a7cba7aae2c0dd03ce530172ed40d0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:50:0d:63:ae:90:93:33:3c:13:6e:6d:56:bc:
                    bf:da:57:d2:33:73:4f:8e:66:8b:3b:bc:47:b2:7b:
                    0c:0e:64:de:a5:3f:40:10:1f:55:73:c8:01:c6:e7:
                    af:61:5f:d8:89:9a:65:52:02:80:c5:18:88:1d:43:
                    56:78:0f:34:42:68:fc:eb:d2:9a:b7:2e:a8:c5:ab:
                    c5:90:1a:32:ed:47:0f:06:cc:2c:6c:ab:9e:7e:3e:
                    95:d0:3b:2e:54:54:57:15:3a:fa:77:f3:7e:c2:9f:
                    f4:da:f8:bc:dc:67:7d:b9:f7:43:9a:ba:99:d4:01:
                    00:92:ba:d4:9a:f5:21:37:f2:a2:d0:1c:21:a3:fe:
                    d7:80:6e:09:f5:c0:1f:7d:95:84:34:77:e4:22:2f:
                    d0:66:c0:7a:bf:47:2e:1a:32:81:6c:d2:4c:69:6d:
                    92:72:5a:0f:21:e9:3a:00:a2:e6:9b:52:67:64:1f:
                    08:47:c3:e8:cb:de:9f:78:6a:74:ba:a1:97:5d:5a:
                    91:34:af:b5:62:59:84:31:88:f4:cd:de:0f:26:89:
                    69:aa:8d:cb:fb:44:4f:72:69:25:ee:50:14:f6:7c:
                    1b:4d:f9:a0:b9:19:c8:f6:21:e5:80:b6:01:39:98:
                    cd:1d:04:d8:9a:8c:08:0d:c4:85:c9:f2:a5:08:be:
                    da:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:8A:38:45:AF:B6:23:A9:98:0C:E5:68:DE:3B:E2:31:86:AC:68:89
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/16c2c4b9-09d2-4694-8057-397910dcb94f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:73:16:dd:7b:b2:fb:d9:90:19:6b:c2:a0:96:31:c1:12:e7:
         56:1c:40:de:d5:7a:74:2b:23:23:ef:f7:3e:0b:12:c2:e6:c0:
         2b:b3:48:22:ea:8a:6c:43:4c:e7:9a:b9:5e:2b:06:c8:14:19:
         e0:0b:59:6d:d0:2e:82:5d:c6:84:c7:ed:d2:60:c1:37:c0:1c:
         74:28:04:74:97:8e:08:27:89:d7:bc:9c:07:eb:bb:36:50:73:
         ca:fa:46:45:f3:fd:d4:cf:ff:78:6e:a5:b0:81:86:3a:89:59:
         29:be:6c:24:9a:3f:ac:39:0a:2a:14:ed:e0:7c:71:2b:34:00:
         4a:36:b3:f6:64:d1:c7:43:79:da:f7:0f:39:c2:95:38:2f:6c:
         d3:86:cb:3a:c2:37:61:f2:13:3c:1b:83:8c:6b:01:0e:22:0f:
         05:5e:e6:d8:04:52:09:bf:8a:6a:16:45:3e:c5:ab:e0:5f:0d:
         4e:9c:4a:1f:f9:e3:c7:8f:3f:49:c3:7f:f8:d9:22:ba:78:7b:
         81:dd:10:f2:4c:9e:a9:34:fa:4e:46:37:a9:6c:e3:65:e0:9b:
         d4:ce:1e:a0:b3:d2:38:f6:8c:07:ff:b9:d3:6c:ea:8d:08:5f:
         e6:34:9d:5a:87:17:78:c2:06:24:a4:c8:74:d6:02:f1:9a:8e:
         6e:e0:30:85
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUT/pKKOLmPAgZMZViVsvPjsaWdeEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTIwMDAwMDAwWhcNMjIwOTIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDM0OGFjNWY4ZWFmZjkyODEwNzdkMjllYzU3NjBlNzNi
NWE3Y2JhN2FhZTJjMGRkMDNjZTUzMDE3MmVkNDBkMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALlQDWOukJMzPBNubVa8v9pX0jNzT45mizu8R7J7DA5k3qU/QBAf
VXPIAcbnr2Ff2ImaZVICgMUYiB1DVngPNEJo/OvSmrcuqMWrxZAaMu1HDwbMLGyr
nn4+ldA7LlRUVxU6+nfzfsKf9Nr4vNxnfbn3Q5q6mdQBAJK61Jr1ITfyotAcIaP+
14BuCfXAH32VhDR35CIv0GbAer9HLhoygWzSTGltknJaDyHpOgCi5ptSZ2QfCEfD
6Mven3hqdLqhl11akTSvtWJZhDGI9M3eDyaJaaqNy/tET3JpJe5QFPZ8G035oLkZ
yPYh5YC2ATmYzR0E2JqMCA3EhcnypQi+2p0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS4ijhFr7YjqZgM5WjeO+IxhqxoiTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTZjMmM0YjktMDlkMi00Njk0LTgwNTctMzk3OTEwZGNiOTRmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHhzFt17svvZkBlr
wqCWMcES51YcQN7VenQrIyPv9z4LEsLmwCuzSCLqimxDTOeauV4rBsgUGeALWW3Q
LoJdxoTH7dJgwTfAHHQoBHSXjggnide8nAfruzZQc8r6RkXz/dTP/3hupbCBhjqJ
WSm+bCSaP6w5CioU7eB8cSs0AEo2s/Zk0cdDedr3DznClTgvbNOGyzrCN2HyEzwb
g4xrAQ4iDwVe5tgEUgm/imoWRT7Fq+BfDU6cSh/548ePP0nDf/jZIrp4e4HdEPJM
nqk0+k5GN6ls42Xgm9TOHqCz0jj2jAf/udNs6o0IX+Y0nVqHF3jCBiSkyHTWAvGa
jm7gMIU=
-----END CERTIFICATE-----