Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/18332f5f-8640-4b8a-bdd1-4282ae8d13e3.roa
File:                     18332f5f-8640-4b8a-bdd1-4282ae8d13e3.roa (raw, json)
Hash identifier:          YnOmhcvSKYpx0VmvpXy82Oj3EvMnyvGm5O4wOlSlzKU=
Subject key identifier:   7A:1C:12:8D:34:6A:6B:87:5B:55:C7:FC:37:15:2C:57:F3:88:96:D8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3408ADECCD9C20F12CC3A3FAA073966E704A31F0
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/18332f5f-8640-4b8a-bdd1-4282ae8d13e3.roa
Signing time:             Sat 13 Aug 2022 00:00:00 +0000
ROA not before:           Sat 13 Aug 2022 00:00:00 +0000
ROA not after:            Tue 16 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:08:ad:ec:cd:9c:20:f1:2c:c3:a3:fa:a0:73:96:6e:70:4a:31:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 13 00:00:00 2022 GMT
            Not After : Aug 16 23:59:59 2022 GMT
        Subject: serialNumber=9605e3dfbd0528f3dad6065635d212c6db8613059164fc756611af551a487eda, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:88:64:f0:a5:76:75:89:94:ea:47:3a:7a:7c:
                    fb:3a:12:c0:f3:c8:16:6b:73:80:2a:f0:96:6b:4d:
                    1d:7b:70:b3:99:b5:a4:c3:df:6a:0b:25:d1:12:ea:
                    ef:62:9a:ff:c3:a1:d9:e0:cd:ef:5c:3d:38:dc:97:
                    7d:38:72:91:9c:cf:ea:46:ac:12:da:80:18:de:b5:
                    f6:74:5d:de:a6:62:91:4b:38:ce:a0:1a:a2:9e:21:
                    35:e0:12:08:0c:b7:30:68:41:46:7e:e6:84:9d:e2:
                    2f:7e:e2:1e:42:c2:b6:42:37:d9:3a:19:87:85:50:
                    93:02:84:26:f3:83:ef:f3:67:ed:cf:a6:33:e9:fd:
                    62:6d:86:ed:e6:c3:be:71:95:27:7a:a4:ae:56:0b:
                    63:6a:21:46:59:cf:82:46:15:af:df:e8:2e:f1:62:
                    4a:de:07:8c:3c:68:cf:4f:8f:8c:8f:42:59:96:29:
                    24:86:76:77:71:ca:be:e7:f3:89:01:ca:29:27:21:
                    77:d3:4c:0a:b8:f6:6b:11:13:c2:9e:11:98:47:a6:
                    cb:f0:e3:f7:c5:b6:33:24:9a:8c:50:2b:b4:0e:28:
                    e3:99:ea:21:f9:ea:be:ff:5f:4a:80:df:c2:68:89:
                    f9:04:63:bc:6c:ba:18:0f:81:ec:33:4f:1f:e2:7f:
                    7c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:1C:12:8D:34:6A:6B:87:5B:55:C7:FC:37:15:2C:57:F3:88:96:D8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/18332f5f-8640-4b8a-bdd1-4282ae8d13e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:af:3b:c5:7c:dc:e9:6f:7a:18:bd:f6:cb:09:70:79:21:13:
         a1:73:28:ea:9e:16:d9:f4:fd:39:5a:2a:b0:e2:07:ad:0f:ae:
         22:c2:d7:7e:ac:f0:8c:41:8e:c6:19:d7:2d:f1:a5:e9:2e:ed:
         3a:08:a5:89:f0:9d:2a:75:58:a6:4a:21:e3:0a:f3:b2:fa:4b:
         60:1c:88:4d:b8:f9:01:76:44:a2:63:5c:bc:3a:5b:2f:7e:10:
         d5:e9:24:d5:61:2b:d9:ed:21:92:0f:d3:9b:0b:71:b9:d5:ea:
         52:df:7f:73:5f:78:80:c9:f7:63:b8:93:0a:80:06:56:99:f1:
         27:9a:ec:33:b4:31:80:f1:c5:fa:c7:ff:dd:31:e2:43:50:06:
         8b:13:0a:07:a7:9a:5a:73:c0:a8:fb:85:4a:34:0f:78:4b:1c:
         7b:b7:0c:8a:21:30:a3:76:f5:f9:4c:06:88:3f:55:22:c1:3c:
         32:6d:08:96:c3:1c:56:2e:38:9d:ba:4d:ee:4d:16:a3:a5:ef:
         98:d8:43:bc:66:52:d5:76:db:97:29:3e:3d:4b:54:13:3e:70:
         2e:72:7e:53:b4:b1:cc:6b:17:b3:54:c7:7d:87:13:9a:ea:e2:
         90:e7:92:96:de:02:0a:96:57:3b:ac:fa:ac:de:34:05:e7:ab:
         95:4d:93:a3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNAit7M2cIPEsw6P6oHOWbnBKMfAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODEzMDAwMDAwWhcNMjIwODE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTYwNWUzZGZiZDA1MjhmM2RhZDYwNjU2MzVkMjEyYzZk
Yjg2MTMwNTkxNjRmYzc1NjYxMWFmNTUxYTQ4N2VkYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOuIZPCldnWJlOpHOnp8+zoSwPPIFmtzgCrwlmtNHXtws5m1pMPf
agsl0RLq72Ka/8Oh2eDN71w9ONyXfThykZzP6kasEtqAGN619nRd3qZikUs4zqAa
op4hNeASCAy3MGhBRn7mhJ3iL37iHkLCtkI32ToZh4VQkwKEJvOD7/Nn7c+mM+n9
Ym2G7ebDvnGVJ3qkrlYLY2ohRlnPgkYVr9/oLvFiSt4HjDxoz0+PjI9CWZYpJIZ2
d3HKvufziQHKKSchd9NMCrj2axETwp4RmEemy/Dj98W2MySajFArtA4o45nqIfnq
vv9fSoDfwmiJ+QRjvGy6GA+B7DNPH+J/fH8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR6HBKNNGprh1tVx/w3FSxX84iW2DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTgzMzJmNWYtODY0MC00YjhhLWJkZDEtNDI4MmFlOGQxM2UzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHuvO8V83Olvehi9
9ssJcHkhE6FzKOqeFtn0/TlaKrDiB60PriLC136s8IxBjsYZ1y3xpeku7ToIpYnw
nSp1WKZKIeMK87L6S2AciE24+QF2RKJjXLw6Wy9+ENXpJNVhK9ntIZIP05sLcbnV
6lLff3NfeIDJ92O4kwqABlaZ8Sea7DO0MYDxxfrH/90x4kNQBosTCgenmlpzwKj7
hUo0D3hLHHu3DIohMKN29flMBog/VSLBPDJtCJbDHFYuOJ26Te5NFqOl75jYQ7xm
UtV225cpPj1LVBM+cC5yflO0scxrF7NUx32HE5rq4pDnkpbeAgqWVzus+qzeNAXn
q5VNk6M=
-----END CERTIFICATE-----