Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c4da1ee-0125-41ab-9fbe-83604a535220.roa
File:                     1c4da1ee-0125-41ab-9fbe-83604a535220.roa (raw, json)
Hash identifier:          vFo+zGj0v52fWBMFC9/a0/BDyZjanGPgvj5y5afN0iQ=
Subject key identifier:   4E:70:5C:DF:C6:61:92:C6:6A:0E:39:67:01:86:6B:CF:E5:4E:86:77
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       05F99EB143D44E31824AF9B502CB524952E3B46C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c4da1ee-0125-41ab-9fbe-83604a535220.roa
Signing time:             Wed 28 Dec 2022 00:00:00 +0000
ROA not before:           Wed 28 Dec 2022 00:00:00 +0000
ROA not after:            Sat 31 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:f9:9e:b1:43:d4:4e:31:82:4a:f9:b5:02:cb:52:49:52:e3:b4:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 28 00:00:00 2022 GMT
            Not After : Dec 31 23:59:59 2022 GMT
        Subject: serialNumber=486ea850a2b09fa52d731882a18493c666945d44f94af2ea11750592128b64ac, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2a:d7:77:51:10:ff:6d:3e:3a:d1:44:b5:61:
                    90:8d:2c:ca:d0:df:ba:0b:34:b6:c5:0a:96:6b:3d:
                    67:7e:ae:60:04:ef:80:3a:51:e7:e5:74:0c:3c:d0:
                    ad:2e:74:67:54:3e:28:0a:d1:7a:5c:f5:d1:89:46:
                    27:22:02:cb:71:5a:fc:cb:c6:55:84:34:be:be:58:
                    63:26:2f:60:17:47:eb:be:53:82:2f:06:2a:c6:eb:
                    c2:60:50:f1:7d:0a:f1:51:df:da:0e:de:39:05:98:
                    0a:25:11:90:bd:97:38:e6:09:25:d2:d2:a5:9a:bd:
                    4f:6c:62:ca:c4:fc:d8:47:cd:6b:d9:63:f8:d5:5e:
                    f2:8c:ea:60:26:f6:14:e9:4c:4c:d9:e4:8f:04:5e:
                    91:69:aa:63:99:61:2b:fb:c5:59:0c:42:b5:a8:4a:
                    aa:39:7e:57:e0:5f:a9:b6:a7:1a:42:5e:98:b0:f1:
                    d7:24:f5:c9:c1:cc:6e:f8:79:60:67:8e:5d:40:dd:
                    a9:a5:69:86:f2:3a:37:e6:f3:bf:20:a0:61:a7:27:
                    1a:d5:3a:12:03:11:57:db:5a:4c:a2:f3:52:77:42:
                    ca:87:43:56:e3:d0:a8:c4:be:09:1d:ba:04:4d:85:
                    04:34:c6:79:b6:ce:9f:12:30:62:28:38:4d:6f:87:
                    4b:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:70:5C:DF:C6:61:92:C6:6A:0E:39:67:01:86:6B:CF:E5:4E:86:77
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c4da1ee-0125-41ab-9fbe-83604a535220.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:ff:0a:5a:8a:ae:70:02:2e:f5:6d:a4:93:57:74:db:25:4d:
         31:c3:55:5f:62:47:50:d9:05:e9:a0:29:c6:d0:31:fa:ce:e8:
         f5:93:d8:1c:66:45:96:aa:32:8f:5d:c0:09:2c:ec:40:0b:67:
         9f:30:ea:72:2a:5e:80:b5:4a:4b:74:6d:00:7a:11:89:72:5b:
         61:60:39:5d:8a:ff:61:ea:4e:24:62:0c:40:30:7b:1e:b3:38:
         ee:58:64:dd:97:83:34:2c:b6:23:55:8e:04:5b:d5:d2:ff:8d:
         13:59:d1:62:ba:89:04:af:7c:94:b4:7b:9c:9a:18:19:7c:d8:
         20:40:92:1a:87:3d:4e:a7:15:6d:f5:ea:a4:1b:c0:f9:e3:50:
         af:3c:24:cc:6b:40:fb:77:dc:b9:df:f9:d3:fc:3b:a9:7a:bb:
         87:a5:0c:26:9e:42:9f:ab:c1:42:d3:11:bc:41:90:36:80:91:
         18:b5:d5:74:07:0d:81:09:ce:25:5c:3e:5d:a7:fb:c4:8e:ee:
         00:d7:da:d4:ed:8e:5e:2e:f8:1d:c2:71:f9:99:b7:2f:0a:4c:
         8b:1b:4b:9e:6d:b7:13:02:3d:ce:e4:97:fd:28:a3:79:84:d5:
         df:ba:c9:61:e3:5a:81:a1:56:f1:e2:3c:56:13:17:0a:6a:77:
         46:f5:15:18
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBfmesUPUTjGCSvm1AstSSVLjtGwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI4MDAwMDAwWhcNMjIxMjMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANDg2ZWE4NTBhMmIwOWZhNTJkNzMxODgyYTE4NDkzYzY2
Njk0NWQ0NGY5NGFmMmVhMTE3NTA1OTIxMjhiNjRhYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANwq13dREP9tPjrRRLVhkI0sytDfugs0tsUKlms9Z36uYATvgDpR
5+V0DDzQrS50Z1Q+KArRelz10YlGJyICy3Fa/MvGVYQ0vr5YYyYvYBdH675Tgi8G
KsbrwmBQ8X0K8VHf2g7eOQWYCiURkL2XOOYJJdLSpZq9T2xiysT82EfNa9lj+NVe
8ozqYCb2FOlMTNnkjwRekWmqY5lhK/vFWQxCtahKqjl+V+BfqbanGkJemLDx1yT1
ycHMbvh5YGeOXUDdqaVphvI6N+bzvyCgYacnGtU6EgMRV9taTKLzUndCyodDVuPQ
qMS+CR26BE2FBDTGebbOnxIwYig4TW+HS3kCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBROcFzfxmGSxmoOOWcBhmvP5U6GdzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWM0ZGExZWUtMDEyNS00MWFiLTlmYmUtODM2MDRhNTM1MjIwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACX/ClqKrnACLvVt
pJNXdNslTTHDVV9iR1DZBemgKcbQMfrO6PWT2BxmRZaqMo9dwAks7EALZ58w6nIq
XoC1Skt0bQB6EYlyW2FgOV2K/2HqTiRiDEAwex6zOO5YZN2XgzQstiNVjgRb1dL/
jRNZ0WK6iQSvfJS0e5yaGBl82CBAkhqHPU6nFW316qQbwPnjUK88JMxrQPt33Lnf
+dP8O6l6u4elDCaeQp+rwULTEbxBkDaAkRi11XQHDYEJziVcPl2n+8SO7gDX2tTt
jl4u+B3CcfmZty8KTIsbS55ttxMCPc7kl/0oo3mE1d+6yWHjWoGhVvHiPFYTFwpq
d0b1FRg=
-----END CERTIFICATE-----