Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1e599abd-dc8a-41a2-bf3e-a8333ef0ed3e.roa
File:                     1e599abd-dc8a-41a2-bf3e-a8333ef0ed3e.roa (raw, json)
Hash identifier:          witlbdxh/unGAMPmfE8E+1U2IUa2+ueIyEUSxvl5V4o=
Subject key identifier:   E0:A9:11:AB:3E:DB:F0:98:C3:65:A6:45:10:F5:35:B8:93:7E:23:49
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6E27D231DF2D47BD061C37717F91813A1803A2D5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1e599abd-dc8a-41a2-bf3e-a8333ef0ed3e.roa
Signing time:             Wed 17 Aug 2022 00:00:00 +0000
ROA not before:           Wed 17 Aug 2022 00:00:00 +0000
ROA not after:            Sat 20 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:27:d2:31:df:2d:47:bd:06:1c:37:71:7f:91:81:3a:18:03:a2:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 17 00:00:00 2022 GMT
            Not After : Aug 20 23:59:59 2022 GMT
        Subject: serialNumber=df9ff2e08084a6ca5e5b2b632ec194565a774e53b6037c9b74f2ceb1f8dbc67a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e6:df:b1:79:93:56:1f:02:bc:39:fc:d4:87:
                    13:cf:3a:07:99:fe:6f:94:d8:47:9b:f5:c7:a2:74:
                    c0:3e:0d:25:99:9d:06:fc:8c:b3:ca:fe:fe:d0:8b:
                    0e:9a:ab:a7:1d:ca:9d:02:3c:be:c6:a7:20:1b:de:
                    01:e5:81:2d:a3:e9:79:72:85:dd:01:e1:8a:2c:a8:
                    11:ff:77:f7:e3:95:04:98:50:07:48:a9:57:ff:f4:
                    0d:b2:16:43:ab:d1:7c:1d:50:28:42:dd:79:5a:6d:
                    8b:cb:4a:a3:56:8e:49:59:91:7d:4e:ab:a8:60:6b:
                    75:69:a2:e2:10:28:68:2f:05:81:c8:45:bb:c7:34:
                    f8:f1:7e:89:a1:1c:e4:9b:b6:96:87:60:a2:dd:be:
                    de:e3:8d:7c:ee:24:4f:da:cd:06:fd:53:93:a1:8a:
                    19:32:0f:ba:e0:49:20:03:fb:c5:84:3d:14:8b:e4:
                    34:af:e1:90:af:26:6d:b7:58:09:8f:11:d1:84:8d:
                    97:8b:78:b8:68:1c:da:43:b8:ed:57:c0:ae:7b:6e:
                    62:af:9c:51:43:98:22:17:bc:30:5c:fa:1e:f2:64:
                    92:15:df:ca:79:8f:d2:36:b7:0a:63:b2:84:3f:9b:
                    3d:ce:0b:fd:a7:bb:94:93:21:9a:81:4c:e6:2c:7c:
                    d9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:A9:11:AB:3E:DB:F0:98:C3:65:A6:45:10:F5:35:B8:93:7E:23:49
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1e599abd-dc8a-41a2-bf3e-a8333ef0ed3e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:8a:b9:00:7c:34:b1:32:da:73:0b:c4:08:5a:38:11:95:c5:
         f6:49:62:45:ce:b9:d4:cf:44:bc:d0:e0:0a:cc:07:92:e0:20:
         a8:00:0a:b0:56:d1:e0:97:03:e7:8a:88:65:f4:1b:e6:f0:ad:
         03:2e:b8:22:19:75:fc:b2:71:6d:6e:28:b2:e7:97:98:0a:d0:
         ab:27:c6:b5:e4:87:0c:8a:11:70:fc:b1:fd:49:68:21:2f:96:
         3b:ca:37:76:50:13:bf:87:82:2a:70:07:f8:a4:b9:44:e8:25:
         3c:16:b8:d0:6d:c8:fd:c1:49:8a:15:c0:cd:53:69:28:c2:3a:
         9a:7b:73:47:f2:7a:48:21:4f:dc:f2:58:ac:7f:e7:d7:6f:13:
         27:8d:95:49:91:90:3f:1b:98:6b:a6:ef:26:40:46:95:31:44:
         16:bc:8f:45:8c:47:33:86:7f:08:a6:41:ef:43:1c:a9:6d:aa:
         dc:b0:53:28:4b:4b:95:a8:20:51:5d:72:0d:74:01:47:75:a1:
         f9:38:80:6b:c5:3e:08:a5:01:a7:a1:d7:7a:7b:7e:d5:6f:47:
         a9:87:07:1b:d4:36:b8:96:14:98:0c:c8:af:d2:9a:ca:8a:59:
         ec:df:20:7d:dc:ea:bb:51:eb:82:39:1c:d6:d8:e5:f1:96:5f:
         60:81:2d:08
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbifSMd8tR70GHDdxf5GBOhgDotUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODE3MDAwMDAwWhcNMjIwODIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGY5ZmYyZTA4MDg0YTZjYTVlNWIyYjYzMmVjMTk0NTY1
YTc3NGU1M2I2MDM3YzliNzRmMmNlYjFmOGRiYzY3YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANrm37F5k1YfArw5/NSHE886B5n+b5TYR5v1x6J0wD4NJZmdBvyM
s8r+/tCLDpqrpx3KnQI8vsanIBveAeWBLaPpeXKF3QHhiiyoEf939+OVBJhQB0ip
V//0DbIWQ6vRfB1QKELdeVpti8tKo1aOSVmRfU6rqGBrdWmi4hAoaC8FgchFu8c0
+PF+iaEc5Ju2lodgot2+3uONfO4kT9rNBv1Tk6GKGTIPuuBJIAP7xYQ9FIvkNK/h
kK8mbbdYCY8R0YSNl4t4uGgc2kO47VfArntuYq+cUUOYIhe8MFz6HvJkkhXfynmP
0ja3CmOyhD+bPc4L/ae7lJMhmoFM5ix82dMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTgqRGrPtvwmMNlpkUQ9TW4k34jSTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWU1OTlhYmQtZGM4YS00MWEyLWJmM2UtYTgzMzNlZjBlZDNlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABKKuQB8NLEy2nML
xAhaOBGVxfZJYkXOudTPRLzQ4ArMB5LgIKgACrBW0eCXA+eKiGX0G+bwrQMuuCIZ
dfyycW1uKLLnl5gK0KsnxrXkhwyKEXD8sf1JaCEvljvKN3ZQE7+HgipwB/ikuUTo
JTwWuNBtyP3BSYoVwM1TaSjCOpp7c0fyekghT9zyWKx/59dvEyeNlUmRkD8bmGum
7yZARpUxRBa8j0WMRzOGfwimQe9DHKltqtywUyhLS5WoIFFdcg10AUd1ofk4gGvF
PgilAaeh13p7ftVvR6mHBxvUNriWFJgMyK/SmsqKWezfIH3c6rtR64I5HNbY5fGW
X2CBLQg=
-----END CERTIFICATE-----