Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/20aa72c7-64f8-4a24-974c-0aff7771f15b.roa
File:                     20aa72c7-64f8-4a24-974c-0aff7771f15b.roa (raw, json)
Hash identifier:          2InVr5VSZDiveI8cTjTlUKzTY6a/q6y9pzRv70W2YFc=
Subject key identifier:   5F:66:46:5D:9A:82:10:FE:B3:3F:AF:2D:68:39:68:E8:E8:56:C1:18
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       30B763F9AF59C45F91BB5687894761515A3B8AE7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/20aa72c7-64f8-4a24-974c-0aff7771f15b.roa
Signing time:             Sat 31 Dec 2022 00:00:00 +0000
ROA not before:           Sat 31 Dec 2022 00:00:00 +0000
ROA not after:            Tue 03 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:b7:63:f9:af:59:c4:5f:91:bb:56:87:89:47:61:51:5a:3b:8a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 31 00:00:00 2022 GMT
            Not After : Jan  3 23:59:59 2023 GMT
        Subject: serialNumber=4fb8756f5c6589a8d937c80f10f197d915a0f4b786c8af278950e3b04c7a9c67, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ea:16:bf:14:d1:d8:6e:3e:a3:98:98:c3:62:
                    2f:15:3d:ad:b0:a6:0a:03:ee:46:25:b4:ef:39:3d:
                    2f:25:ac:a2:e5:ea:89:78:69:16:a7:67:36:b8:51:
                    e4:0c:2c:8b:e5:8c:5f:00:13:1e:ad:46:58:1a:33:
                    3c:3f:01:77:7c:a5:93:d4:84:6e:ef:04:28:e1:73:
                    0e:b9:b9:27:eb:71:fb:cf:bc:42:40:79:f7:34:ba:
                    3d:4a:32:cd:6d:d4:91:9c:1b:20:1a:ad:71:53:c4:
                    5a:3b:55:0e:61:6b:5c:10:9e:c0:a1:4d:b7:07:cf:
                    47:89:4a:02:56:6a:ce:8e:3c:b4:35:01:4e:e1:78:
                    48:f6:cf:da:17:ce:cc:22:22:e5:55:a7:14:95:b7:
                    e3:7a:7c:e9:84:82:05:74:5f:50:e0:ad:0b:26:ef:
                    06:bb:5e:97:9c:3b:b0:de:eb:07:eb:53:f0:bb:35:
                    07:e9:a3:b8:e5:c0:ec:86:4a:c3:aa:b4:81:a0:a7:
                    72:c3:c1:54:63:59:78:b7:43:a6:87:d7:f6:2c:e9:
                    9b:7b:67:59:cc:5f:a0:53:b5:da:72:8b:1c:53:a3:
                    9c:08:7f:ae:1e:4b:eb:5d:10:cb:c0:f4:db:cb:8d:
                    2f:35:67:82:bb:ac:eb:b1:56:a1:5b:d7:31:35:5e:
                    09:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:66:46:5D:9A:82:10:FE:B3:3F:AF:2D:68:39:68:E8:E8:56:C1:18
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/20aa72c7-64f8-4a24-974c-0aff7771f15b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:7d:3f:41:fa:ae:1a:40:9e:bb:01:2a:6d:e8:55:c9:a4:07:
         60:24:34:a5:55:3d:38:5d:b3:55:e5:db:0c:03:ca:9e:96:ee:
         7e:f3:fc:05:7f:73:0f:b8:a7:0a:f6:af:72:73:8f:77:02:c6:
         05:82:de:c9:6b:e2:36:27:1c:5f:bb:34:99:52:a6:31:cc:86:
         8a:d6:6f:69:50:c9:3f:1b:f6:ba:c5:8a:eb:72:62:80:d5:44:
         a6:15:4c:4e:9e:23:02:6f:1d:b3:c3:12:7f:df:2a:26:54:52:
         ab:fe:97:ab:9d:a7:5a:65:0b:5e:d2:58:2a:68:98:81:0d:3e:
         54:82:55:92:0a:7d:63:6e:e5:7d:fb:bb:c5:6c:84:ff:ce:e9:
         d2:1c:a8:a1:e3:48:cb:9e:95:d2:da:d2:3e:04:dd:a2:a2:b1:
         b9:d5:ae:bb:8d:66:73:12:63:b7:a4:96:bf:98:2b:fc:76:66:
         d6:27:e6:68:71:c7:71:50:48:1c:11:fe:29:6a:b4:1a:00:ca:
         52:be:4a:7e:55:c2:c8:ec:d6:b1:f3:df:81:b4:13:67:86:74:
         a6:a2:8e:37:04:c3:0d:c6:2e:fd:37:de:f1:45:38:ae:66:1e:
         a6:6c:a6:68:61:f1:6e:70:2e:5d:04:cb:0d:cd:01:d2:78:e2:
         57:d3:96:dc
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMLdj+a9ZxF+Ru1aHiUdhUVo7iucwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjMxMDAwMDAwWhcNMjMwMTAzMjM1OTU5
WjCBpTFJMEcGA1UEBRNANGZiODc1NmY1YzY1ODlhOGQ5MzdjODBmMTBmMTk3ZDkx
NWEwZjRiNzg2YzhhZjI3ODk1MGUzYjA0YzdhOWM2NzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMjqFr8U0dhuPqOYmMNiLxU9rbCmCgPuRiW07zk9LyWsouXqiXhp
FqdnNrhR5Awsi+WMXwATHq1GWBozPD8Bd3ylk9SEbu8EKOFzDrm5J+tx+8+8QkB5
9zS6PUoyzW3UkZwbIBqtcVPEWjtVDmFrXBCewKFNtwfPR4lKAlZqzo48tDUBTuF4
SPbP2hfOzCIi5VWnFJW343p86YSCBXRfUOCtCybvBrtel5w7sN7rB+tT8Ls1B+mj
uOXA7IZKw6q0gaCncsPBVGNZeLdDpofX9izpm3tnWcxfoFO12nKLHFOjnAh/rh5L
610Qy8D028uNLzVngrus67FWoVvXMTVeCY0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRfZkZdmoIQ/rM/ry1oOWjo6FbBGDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjBhYTcyYzctNjRmOC00YTI0LTk3NGMtMGFmZjc3NzFmMTViLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKR9P0H6rhpAnrsB
Km3oVcmkB2AkNKVVPThds1Xl2wwDyp6W7n7z/AV/cw+4pwr2r3Jzj3cCxgWC3slr
4jYnHF+7NJlSpjHMhorWb2lQyT8b9rrFiutyYoDVRKYVTE6eIwJvHbPDEn/fKiZU
Uqv+l6udp1plC17SWCpomIENPlSCVZIKfWNu5X37u8VshP/O6dIcqKHjSMueldLa
0j4E3aKisbnVrruNZnMSY7eklr+YK/x2ZtYn5mhxx3FQSBwR/ilqtBoAylK+Sn5V
wsjs1rHz34G0E2eGdKaijjcEww3GLv033vFFOK5mHqZspmhh8W5wLl0Eyw3NAdJ4
4lfTltw=
-----END CERTIFICATE-----