Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2181821a-af2b-4df6-8c09-b84c7858d043.roa
File:                     2181821a-af2b-4df6-8c09-b84c7858d043.roa (raw, json)
Hash identifier:          w0Ymnl+m/YlulnZoc8dwqsIrdJYdzW2TIat3ikru89k=
Subject key identifier:   69:04:1C:2E:9D:E0:33:76:2E:0D:E1:3E:CA:A6:AB:9B:6E:ED:EE:11
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       05B2294227ED27E32932825E42CD45197F206417
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2181821a-af2b-4df6-8c09-b84c7858d043.roa
Signing time:             Sun 25 Sep 2022 00:00:00 +0000
ROA not before:           Sun 25 Sep 2022 00:00:00 +0000
ROA not after:            Wed 28 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:b2:29:42:27:ed:27:e3:29:32:82:5e:42:cd:45:19:7f:20:64:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 25 00:00:00 2022 GMT
            Not After : Sep 28 23:59:59 2022 GMT
        Subject: serialNumber=40d4b0e9da610b897a644eb6ed236913f03153e18b7545c95badc3a51057b3a3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:82:42:cd:b0:67:80:cd:3b:94:6d:80:8d:5f:
                    fe:d3:be:05:ac:9a:91:25:a7:c8:70:c2:70:4b:91:
                    e5:3c:8e:31:1a:2c:39:d2:8f:d6:5d:51:ec:f7:1c:
                    9c:59:cc:33:e7:0e:b9:03:7a:f9:10:aa:07:e0:76:
                    8b:62:59:32:f9:73:f7:d4:ea:c4:b0:f7:50:66:19:
                    43:7c:ec:bf:16:ac:7c:a2:3e:81:79:ca:13:75:b6:
                    65:50:c6:b1:8c:59:25:af:d1:19:c5:81:5e:9e:45:
                    e6:26:10:31:90:b8:6d:13:23:52:09:87:14:63:b7:
                    1a:a6:ad:e7:b2:1b:66:71:08:3d:aa:62:a9:6a:95:
                    d8:db:fe:81:dc:7c:fb:bb:fe:06:cb:a6:d0:bb:4b:
                    a8:93:2e:3b:09:6f:61:a2:5d:58:d1:58:79:2b:c0:
                    82:81:a0:e9:83:47:ef:2a:1e:77:59:c1:af:67:29:
                    e0:c6:a9:66:49:3d:3b:e9:c5:34:cf:40:3d:f2:b0:
                    c8:c8:3d:57:80:82:b7:49:21:19:11:b6:4e:f2:e0:
                    9d:af:62:c5:f6:e2:6e:09:18:3a:9b:12:13:ba:37:
                    09:1f:52:58:23:73:a3:5d:7d:1e:7f:99:c7:14:13:
                    02:b1:d2:12:32:93:88:37:e9:06:46:93:9b:c5:f3:
                    7a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:04:1C:2E:9D:E0:33:76:2E:0D:E1:3E:CA:A6:AB:9B:6E:ED:EE:11
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2181821a-af2b-4df6-8c09-b84c7858d043.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:7c:5f:dc:d7:fc:5b:03:17:92:67:89:4c:4e:26:a4:56:42:
         90:66:95:db:38:13:a7:c6:aa:02:65:e4:75:3e:a0:86:52:fb:
         b8:6a:08:56:55:a5:c1:8f:dd:df:87:d8:50:06:2e:06:7a:b4:
         38:4d:ae:e2:7a:9d:4b:00:5a:5b:83:92:5f:e9:c4:d2:dd:4f:
         9d:2c:60:00:cc:cf:bc:e0:d2:fd:60:42:e7:54:09:93:7d:e0:
         c9:37:16:3f:1f:fd:a3:f0:e9:cb:9d:66:b1:55:13:f4:40:1b:
         45:73:4c:93:1e:08:4b:24:96:b7:b8:fd:b4:fb:ad:89:d6:1b:
         a8:ac:40:d8:3e:a8:79:6a:e5:a7:b3:8b:80:08:e7:be:a9:b8:
         06:b8:ce:d2:48:76:80:38:68:db:c1:23:d7:96:01:1c:c3:01:
         a9:63:dd:3a:6f:28:37:32:d5:d9:15:da:36:94:a1:2c:4e:10:
         b5:b0:9c:48:22:b6:7e:ab:90:b2:e7:e3:59:81:9f:5b:03:4a:
         d8:ad:87:16:6a:42:71:0d:c2:41:1f:19:1d:97:5f:61:41:06:
         3a:5c:ef:91:50:1e:90:a5:06:02:9a:51:be:9a:b3:85:db:a4:
         f0:c5:8a:41:ce:fb:34:c2:4c:65:44:b3:75:f9:b8:e8:61:b2:
         81:aa:5d:7b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBbIpQiftJ+MpMoJeQs1FGX8gZBcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTI1MDAwMDAwWhcNMjIwOTI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDBkNGIwZTlkYTYxMGI4OTdhNjQ0ZWI2ZWQyMzY5MTNm
MDMxNTNlMThiNzU0NWM5NWJhZGMzYTUxMDU3YjNhMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALqCQs2wZ4DNO5RtgI1f/tO+BayakSWnyHDCcEuR5TyOMRosOdKP
1l1R7PccnFnMM+cOuQN6+RCqB+B2i2JZMvlz99TqxLD3UGYZQ3zsvxasfKI+gXnK
E3W2ZVDGsYxZJa/RGcWBXp5F5iYQMZC4bRMjUgmHFGO3Gqat57IbZnEIPapiqWqV
2Nv+gdx8+7v+Bsum0LtLqJMuOwlvYaJdWNFYeSvAgoGg6YNH7yoed1nBr2cp4Map
Zkk9O+nFNM9APfKwyMg9V4CCt0khGRG2TvLgna9ixfbibgkYOpsSE7o3CR9SWCNz
o119Hn+ZxxQTArHSEjKTiDfpBkaTm8XzeuUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRpBBwuneAzdi4N4T7Kpqubbu3uETAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjE4MTgyMWEtYWYyYi00ZGY2LThjMDktYjg0Yzc4NThkMDQzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALB8X9zX/FsDF5Jn
iUxOJqRWQpBmlds4E6fGqgJl5HU+oIZS+7hqCFZVpcGP3d+H2FAGLgZ6tDhNruJ6
nUsAWluDkl/pxNLdT50sYADMz7zg0v1gQudUCZN94Mk3Fj8f/aPw6cudZrFVE/RA
G0VzTJMeCEsklre4/bT7rYnWG6isQNg+qHlq5aezi4AI576puAa4ztJIdoA4aNvB
I9eWARzDAalj3TpvKDcy1dkV2jaUoSxOELWwnEgitn6rkLLn41mBn1sDStithxZq
QnENwkEfGR2XX2FBBjpc75FQHpClBgKaUb6as4XbpPDFikHO+zTCTGVEs3X5uOhh
soGqXXs=
-----END CERTIFICATE-----