Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24969fad-53b7-456e-937c-29a30ca6447c.roa
File:                     24969fad-53b7-456e-937c-29a30ca6447c.roa (raw, json)
Hash identifier:          4Phh4AglMK8DnA4QOR6I2f0eybokTArr3p4eorKDEdU=
Subject key identifier:   A2:A9:53:94:DA:C5:7D:65:5A:B4:82:11:EB:BA:FC:A0:1F:96:32:6A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3AA63A2EA1164E45B7C2E7A0FEBCFB2B87F38F47
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24969fad-53b7-456e-937c-29a30ca6447c.roa
Signing time:             Tue 13 Dec 2022 00:00:00 +0000
ROA not before:           Tue 13 Dec 2022 00:00:00 +0000
ROA not after:            Fri 16 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:a6:3a:2e:a1:16:4e:45:b7:c2:e7:a0:fe:bc:fb:2b:87:f3:8f:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 13 00:00:00 2022 GMT
            Not After : Dec 16 23:59:59 2022 GMT
        Subject: serialNumber=db15cbbd54f609b3beff4417879c4146d6859a39fcde08c7f38b8157a903f21f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ee:ab:eb:1b:17:2a:d9:8a:57:2e:27:63:cb:
                    e7:f8:55:18:73:f4:62:d1:99:f8:52:c9:db:71:f1:
                    47:85:fa:21:44:8a:f1:4d:92:af:4b:4c:81:bd:7c:
                    fe:13:4b:37:0c:04:30:f0:1b:db:b3:e8:b7:4e:67:
                    a7:a2:8a:5f:93:a6:af:b1:54:3d:b3:8b:6f:73:ca:
                    2b:68:f0:f5:cd:08:70:19:12:e8:b6:c6:1f:b0:4f:
                    4a:18:b3:fe:93:a8:01:00:59:2c:f5:c8:3b:5f:b3:
                    77:44:ae:c5:71:f1:b5:c4:ff:54:69:0a:76:90:4c:
                    f4:ce:6f:09:16:35:0a:9a:27:e5:b9:a9:ff:ff:98:
                    23:f3:da:b6:99:c2:60:f8:23:bb:11:13:0b:9a:97:
                    cc:72:02:29:3f:62:2f:0f:c4:e2:bf:71:d7:0a:6f:
                    13:d4:8e:eb:00:cd:f9:b6:a4:fd:f1:f8:a2:95:19:
                    0b:6c:f9:1c:38:01:1d:81:26:44:a7:c8:ba:2f:e1:
                    c6:42:a6:95:25:9d:e7:be:e3:76:a4:6b:a2:94:22:
                    97:1c:b2:af:be:56:f9:a2:c1:df:2e:32:11:98:12:
                    db:14:eb:91:91:52:37:ab:13:a0:bd:63:d4:b0:fa:
                    d7:93:9a:52:c9:52:da:b5:d5:41:22:6a:af:64:3c:
                    fa:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:A9:53:94:DA:C5:7D:65:5A:B4:82:11:EB:BA:FC:A0:1F:96:32:6A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24969fad-53b7-456e-937c-29a30ca6447c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:45:5f:0e:c6:fd:07:6b:3d:ed:4f:8a:3c:ec:7a:10:64:67:
         f4:f7:c8:d0:ec:39:24:76:bb:cf:88:22:c2:a8:a4:4e:d8:b2:
         31:76:66:c6:a5:e0:42:18:1a:15:7c:49:8b:83:7f:42:c6:a7:
         a8:64:3e:70:d1:71:95:9e:e7:f5:68:68:86:a3:c5:56:d5:32:
         d2:12:bb:72:89:c8:cf:0b:e1:08:db:c2:b4:33:0f:77:86:6d:
         c8:59:b7:2c:af:75:65:da:18:43:c7:45:72:bb:6f:42:d1:e7:
         68:51:06:67:93:bb:db:9b:75:de:3f:8b:30:53:d1:25:a9:a3:
         0b:b6:3b:80:d7:06:62:bb:31:e7:1c:d6:50:83:91:0e:e7:7a:
         fa:ab:fa:7d:b3:f1:c5:2b:1f:10:6b:89:c8:16:fd:32:2c:9f:
         5b:9a:85:98:2c:59:b4:3f:52:eb:e4:95:29:4c:7a:94:aa:72:
         fe:fa:88:d5:cd:ac:23:49:09:a3:cf:3b:d9:9c:3e:57:d1:23:
         6f:3e:77:aa:c1:9a:be:d4:d7:95:f3:e1:b6:77:e4:32:85:d1:
         90:7d:86:f7:5b:d9:28:9e:d4:80:86:25:07:dd:82:56:6f:cd:
         0d:c0:16:21:68:64:d5:d7:b1:3e:81:37:2b:f3:e1:c7:20:b7:
         05:19:2f:f7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUOqY6LqEWTkW3wueg/rz7K4fzj0cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjEzMDAwMDAwWhcNMjIxMjE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGIxNWNiYmQ1NGY2MDliM2JlZmY0NDE3ODc5YzQxNDZk
Njg1OWEzOWZjZGUwOGM3ZjM4YjgxNTdhOTAzZjIxZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIruq+sbFyrZilcuJ2PL5/hVGHP0YtGZ+FLJ23HxR4X6IUSK8U2S
r0tMgb18/hNLNwwEMPAb27Pot05np6KKX5Omr7FUPbOLb3PKK2jw9c0IcBkS6LbG
H7BPShiz/pOoAQBZLPXIO1+zd0SuxXHxtcT/VGkKdpBM9M5vCRY1Cpon5bmp//+Y
I/PatpnCYPgjuxETC5qXzHICKT9iLw/E4r9x1wpvE9SO6wDN+bak/fH4opUZC2z5
HDgBHYEmRKfIui/hxkKmlSWd577jdqRropQilxyyr75W+aLB3y4yEZgS2xTrkZFS
N6sToL1j1LD615OaUslS2rXVQSJqr2Q8+uUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSiqVOU2sV9ZVq0ghHruvygH5YyajAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjQ5NjlmYWQtNTNiNy00NTZlLTkzN2MtMjlhMzBjYTY0NDdjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABlFXw7G/QdrPe1P
ijzsehBkZ/T3yNDsOSR2u8+IIsKopE7YsjF2Zsal4EIYGhV8SYuDf0LGp6hkPnDR
cZWe5/VoaIajxVbVMtISu3KJyM8L4QjbwrQzD3eGbchZtyyvdWXaGEPHRXK7b0LR
52hRBmeTu9ubdd4/izBT0SWpowu2O4DXBmK7Mecc1lCDkQ7nevqr+n2z8cUrHxBr
icgW/TIsn1uahZgsWbQ/UuvklSlMepSqcv76iNXNrCNJCaPPO9mcPlfRI28+d6rB
mr7U15Xz4bZ35DKF0ZB9hvdb2Sie1ICGJQfdglZvzQ3AFiFoZNXXsT6BNyvz4ccg
twUZL/c=
-----END CERTIFICATE-----