Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/249c3787-6cdb-4bf9-9c53-36e9b1fc6a74.roa
File:                     249c3787-6cdb-4bf9-9c53-36e9b1fc6a74.roa (raw, json)
Hash identifier:          WDLwB6qwn4q9amGsz09qNXUeqft5qE3XMW+DmCFhNGg=
Subject key identifier:   A5:12:CF:8E:66:22:86:D6:5E:31:FF:89:81:55:96:A1:DA:FA:DD:58
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       78A906510547CA960485E13A0939D6959806E4D8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/249c3787-6cdb-4bf9-9c53-36e9b1fc6a74.roa
Signing time:             Wed 14 Dec 2022 00:00:00 +0000
ROA not before:           Wed 14 Dec 2022 00:00:00 +0000
ROA not after:            Sat 17 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:a9:06:51:05:47:ca:96:04:85:e1:3a:09:39:d6:95:98:06:e4:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 14 00:00:00 2022 GMT
            Not After : Dec 17 23:59:59 2022 GMT
        Subject: serialNumber=61e8a332964857fbdab038cce73b3decee93ea27a6b5b1938c24ada1cbe86e0c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5d:4a:a0:5a:86:76:4b:f9:a3:09:ce:fb:cc:
                    e6:16:16:32:2c:f7:53:65:81:a2:89:c9:33:0f:41:
                    ed:f4:9a:a2:f4:03:a4:e9:c1:74:9b:98:eb:9a:37:
                    b7:f5:3d:30:28:a9:1b:94:c3:d6:e3:b0:ac:b1:a0:
                    27:3d:d1:7e:e2:b4:81:66:d2:18:51:0c:77:fd:65:
                    ae:6e:e2:e8:e3:17:32:fa:39:c9:2c:58:bb:f4:06:
                    53:33:91:8d:94:6c:ee:a4:cb:43:2a:fa:c8:4b:2e:
                    26:95:c9:4a:67:c1:17:92:b1:e8:b5:33:3e:fd:33:
                    32:34:a5:47:40:93:18:bf:02:33:6b:80:e8:2c:70:
                    f6:1a:19:00:fe:ac:8a:a1:e5:2e:b5:7e:67:8b:1b:
                    ed:b8:0f:6e:05:65:67:47:fe:c1:51:12:d9:4a:14:
                    d8:69:db:e8:ed:d5:f2:4f:06:4b:72:c4:ff:88:96:
                    0c:98:4d:33:4e:92:e1:21:55:e8:92:10:28:60:c7:
                    74:f6:62:64:86:1e:b5:ac:1b:15:39:b6:82:bf:6f:
                    5a:94:7f:d9:4b:96:bc:38:c2:c8:6f:09:b2:5e:7e:
                    04:bc:20:14:98:8a:4b:5e:8b:66:5a:56:c4:f0:77:
                    e8:fb:6a:33:d1:20:df:0e:46:d6:ba:fb:5c:a6:26:
                    bd:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:12:CF:8E:66:22:86:D6:5E:31:FF:89:81:55:96:A1:DA:FA:DD:58
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/249c3787-6cdb-4bf9-9c53-36e9b1fc6a74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:33:19:5d:98:86:fe:9f:d7:9a:54:36:8d:0a:f5:63:b8:c9:
         41:0d:89:d4:4c:d5:0e:ca:47:d9:64:5e:a5:fb:75:3f:13:d0:
         29:e9:a1:15:18:25:e0:5c:cf:75:d6:1a:d4:24:d7:fe:d9:56:
         c6:aa:91:85:6f:22:e9:78:7f:ad:2c:7f:25:58:40:5f:b8:9b:
         7d:43:66:62:d4:50:0f:20:f7:b6:c7:af:4b:eb:f0:03:a1:47:
         82:e7:a4:0e:76:cf:88:95:54:d6:b6:3d:bb:0f:27:4d:9c:dc:
         cc:d8:dd:70:97:b4:e6:de:43:7f:7b:42:69:49:5e:3f:89:02:
         ef:55:88:a8:fe:41:70:d3:37:9e:b4:35:eb:cb:3b:39:e4:fc:
         06:99:a2:21:24:e6:14:47:a0:ef:89:9c:ca:a0:0e:ff:87:f3:
         19:c2:20:d2:00:01:88:d6:7c:90:cf:f3:d3:d7:7b:13:c3:b0:
         c7:76:37:fd:81:62:20:5c:60:93:bc:fd:73:25:24:f1:4e:31:
         c8:f3:1a:82:6e:0f:35:d7:ee:7c:06:29:95:b7:e8:8a:2a:de:
         8c:3c:63:1e:ae:48:fd:91:98:85:87:e1:d9:9d:ba:f3:12:29:
         4a:be:8f:a0:f0:ee:5a:e2:d1:8d:e8:80:52:49:6d:4e:ac:f2:
         7d:22:cd:71
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUeKkGUQVHypYEheE6CTnWlZgG5NgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE0MDAwMDAwWhcNMjIxMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjFlOGEzMzI5NjQ4NTdmYmRhYjAzOGNjZTczYjNkZWNl
ZTkzZWEyN2E2YjViMTkzOGMyNGFkYTFjYmU4NmUwYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKxdSqBahnZL+aMJzvvM5hYWMiz3U2WBoonJMw9B7fSaovQDpOnB
dJuY65o3t/U9MCipG5TD1uOwrLGgJz3RfuK0gWbSGFEMd/1lrm7i6OMXMvo5ySxY
u/QGUzORjZRs7qTLQyr6yEsuJpXJSmfBF5Kx6LUzPv0zMjSlR0CTGL8CM2uA6Cxw
9hoZAP6siqHlLrV+Z4sb7bgPbgVlZ0f+wVES2UoU2Gnb6O3V8k8GS3LE/4iWDJhN
M06S4SFV6JIQKGDHdPZiZIYetawbFTm2gr9vWpR/2UuWvDjCyG8Jsl5+BLwgFJiK
S16LZlpWxPB36PtqM9Eg3w5G1rr7XKYmvY8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSlEs+OZiKG1l4x/4mBVZah2vrdWDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjQ5YzM3ODctNmNkYi00YmY5LTljNTMtMzZlOWIxZmM2YTc0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFQzGV2Yhv6f15pU
No0K9WO4yUENidRM1Q7KR9lkXqX7dT8T0CnpoRUYJeBcz3XWGtQk1/7ZVsaqkYVv
Iul4f60sfyVYQF+4m31DZmLUUA8g97bHr0vr8AOhR4LnpA52z4iVVNa2PbsPJ02c
3MzY3XCXtObeQ397QmlJXj+JAu9ViKj+QXDTN560NevLOznk/AaZoiEk5hRHoO+J
nMqgDv+H8xnCINIAAYjWfJDP89PXexPDsMd2N/2BYiBcYJO8/XMlJPFOMcjzGoJu
DzXX7nwGKZW36Ioq3ow8Yx6uSP2RmIWH4dmduvMSKUq+j6Dw7lri0Y3ogFJJbU6s
8n0izXE=
-----END CERTIFICATE-----