Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24a98e5a-64ee-4f87-a044-fd5376fdce3a.roa
File:                     24a98e5a-64ee-4f87-a044-fd5376fdce3a.roa (raw, json)
Hash identifier:          YWG5yfUAGB4Jv1+o/u/pjSqiD/J4g0zRii8+G+ccLNY=
Subject key identifier:   79:B4:31:CB:76:54:FF:68:1E:59:A6:96:D0:D7:7C:BD:D7:B5:59:A5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       42380F6998A86FFAAB9AEF94C0AFD3BC0E22502B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24a98e5a-64ee-4f87-a044-fd5376fdce3a.roa
Signing time:             Fri 13 Jan 2023 00:00:00 +0000
ROA not before:           Fri 13 Jan 2023 00:00:00 +0000
ROA not after:            Mon 16 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:38:0f:69:98:a8:6f:fa:ab:9a:ef:94:c0:af:d3:bc:0e:22:50:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 13 00:00:00 2023 GMT
            Not After : Jan 16 23:59:59 2023 GMT
        Subject: serialNumber=bacb6833130901473650fb0676a18c1e78e59a78db8b8d03ab1fe31ecd434b10, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:48:74:d5:66:50:5d:7b:f0:8b:03:4b:f1:6a:
                    b0:8f:dd:0d:c0:65:38:95:d6:5f:6c:4a:ca:cb:87:
                    49:73:63:7c:4d:6e:ad:a5:81:e9:8e:c7:52:80:ec:
                    e0:c1:1c:b6:d9:74:6c:c0:72:80:9c:e3:c0:14:40:
                    84:65:5a:78:b3:38:c6:02:ea:b2:03:1b:35:c3:6f:
                    f9:30:35:61:f5:30:69:6b:a3:d2:30:36:fa:91:fe:
                    bb:aa:ac:14:c3:a0:df:24:cc:ed:e7:c9:9e:da:ff:
                    12:08:45:79:53:44:f9:70:29:7f:62:f7:ff:72:aa:
                    a2:10:35:09:f7:9a:cb:22:4c:76:3f:03:75:f4:ea:
                    e4:78:d3:be:f4:ae:9a:ed:cd:99:46:d9:38:54:38:
                    26:38:14:1c:d2:79:e5:9f:b7:2f:33:f1:95:d0:b8:
                    9d:41:98:e1:88:0e:8b:f8:0d:bb:2b:fe:5d:78:cc:
                    82:c1:7f:1e:4c:1d:58:90:ac:34:10:9d:e6:92:e7:
                    bb:aa:2d:26:e4:0b:75:a4:a4:8b:95:4b:5b:ac:0e:
                    90:55:ac:6b:80:51:c0:bd:44:a9:5c:9a:d0:03:d0:
                    b2:8d:dc:e0:b6:fe:78:36:38:38:d2:81:1e:74:c8:
                    a0:25:64:b1:85:c2:83:81:b9:70:15:9f:5a:f2:6a:
                    4a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:B4:31:CB:76:54:FF:68:1E:59:A6:96:D0:D7:7C:BD:D7:B5:59:A5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24a98e5a-64ee-4f87-a044-fd5376fdce3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:59:d0:c2:df:cb:0f:2b:cb:01:c9:49:89:1d:b5:f4:2b:93:
         84:42:66:6f:a7:20:63:f1:91:82:53:3a:57:69:f9:74:86:e3:
         a0:91:98:f1:4c:2f:c8:ce:d6:58:b9:24:d3:89:cd:77:22:86:
         a4:d5:ae:fb:a3:b0:5a:bf:5d:cb:d7:07:46:42:01:dd:4f:69:
         42:dc:0c:6d:d6:bb:bc:c0:78:49:59:33:a0:4d:b4:ad:13:a0:
         c3:82:8c:93:e0:3f:cc:22:b9:0d:d8:67:8e:bd:cc:ad:cf:07:
         d7:5d:41:2b:e7:f7:41:1a:82:0e:78:55:93:f7:fe:98:3e:8a:
         5b:57:3f:a8:48:09:d3:5e:f2:01:23:cd:0e:bb:88:32:3b:88:
         be:1e:03:54:a9:10:12:b7:06:cc:b8:76:d3:19:ad:f1:df:72:
         fe:08:11:b0:c4:f0:b0:ae:58:39:27:62:d9:57:37:e8:e3:2a:
         ba:96:4d:7c:2f:36:1d:d5:6f:92:0b:b2:24:82:d5:a6:2a:25:
         79:0b:68:82:a7:8f:53:e5:c5:85:07:f7:35:50:78:db:3b:ed:
         c5:fe:d2:1c:fc:cd:4e:4e:ad:51:95:bd:fd:64:b5:77:28:ae:
         e4:d1:bb:e9:e6:45:11:cb:95:6d:4f:7d:69:41:97:1d:fa:8f:
         6f:20:38:a1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQjgPaZiob/qrmu+UwK/TvA4iUCswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTEzMDAwMDAwWhcNMjMwMTE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmFjYjY4MzMxMzA5MDE0NzM2NTBmYjA2NzZhMThjMWU3
OGU1OWE3OGRiOGI4ZDAzYWIxZmUzMWVjZDQzNGIxMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMBIdNVmUF178IsDS/FqsI/dDcBlOJXWX2xKysuHSXNjfE1uraWB
6Y7HUoDs4MEcttl0bMBygJzjwBRAhGVaeLM4xgLqsgMbNcNv+TA1YfUwaWuj0jA2
+pH+u6qsFMOg3yTM7efJntr/EghFeVNE+XApf2L3/3KqohA1CfeayyJMdj8DdfTq
5HjTvvSumu3NmUbZOFQ4JjgUHNJ55Z+3LzPxldC4nUGY4YgOi/gNuyv+XXjMgsF/
HkwdWJCsNBCd5pLnu6otJuQLdaSki5VLW6wOkFWsa4BRwL1EqVya0APQso3c4Lb+
eDY4ONKBHnTIoCVksYXCg4G5cBWfWvJqSmUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR5tDHLdlT/aB5ZppbQ13y917VZpTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjRhOThlNWEtNjRlZS00Zjg3LWEwNDQtZmQ1Mzc2ZmRjZTNhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGxZ0MLfyw8rywHJ
SYkdtfQrk4RCZm+nIGPxkYJTOldp+XSG46CRmPFML8jO1li5JNOJzXcihqTVrvuj
sFq/XcvXB0ZCAd1PaULcDG3Wu7zAeElZM6BNtK0ToMOCjJPgP8wiuQ3YZ469zK3P
B9ddQSvn90Eagg54VZP3/pg+iltXP6hICdNe8gEjzQ67iDI7iL4eA1SpEBK3Bsy4
dtMZrfHfcv4IEbDE8LCuWDknYtlXN+jjKrqWTXwvNh3Vb5ILsiSC1aYqJXkLaIKn
j1PlxYUH9zVQeNs77cX+0hz8zU5OrVGVvf1ktXcoruTRu+nmRRHLlW1PfWlBlx36
j28gOKE=
-----END CERTIFICATE-----