Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/287539b4-e5a4-4c02-a836-f6894bd7fa66.roa
File:                     287539b4-e5a4-4c02-a836-f6894bd7fa66.roa (raw, json)
Hash identifier:          NhZKd9wq1FjvR8E/zJ2l3DDXpflJyJubVT0EvtU5HJo=
Subject key identifier:   E4:A0:4E:F1:55:1B:AD:61:F0:18:A7:DE:D8:AA:4F:45:88:00:28:95
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       745B2B685E772CACE2C105951D536C6F2F5D99CD
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/287539b4-e5a4-4c02-a836-f6894bd7fa66.roa
Signing time:             Wed 14 Dec 2022 00:00:00 +0000
ROA not before:           Wed 14 Dec 2022 00:00:00 +0000
ROA not after:            Sat 17 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:5b:2b:68:5e:77:2c:ac:e2:c1:05:95:1d:53:6c:6f:2f:5d:99:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 14 00:00:00 2022 GMT
            Not After : Dec 17 23:59:59 2022 GMT
        Subject: serialNumber=94353e8224c0947f3ad103e6d8e8afdc91dca74f1521bb47db080f78c4d71dfe, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6d:ef:02:88:62:fe:a8:68:aa:96:0e:37:1b:
                    71:28:2b:f7:9e:67:81:e2:53:30:01:96:89:77:6f:
                    24:70:cc:ee:83:69:e3:7d:be:b4:0d:9b:5a:8d:e6:
                    94:5a:4e:f0:80:4a:21:e6:01:4c:32:ed:b0:10:3b:
                    21:1f:b3:ee:e4:f5:bd:9c:93:d6:cb:cd:c9:92:66:
                    06:d2:34:b5:bb:f6:2a:67:dd:86:fc:11:1b:8b:da:
                    11:f3:f4:a3:b0:70:a7:84:99:eb:80:9f:c2:ed:63:
                    7a:21:bb:d9:80:08:da:a7:fe:3a:1e:a0:d6:2e:52:
                    ac:8f:f9:b3:61:a4:27:0c:6a:eb:6a:aa:db:5b:7f:
                    8c:82:e7:e4:dd:f6:8d:17:5c:1c:f8:87:85:aa:5a:
                    a8:c8:25:d8:a4:8a:79:fd:ff:8f:14:39:65:0f:12:
                    02:3f:7a:14:1b:44:33:6e:0b:19:49:01:51:c5:18:
                    19:e9:88:a1:64:28:87:dd:37:7b:48:67:3d:51:02:
                    46:f9:2e:8e:d2:4c:90:2b:b7:ce:2a:64:e2:56:64:
                    3c:47:51:a6:d7:0c:88:32:e5:88:2a:cd:00:5d:06:
                    1d:13:9a:da:6b:7f:b8:b5:2a:bc:c5:ea:fc:ba:b3:
                    08:25:5f:8b:55:f6:62:a7:00:2e:0e:46:3a:e5:d8:
                    1e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A0:4E:F1:55:1B:AD:61:F0:18:A7:DE:D8:AA:4F:45:88:00:28:95
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/287539b4-e5a4-4c02-a836-f6894bd7fa66.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:3a:78:9d:10:f8:95:a2:14:fd:a1:bc:15:47:c9:0c:07:d8:
         ef:f8:ce:36:ea:ee:bc:7e:35:9e:2d:c1:4e:fd:3d:6a:e9:b8:
         9f:31:05:d8:09:c0:b6:db:eb:77:a3:f1:85:1b:7a:a5:92:52:
         5c:35:67:87:3a:83:a0:77:56:09:be:c8:b2:39:a2:aa:16:49:
         97:a8:c2:dd:e1:50:59:46:88:dc:4b:c4:2e:26:44:2a:62:f8:
         9b:2d:2d:70:57:dd:25:58:e6:2c:97:08:90:b6:87:6b:74:8f:
         e0:ce:85:63:28:53:06:03:e1:11:47:c2:17:3f:a2:e8:37:02:
         87:05:db:56:54:72:58:e3:80:89:ee:11:cc:93:fc:97:36:39:
         e0:23:d8:97:f9:a2:57:9f:06:d7:36:7f:ec:47:f4:a0:56:01:
         8d:ca:9b:ed:6a:47:a8:8e:fa:83:b7:1f:1e:e7:9a:01:d2:56:
         55:7f:3a:f6:c8:f6:cf:ba:24:92:66:c5:6b:56:00:c2:dc:bb:
         42:f0:45:a5:bb:29:94:1f:a7:70:2f:97:7d:99:68:64:70:2d:
         01:4a:74:37:ef:46:d7:02:2c:ad:fd:23:95:3f:d9:77:c8:61:
         b2:29:21:40:d5:41:d5:00:1e:4d:a3:44:6f:2e:c7:90:cc:c5:
         18:0e:65:20
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdFsraF53LKziwQWVHVNsby9dmc0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE0MDAwMDAwWhcNMjIxMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTQzNTNlODIyNGMwOTQ3ZjNhZDEwM2U2ZDhlOGFmZGM5
MWRjYTc0ZjE1MjFiYjQ3ZGIwODBmNzhjNGQ3MWRmZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMZt7wKIYv6oaKqWDjcbcSgr955ngeJTMAGWiXdvJHDM7oNp432+
tA2bWo3mlFpO8IBKIeYBTDLtsBA7IR+z7uT1vZyT1svNyZJmBtI0tbv2KmfdhvwR
G4vaEfP0o7Bwp4SZ64Cfwu1jeiG72YAI2qf+Oh6g1i5SrI/5s2GkJwxq62qq21t/
jILn5N32jRdcHPiHhapaqMgl2KSKef3/jxQ5ZQ8SAj96FBtEM24LGUkBUcUYGemI
oWQoh903e0hnPVECRvkujtJMkCu3zipk4lZkPEdRptcMiDLliCrNAF0GHROa2mt/
uLUqvMXq/LqzCCVfi1X2YqcALg5GOuXYHhsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTkoE7xVRutYfAYp97Yqk9FiAAolTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjg3NTM5YjQtZTVhNC00YzAyLWE4MzYtZjY4OTRiZDdmYTY2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFs6eJ0Q+JWiFP2h
vBVHyQwH2O/4zjbq7rx+NZ4twU79PWrpuJ8xBdgJwLbb63ej8YUbeqWSUlw1Z4c6
g6B3Vgm+yLI5oqoWSZeowt3hUFlGiNxLxC4mRCpi+JstLXBX3SVY5iyXCJC2h2t0
j+DOhWMoUwYD4RFHwhc/oug3AocF21ZUcljjgInuEcyT/Jc2OeAj2Jf5olefBtc2
f+xH9KBWAY3Km+1qR6iO+oO3Hx7nmgHSVlV/OvbI9s+6JJJmxWtWAMLcu0LwRaW7
KZQfp3Avl32ZaGRwLQFKdDfvRtcCLK39I5U/2XfIYbIpIUDVQdUAHk2jRG8ux5DM
xRgOZSA=
-----END CERTIFICATE-----