Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/328a632e-78b0-4e27-9dfd-75fce6ba31e6.roa
File:                     328a632e-78b0-4e27-9dfd-75fce6ba31e6.roa (raw, json)
Hash identifier:          HpHoodYjppR8eh7KRR78pbe0zvH+rczD59ztIinnoPE=
Subject key identifier:   F2:C4:7A:58:D7:85:D8:68:46:B7:36:4D:4E:BC:C7:C8:88:71:B9:A2
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       63286419CFA443C8947E90B1D20FA5244549674E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/328a632e-78b0-4e27-9dfd-75fce6ba31e6.roa
Signing time:             Sun 24 Jul 2022 00:00:00 +0000
ROA not before:           Sun 24 Jul 2022 00:00:00 +0000
ROA not after:            Wed 27 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:28:64:19:cf:a4:43:c8:94:7e:90:b1:d2:0f:a5:24:45:49:67:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 24 00:00:00 2022 GMT
            Not After : Jul 27 23:59:59 2022 GMT
        Subject: serialNumber=eab2ed1a24a0f857d74ed93aae550daf0b842d10a7de214900b9f9a163d6cd0a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:34:a1:7d:1f:7c:fd:18:6a:83:f9:3b:99:2a:
                    74:e2:19:f2:b3:a0:6c:39:8f:58:73:37:da:c2:13:
                    b8:51:60:6e:26:5d:50:67:81:47:3a:70:bc:29:64:
                    ff:40:83:04:3f:bc:e8:27:59:59:72:c0:7f:c5:0c:
                    42:e9:56:d4:a6:d4:ff:64:b2:ac:fe:48:e5:60:4c:
                    cf:d5:20:ac:f2:ac:58:cc:80:ca:04:93:12:8c:da:
                    aa:f1:4f:fc:04:d3:88:32:81:46:b1:a2:24:70:58:
                    cc:82:b7:3d:e0:f2:63:f5:f8:79:78:55:22:f5:26:
                    16:73:62:a3:65:53:c0:6d:ce:a4:b0:86:49:a7:a0:
                    07:e2:63:74:2b:c3:a2:bb:ca:94:4e:19:93:a3:0b:
                    07:0a:55:c0:c1:be:60:8c:1a:85:1c:64:95:03:f3:
                    a7:f1:4d:0c:54:cb:1f:4a:e8:1a:e9:98:5b:dc:2b:
                    6f:dc:94:a8:b5:a4:f4:4a:88:36:e6:d9:ac:c8:a3:
                    e7:bb:57:f1:84:5d:3d:6b:54:fd:69:2a:14:d9:23:
                    33:f2:8f:68:d9:6a:79:c6:4e:0b:5b:ad:b0:be:94:
                    c5:23:bd:36:f5:02:40:f6:c6:56:26:4c:79:64:8e:
                    be:b0:34:c7:03:f6:e5:93:46:60:75:c8:ab:d9:56:
                    ea:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:C4:7A:58:D7:85:D8:68:46:B7:36:4D:4E:BC:C7:C8:88:71:B9:A2
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/328a632e-78b0-4e27-9dfd-75fce6ba31e6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:dc:05:b6:63:ea:6b:1a:bb:d3:67:0d:e4:2b:d0:f8:29:72:
         d5:63:0d:13:b9:52:b8:9f:c9:ab:06:f9:a4:88:e0:d1:99:ec:
         34:1a:39:0a:68:00:f2:9b:fa:3e:b1:4a:ad:7b:82:30:78:65:
         0c:7b:7e:54:cc:67:7f:6d:c6:8a:38:86:7e:78:e1:d5:42:55:
         46:a5:68:cb:02:51:cf:28:40:c8:fe:e2:d9:d9:99:a5:64:e1:
         2e:bd:07:de:0e:e5:6a:66:45:d0:75:de:25:39:5d:16:85:d6:
         06:a6:98:bc:57:c9:fa:f9:d1:b4:06:ae:c8:a8:e6:01:0a:d7:
         12:98:10:07:ed:90:85:d0:ba:eb:40:f9:07:6e:f7:40:8c:cf:
         44:14:8f:9b:90:8a:64:52:bc:66:00:ea:7f:54:97:4c:22:04:
         13:e8:b0:0f:71:d1:f3:43:c6:a9:99:a2:ce:18:e3:4e:2f:08:
         90:87:0b:e1:a6:07:dc:9c:de:b3:cf:ae:ff:04:1a:15:ee:4b:
         fc:2b:20:c2:b9:f2:5a:fb:e8:e7:59:64:e5:68:8d:b7:5b:e9:
         be:5f:9a:eb:2f:df:5e:f5:9a:c3:6d:4a:5a:25:26:7c:1b:42:
         fa:47:27:47:6b:ac:3a:e1:40:c7:f1:03:8e:77:48:08:3d:e1:
         22:43:f9:8c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYyhkGc+kQ8iUfpCx0g+lJEVJZ04wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzI0MDAwMDAwWhcNMjIwNzI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZWFiMmVkMWEyNGEwZjg1N2Q3NGVkOTNhYWU1NTBkYWYw
Yjg0MmQxMGE3ZGUyMTQ5MDBiOWY5YTE2M2Q2Y2QwYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIc0oX0ffP0YaoP5O5kqdOIZ8rOgbDmPWHM32sITuFFgbiZdUGeB
RzpwvClk/0CDBD+86CdZWXLAf8UMQulW1KbU/2SyrP5I5WBMz9UgrPKsWMyAygST
EozaqvFP/ATTiDKBRrGiJHBYzIK3PeDyY/X4eXhVIvUmFnNio2VTwG3OpLCGSaeg
B+JjdCvDorvKlE4Zk6MLBwpVwMG+YIwahRxklQPzp/FNDFTLH0roGumYW9wrb9yU
qLWk9EqINubZrMij57tX8YRdPWtU/WkqFNkjM/KPaNlqecZOC1utsL6UxSO9NvUC
QPbGViZMeWSOvrA0xwP25ZNGYHXIq9lW6hUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTyxHpY14XYaEa3Nk1OvMfIiHG5ojAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzI4YTYzMmUtNzhiMC00ZTI3LTlkZmQtNzVmY2U2YmEzMWU2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACncBbZj6msau9Nn
DeQr0PgpctVjDRO5UrifyasG+aSI4NGZ7DQaOQpoAPKb+j6xSq17gjB4ZQx7flTM
Z39txoo4hn544dVCVUalaMsCUc8oQMj+4tnZmaVk4S69B94O5WpmRdB13iU5XRaF
1gammLxXyfr50bQGrsio5gEK1xKYEAftkIXQuutA+Qdu90CMz0QUj5uQimRSvGYA
6n9Ul0wiBBPosA9x0fNDxqmZos4Y404vCJCHC+GmB9yc3rPPrv8EGhXuS/wrIMK5
8lr76OdZZOVojbdb6b5fmusv3171msNtSlolJnwbQvpHJ0drrDrhQMfxA453SAg9
4SJD+Yw=
-----END CERTIFICATE-----