Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/32c723ae-d123-4778-ba44-c922b7110e28.roa
File:                     32c723ae-d123-4778-ba44-c922b7110e28.roa (raw, json)
Hash identifier:          dyvOaj84KRFq8wGI7N352C7hnAXJV07us3210x0XntU=
Subject key identifier:   C1:43:A3:55:50:76:54:4B:6D:9E:7F:A1:6A:D0:95:4E:69:F4:D5:2A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       06D44DD7551E16A7505C5264088C445FE9D9BCF8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/32c723ae-d123-4778-ba44-c922b7110e28.roa
Signing time:             Fri 16 Dec 2022 00:00:00 +0000
ROA not before:           Fri 16 Dec 2022 00:00:00 +0000
ROA not after:            Mon 19 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:d4:4d:d7:55:1e:16:a7:50:5c:52:64:08:8c:44:5f:e9:d9:bc:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 16 00:00:00 2022 GMT
            Not After : Dec 19 23:59:59 2022 GMT
        Subject: serialNumber=8c51cb06a44015b03a40f1e8d478a1f1683014a65de788fd9e955d5f0dd6cca8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c0:bd:14:15:15:a5:a1:43:c5:ed:cf:ed:c7:
                    f1:fd:3b:35:9f:32:9d:d5:a0:89:34:a5:17:f8:54:
                    bd:bf:16:8a:bf:f3:f3:82:6b:5d:32:be:98:4c:a8:
                    be:4b:25:15:15:5d:5b:e6:6f:3a:d4:17:79:61:9a:
                    cb:1f:e2:6c:b1:59:f6:33:05:04:f7:86:34:23:60:
                    70:ee:56:39:cd:3a:ac:bd:b6:25:48:56:c3:02:9e:
                    ba:1c:b7:45:53:5e:51:e3:9a:d7:d4:f7:d5:65:2e:
                    dd:44:0b:3d:4f:7c:cf:f2:31:3c:9c:6e:d8:76:82:
                    05:cb:39:d9:a2:29:59:dd:fb:ba:d5:75:d2:8e:d8:
                    19:05:2e:9f:e0:4f:04:94:7a:34:91:94:49:34:eb:
                    ac:c9:5f:3e:55:35:37:c7:6f:b4:50:65:5d:a1:22:
                    c2:93:4b:42:5f:15:ed:0c:23:68:a3:64:3f:65:85:
                    80:d5:1e:00:dd:a8:71:06:62:7d:92:89:ac:80:3c:
                    78:0a:1d:1d:c6:77:43:68:4e:87:b6:24:91:9c:80:
                    38:d8:cd:5d:c1:0a:db:7c:dc:99:1f:77:e5:b8:2e:
                    78:ae:55:c7:6a:a7:3d:86:38:42:dd:fb:3a:3a:70:
                    17:48:14:52:08:14:0a:f7:12:7a:91:e9:15:96:28:
                    dc:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:43:A3:55:50:76:54:4B:6D:9E:7F:A1:6A:D0:95:4E:69:F4:D5:2A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/32c723ae-d123-4778-ba44-c922b7110e28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:8d:52:1b:2e:7c:28:ed:7f:dd:62:43:80:65:93:66:a6:8b:
         fa:ef:0b:fb:57:ff:2f:63:94:e5:d8:0b:69:96:bc:58:9e:30:
         55:ea:6d:00:5f:b7:8a:72:19:14:ad:de:11:d7:a5:d6:48:51:
         25:6a:5a:b9:a1:42:c3:b2:bb:68:b0:f5:82:71:39:07:ba:cd:
         a2:ea:8a:9b:d2:37:bf:d2:fa:8c:7b:6e:b2:e1:56:31:08:44:
         c4:86:72:7f:7f:64:b1:64:1a:61:88:3b:01:5d:0f:89:c2:88:
         fd:5e:d7:44:a2:5b:2d:b8:04:43:80:f3:60:38:19:68:19:89:
         05:9c:58:6c:11:21:44:84:a9:db:ef:dd:a1:e3:4c:d3:a8:ff:
         63:6a:1d:c9:2a:98:d0:23:47:a3:e4:a7:91:fb:b6:6c:6f:ba:
         2e:67:b0:4f:9d:e1:b1:ee:0a:a6:b7:07:75:a5:f2:cb:35:cb:
         f9:13:76:4e:f8:bb:56:d6:ee:9a:b7:8d:7f:fb:ae:f3:51:05:
         b6:47:97:65:46:c5:f4:6e:65:de:0c:f4:21:e6:4f:7f:6b:a4:
         9d:93:67:c2:41:f7:ff:2d:48:ef:7b:4a:df:20:7c:46:1d:71:
         85:ad:80:68:5e:75:7a:c2:f6:40:6e:5e:ba:91:d8:45:90:69:
         32:f3:b5:33
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBtRN11UeFqdQXFJkCIxEX+nZvPgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE2MDAwMDAwWhcNMjIxMjE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOGM1MWNiMDZhNDQwMTViMDNhNDBmMWU4ZDQ3OGExZjE2
ODMwMTRhNjVkZTc4OGZkOWU5NTVkNWYwZGQ2Y2NhODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK7AvRQVFaWhQ8Xtz+3H8f07NZ8yndWgiTSlF/hUvb8Wir/z84Jr
XTK+mEyovkslFRVdW+ZvOtQXeWGayx/ibLFZ9jMFBPeGNCNgcO5WOc06rL22JUhW
wwKeuhy3RVNeUeOa19T31WUu3UQLPU98z/IxPJxu2HaCBcs52aIpWd37utV10o7Y
GQUun+BPBJR6NJGUSTTrrMlfPlU1N8dvtFBlXaEiwpNLQl8V7QwjaKNkP2WFgNUe
AN2ocQZifZKJrIA8eAodHcZ3Q2hOh7YkkZyAONjNXcEK23zcmR935bgueK5Vx2qn
PYY4Qt37OjpwF0gUUggUCvcSepHpFZYo3I8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTBQ6NVUHZUS22ef6Fq0JVOafTVKjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzJjNzIzYWUtZDEyMy00Nzc4LWJhNDQtYzkyMmI3MTEwZTI4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG6NUhsufCjtf91i
Q4Blk2ami/rvC/tX/y9jlOXYC2mWvFieMFXqbQBft4pyGRSt3hHXpdZIUSVqWrmh
QsOyu2iw9YJxOQe6zaLqipvSN7/S+ox7brLhVjEIRMSGcn9/ZLFkGmGIOwFdD4nC
iP1e10SiWy24BEOA82A4GWgZiQWcWGwRIUSEqdvv3aHjTNOo/2NqHckqmNAjR6Pk
p5H7tmxvui5nsE+d4bHuCqa3B3Wl8ss1y/kTdk74u1bW7pq3jX/7rvNRBbZHl2VG
xfRuZd4M9CHmT39rpJ2TZ8JB9/8tSO97St8gfEYdcYWtgGhedXrC9kBuXrqR2EWQ
aTLztTM=
-----END CERTIFICATE-----