Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33b9c7cb-a26f-42e5-be43-5cc182c396c7.roa
File:                     33b9c7cb-a26f-42e5-be43-5cc182c396c7.roa (raw, json)
Hash identifier:          /i88R2501XVZdpHbiROGj4Pz6DR3hUiJNR7nnDGn8QE=
Subject key identifier:   0E:0C:33:82:30:10:AA:9C:6E:2A:C9:C1:0F:BF:36:DA:D1:A7:48:3F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       04C01A5C676AE30A9CAE7C4B64090FB190807CCD
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33b9c7cb-a26f-42e5-be43-5cc182c396c7.roa
Signing time:             Wed 14 Sep 2022 00:00:00 +0000
ROA not before:           Wed 14 Sep 2022 00:00:00 +0000
ROA not after:            Sat 17 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c0:1a:5c:67:6a:e3:0a:9c:ae:7c:4b:64:09:0f:b1:90:80:7c:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 14 00:00:00 2022 GMT
            Not After : Sep 17 23:59:59 2022 GMT
        Subject: serialNumber=8ccc71644098e2e4fc4764abb2e9b4b60283827d103fa8302986ab88cadaab95, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d1:19:7f:63:c1:d0:f4:33:ea:24:34:fc:fb:
                    1e:70:b3:fd:f1:23:f2:69:f7:f8:93:1e:0b:a5:ae:
                    c1:23:07:bd:26:03:c7:64:3a:f8:7b:bd:7f:40:bf:
                    e9:61:af:a9:ba:ce:0a:41:96:22:de:64:0a:77:6d:
                    ee:e4:3c:86:25:d9:8d:69:d2:5c:e6:62:30:5d:31:
                    42:5c:e8:7a:c7:2d:fe:ab:ba:0d:4a:9b:d3:2e:48:
                    25:7f:ee:46:ec:5b:6d:bc:4d:bc:a9:9a:99:37:cc:
                    38:b9:d3:55:9d:db:a3:9e:4f:c7:07:ea:e3:5d:b2:
                    66:f6:a2:04:4a:58:1c:3a:7e:78:1c:63:22:4e:ac:
                    ab:c2:e7:ed:6e:5d:3c:82:cc:06:68:4c:05:ec:30:
                    52:51:94:e1:7b:00:05:b9:cf:a1:04:46:30:21:0c:
                    f3:a6:ad:f2:1f:ba:59:d8:2d:e0:59:9b:4e:b5:64:
                    8e:00:5a:e6:c9:c8:77:46:d9:61:0f:83:5c:d6:1b:
                    3c:e3:c2:5e:44:91:9a:a5:f2:6e:9d:94:99:fc:aa:
                    38:a8:b6:cc:84:17:cc:d8:79:b5:07:f9:85:f8:f4:
                    d7:2a:f1:d6:04:f6:28:62:1c:ee:c6:c3:89:8c:8c:
                    24:35:6f:63:16:39:06:64:87:8c:bc:3a:c9:a0:06:
                    7f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:0C:33:82:30:10:AA:9C:6E:2A:C9:C1:0F:BF:36:DA:D1:A7:48:3F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33b9c7cb-a26f-42e5-be43-5cc182c396c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:d5:08:38:34:f8:bf:67:f2:70:05:0c:44:d7:62:71:5a:cb:
         87:b4:5b:97:a5:ad:4f:83:b6:e3:65:8b:a9:b9:84:e2:38:51:
         24:a3:e6:2a:8d:5b:ed:9a:08:93:78:b0:c0:9d:e4:1b:f3:67:
         2d:05:49:15:a6:0d:89:9b:f9:f4:96:4f:0c:70:c1:6d:d9:ef:
         0f:f9:a9:c9:81:15:91:73:b9:dc:06:18:31:f2:38:c9:22:05:
         fe:46:f2:31:17:3c:2a:f6:18:9b:a3:81:a5:41:36:7e:18:2b:
         25:c5:5f:c8:ae:96:f3:98:75:a9:95:b9:fb:ea:97:96:de:53:
         45:bb:b0:9d:b2:77:d8:05:fb:e4:89:7c:5e:01:17:94:72:b6:
         ce:87:5b:e3:d9:7b:8f:dd:2f:e6:09:c0:ff:47:7d:b3:af:c2:
         d2:46:77:8e:7d:39:f4:86:3c:e1:d9:be:d4:06:1d:fe:d6:08:
         e8:4d:1c:0f:51:24:59:1d:c5:08:49:57:b1:60:ad:6e:42:a3:
         7c:a6:3e:47:a5:0d:9a:80:79:cf:6e:26:38:b1:78:bc:81:22:
         d5:4f:4f:c0:f0:d7:3d:7a:ed:d9:fc:fb:fa:9c:5b:41:ff:da:
         55:f9:82:cf:93:a2:e7:9c:88:fb:31:a6:34:a5:10:18:ac:e9:
         33:dc:3f:6b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBMAaXGdq4wqcrnxLZAkPsZCAfM0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTE0MDAwMDAwWhcNMjIwOTE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOGNjYzcxNjQ0MDk4ZTJlNGZjNDc2NGFiYjJlOWI0YjYw
MjgzODI3ZDEwM2ZhODMwMjk4NmFiODhjYWRhYWI5NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMPRGX9jwdD0M+okNPz7HnCz/fEj8mn3+JMeC6WuwSMHvSYDx2Q6
+Hu9f0C/6WGvqbrOCkGWIt5kCndt7uQ8hiXZjWnSXOZiMF0xQlzoesct/qu6DUqb
0y5IJX/uRuxbbbxNvKmamTfMOLnTVZ3bo55Pxwfq412yZvaiBEpYHDp+eBxjIk6s
q8Ln7W5dPILMBmhMBewwUlGU4XsABbnPoQRGMCEM86at8h+6Wdgt4FmbTrVkjgBa
5snId0bZYQ+DXNYbPOPCXkSRmqXybp2UmfyqOKi2zIQXzNh5tQf5hfj01yrx1gT2
KGIc7sbDiYyMJDVvYxY5BmSHjLw6yaAGf3cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQODDOCMBCqnG4qycEPvzba0adIPzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzNiOWM3Y2ItYTI2Zi00MmU1LWJlNDMtNWNjMTgyYzM5NmM3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADvVCDg0+L9n8nAF
DETXYnFay4e0W5elrU+DtuNli6m5hOI4USSj5iqNW+2aCJN4sMCd5BvzZy0FSRWm
DYmb+fSWTwxwwW3Z7w/5qcmBFZFzudwGGDHyOMkiBf5G8jEXPCr2GJujgaVBNn4Y
KyXFX8iulvOYdamVufvql5beU0W7sJ2yd9gF++SJfF4BF5Ryts6HW+PZe4/dL+YJ
wP9HfbOvwtJGd459OfSGPOHZvtQGHf7WCOhNHA9RJFkdxQhJV7FgrW5Co3ymPkel
DZqAec9uJjixeLyBItVPT8Dw1z167dn8+/qcW0H/2lX5gs+ToueciPsxpjSlEBis
6TPcP2s=
-----END CERTIFICATE-----