Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/35aedee7-e498-471e-9e3a-bc64f0e6c033.roa
File:                     35aedee7-e498-471e-9e3a-bc64f0e6c033.roa (raw, json)
Hash identifier:          KpqRkyoRt54cs7Pe53sRPnmSUtqD60ss3x4DvunsByU=
Subject key identifier:   6E:0D:FD:35:65:E6:7E:58:69:26:F9:44:30:8D:02:6E:6A:5C:D6:56
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       17A5F04D4230BB88B96B1D54209AABE768AAF9D6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/35aedee7-e498-471e-9e3a-bc64f0e6c033.roa
Signing time:             Thu 08 Sep 2022 00:00:00 +0000
ROA not before:           Thu 08 Sep 2022 00:00:00 +0000
ROA not after:            Sun 11 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:a5:f0:4d:42:30:bb:88:b9:6b:1d:54:20:9a:ab:e7:68:aa:f9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep  8 00:00:00 2022 GMT
            Not After : Sep 11 23:59:59 2022 GMT
        Subject: serialNumber=d2541cf2ca6b62e098ea7da6dc774b86ffd41913ae9a8dad0f3b17ebd70fce94, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:22:d0:4c:b0:c9:f8:08:78:c9:6e:43:cf:8e:
                    b6:1e:55:e6:8f:c0:8a:e9:77:32:d4:17:65:ec:df:
                    14:30:c4:4d:8c:11:48:e1:9a:33:fa:a5:f0:e0:1f:
                    5a:92:3c:e7:45:05:bf:7d:13:82:fe:4f:81:11:b2:
                    44:09:a2:91:2c:4d:cb:33:da:61:ea:dd:0b:e2:34:
                    e6:45:c5:56:d0:12:93:f4:6c:b1:6d:da:3f:36:b1:
                    9b:ab:ad:37:19:86:99:ce:3d:f5:6c:73:ea:77:b7:
                    84:24:9e:6b:fe:b1:c7:c6:d9:c2:bf:f0:29:04:1b:
                    1c:07:a1:32:1b:50:4a:b9:48:05:3f:96:b7:a6:66:
                    bf:34:2d:ea:de:8f:d7:46:07:1f:a1:cb:42:7c:43:
                    6b:7c:d7:fd:05:30:b6:13:8c:b4:df:60:c2:77:12:
                    07:5f:ee:55:8f:f5:68:01:3b:eb:c1:a1:f4:72:87:
                    a2:ec:f4:81:c1:92:b9:aa:d9:4f:7b:b6:ff:dc:58:
                    93:85:94:73:f4:ef:7c:44:09:af:bf:7c:d0:14:e6:
                    e2:da:ee:7d:9b:93:0f:83:2b:be:e3:9c:5f:43:c7:
                    0f:8a:06:45:aa:ef:7b:fb:db:79:76:a7:1f:35:0b:
                    70:9a:3a:76:2d:c5:92:98:5f:77:8b:a3:00:7d:82:
                    78:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:0D:FD:35:65:E6:7E:58:69:26:F9:44:30:8D:02:6E:6A:5C:D6:56
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/35aedee7-e498-471e-9e3a-bc64f0e6c033.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:16:1a:fa:11:9c:5b:85:34:31:6b:53:51:e4:cf:b6:16:9b:
         d0:05:5c:53:27:a8:1a:25:48:2e:e2:7c:53:83:69:be:32:c4:
         04:13:af:0f:b6:80:ef:f3:fd:a1:ea:31:86:c3:28:45:6a:47:
         19:a9:dd:95:6c:eb:b2:a1:c0:7a:86:fb:38:c3:29:1b:5a:0b:
         ac:68:33:96:a5:55:4c:7e:77:70:f6:07:f2:15:a2:c3:71:4f:
         f2:92:c6:57:3b:00:24:bb:dc:31:18:5f:5a:ff:5f:be:46:b1:
         00:6f:14:31:cd:86:3e:bc:dc:a7:92:bd:47:4e:e4:90:72:2a:
         15:b7:8f:d9:7d:3c:01:e9:46:68:54:41:bb:2e:a4:1b:b6:e7:
         7d:e7:c2:2c:92:8a:85:61:f7:1e:ed:19:05:07:8e:d3:3f:86:
         1b:0c:69:6d:40:b0:f1:ec:ad:0a:ce:bb:d9:a8:c3:bb:72:01:
         8e:7f:90:f6:1e:ba:a3:51:c0:73:82:47:db:b0:bd:9b:af:06:
         0d:eb:9e:34:a6:9f:2d:93:42:f2:d0:5d:96:d0:61:6d:b5:19:
         cc:1a:82:55:60:f4:22:7f:e9:b7:97:31:5a:1f:c4:04:34:4c:
         69:ab:fa:4e:37:73:8f:54:1c:aa:3d:85:87:3f:b9:7f:12:18:
         df:a5:e1:c4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUF6XwTUIwu4i5ax1UIJqr52iq+dYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTA4MDAwMDAwWhcNMjIwOTExMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDI1NDFjZjJjYTZiNjJlMDk4ZWE3ZGE2ZGM3NzRiODZm
ZmQ0MTkxM2FlOWE4ZGFkMGYzYjE3ZWJkNzBmY2U5NDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANci0EywyfgIeMluQ8+Oth5V5o/Aiul3MtQXZezfFDDETYwRSOGa
M/ql8OAfWpI850UFv30Tgv5PgRGyRAmikSxNyzPaYerdC+I05kXFVtASk/RssW3a
Pzaxm6utNxmGmc499Wxz6ne3hCSea/6xx8bZwr/wKQQbHAehMhtQSrlIBT+Wt6Zm
vzQt6t6P10YHH6HLQnxDa3zX/QUwthOMtN9gwncSB1/uVY/1aAE768Gh9HKHouz0
gcGSuarZT3u2/9xYk4WUc/TvfEQJr7980BTm4trufZuTD4MrvuOcX0PHD4oGRarv
e/vbeXanHzULcJo6di3Fkphfd4ujAH2CeNECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRuDf01ZeZ+WGkm+UQwjQJualzWVjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzVhZWRlZTctZTQ5OC00NzFlLTllM2EtYmM2NGYwZTZjMDMzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABAWGvoRnFuFNDFr
U1Hkz7YWm9AFXFMnqBolSC7ifFODab4yxAQTrw+2gO/z/aHqMYbDKEVqRxmp3ZVs
67KhwHqG+zjDKRtaC6xoM5alVUx+d3D2B/IVosNxT/KSxlc7ACS73DEYX1r/X75G
sQBvFDHNhj683KeSvUdO5JByKhW3j9l9PAHpRmhUQbsupBu2533nwiySioVh9x7t
GQUHjtM/hhsMaW1AsPHsrQrOu9mow7tyAY5/kPYeuqNRwHOCR9uwvZuvBg3rnjSm
ny2TQvLQXZbQYW21GcwaglVg9CJ/6beXMVofxAQ0TGmr+k43c49UHKo9hYc/uX8S
GN+l4cQ=
-----END CERTIFICATE-----