Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/392ddd2f-fe98-4d65-b5a1-de9fadf2a929.roa
File:                     392ddd2f-fe98-4d65-b5a1-de9fadf2a929.roa (raw, json)
Hash identifier:          Sfc3mDXzPcsZvkYw/n7+fPZ9LTGVVTOCpD+71QuFry8=
Subject key identifier:   A5:D8:A7:50:F1:08:C4:66:77:A1:E5:EE:C1:EF:5D:D3:3D:5C:F8:D6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       43BD2895E29960526E704C83CC78CE912896D54F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/392ddd2f-fe98-4d65-b5a1-de9fadf2a929.roa
Signing time:             Mon 18 Jul 2022 00:00:00 +0000
ROA not before:           Mon 18 Jul 2022 00:00:00 +0000
ROA not after:            Thu 21 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:bd:28:95:e2:99:60:52:6e:70:4c:83:cc:78:ce:91:28:96:d5:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 18 00:00:00 2022 GMT
            Not After : Jul 21 23:59:59 2022 GMT
        Subject: serialNumber=51ad35a10f716cb1f9e8410487fdebc077db62de03d5cecf4434d9bc97baf461, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0f:da:be:0a:43:5a:8d:88:ba:98:52:21:25:
                    fc:50:ad:55:e7:3a:b5:81:ec:28:bb:b1:02:a2:df:
                    73:6e:d8:3b:0c:7f:a5:a0:c3:ba:7f:9c:8e:ba:30:
                    c1:ba:b2:a3:1a:81:ef:4e:f6:31:2f:f0:c0:4e:d1:
                    11:00:fe:ad:69:41:07:7a:df:10:aa:47:ec:ef:0f:
                    da:25:5b:bf:93:e3:44:de:07:bf:a3:e1:b7:2c:65:
                    8a:4a:22:69:1c:cc:1f:c0:00:a7:12:49:46:86:d1:
                    73:10:53:1b:bf:3b:7e:e6:37:1f:79:dc:db:a3:c1:
                    0d:df:35:9e:1c:ed:8c:5e:68:c6:c4:ba:a5:d8:7c:
                    48:a6:9b:78:21:87:67:c6:34:68:ef:f8:a1:f5:2b:
                    8a:38:07:4b:dc:4c:bf:5d:dd:ab:ef:57:22:d7:2e:
                    29:78:1a:88:bc:68:28:49:99:b9:07:52:80:18:57:
                    47:f6:d9:ee:2a:00:6c:2c:1f:4d:5e:c9:1c:fd:b8:
                    8f:8e:62:56:d0:2f:b7:56:f2:8d:e3:79:19:ef:92:
                    da:76:1f:41:f0:43:02:ba:54:73:47:29:a2:8c:59:
                    86:c0:cf:b3:ac:30:10:01:14:c8:38:fa:6a:c4:8f:
                    b2:73:d6:7a:60:2c:ae:7a:cf:e3:b4:7b:5e:56:5d:
                    ab:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:D8:A7:50:F1:08:C4:66:77:A1:E5:EE:C1:EF:5D:D3:3D:5C:F8:D6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/392ddd2f-fe98-4d65-b5a1-de9fadf2a929.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:61:32:1c:fe:16:e4:80:67:6d:3c:d7:16:22:a8:59:97:4e:
         fe:14:8e:7b:7c:c8:c2:ba:12:ce:cb:b6:ba:b8:c9:eb:d6:ad:
         37:5c:cf:c5:59:2e:41:6b:89:3f:17:dc:a1:4f:b7:e3:b1:3c:
         9c:91:e1:a9:f0:63:66:81:6e:2b:7c:30:65:08:35:85:06:5e:
         95:b7:f2:c9:b7:0b:74:cf:ba:93:4f:52:e5:f2:49:a1:78:5a:
         8e:a5:6f:b5:41:12:88:f3:5b:8b:37:76:82:a9:33:86:92:c7:
         b1:30:27:98:06:c8:b7:5f:5b:dc:5c:b8:b8:15:3f:8a:32:41:
         23:50:12:4f:67:83:13:b1:f5:b8:80:a2:04:94:c2:f4:3a:b4:
         bc:67:f7:57:a9:a4:cb:fa:6e:99:e0:5f:3a:9f:c3:7c:75:a5:
         62:79:83:a5:d7:56:0d:d8:8c:55:0b:af:30:0a:25:7a:01:63:
         f3:e2:87:18:62:23:d5:68:83:1b:37:08:03:14:96:13:15:63:
         65:ef:40:24:c3:78:ad:05:91:f3:04:5e:92:86:93:36:62:c9:
         03:50:c8:c5:2e:b7:4b:af:8b:33:bf:84:09:0e:69:bf:b7:59:
         f2:59:db:10:6b:df:d1:d6:6b:67:5c:59:25:e5:2d:99:2e:a3:
         3a:d2:36:99
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQ70oleKZYFJucEyDzHjOkSiW1U8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzE4MDAwMDAwWhcNMjIwNzIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANTFhZDM1YTEwZjcxNmNiMWY5ZTg0MTA0ODdmZGViYzA3
N2RiNjJkZTAzZDVjZWNmNDQzNGQ5YmM5N2JhZjQ2MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMcP2r4KQ1qNiLqYUiEl/FCtVec6tYHsKLuxAqLfc27YOwx/paDD
un+cjrowwbqyoxqB7072MS/wwE7REQD+rWlBB3rfEKpH7O8P2iVbv5PjRN4Hv6Ph
tyxlikoiaRzMH8AApxJJRobRcxBTG787fuY3H3nc26PBDd81nhztjF5oxsS6pdh8
SKabeCGHZ8Y0aO/4ofUrijgHS9xMv13dq+9XItcuKXgaiLxoKEmZuQdSgBhXR/bZ
7ioAbCwfTV7JHP24j45iVtAvt1byjeN5Ge+S2nYfQfBDArpUc0cpooxZhsDPs6ww
EAEUyDj6asSPsnPWemAsrnrP47R7XlZdq4UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSl2KdQ8QjEZneh5e7B713TPVz41jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzkyZGRkMmYtZmU5OC00ZDY1LWI1YTEtZGU5ZmFkZjJhOTI5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABlhMhz+FuSAZ208
1xYiqFmXTv4Ujnt8yMK6Es7Ltrq4yevWrTdcz8VZLkFriT8X3KFPt+OxPJyR4anw
Y2aBbit8MGUINYUGXpW38sm3C3TPupNPUuXySaF4Wo6lb7VBEojzW4s3doKpM4aS
x7EwJ5gGyLdfW9xcuLgVP4oyQSNQEk9ngxOx9biAogSUwvQ6tLxn91eppMv6bpng
Xzqfw3x1pWJ5g6XXVg3YjFULrzAKJXoBY/PihxhiI9Vogxs3CAMUlhMVY2XvQCTD
eK0FkfMEXpKGkzZiyQNQyMUut0uvizO/hAkOab+3WfJZ2xBr39HWa2dcWSXlLZku
ozrSNpk=
-----END CERTIFICATE-----