Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3b145ce3-f6cf-4c25-bc0a-b8cc3b34950e.roa
File:                     3b145ce3-f6cf-4c25-bc0a-b8cc3b34950e.roa (raw, json)
Hash identifier:          sM4NX71tj67UymC7BHmGZEXguQYpxoTntYYbQnslF/o=
Subject key identifier:   40:79:4E:CF:1B:E0:DF:37:F4:9F:C7:49:D2:89:94:55:DB:B9:2D:95
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7193EEC211248A00928BD5A4A64456A1A4DE2A3E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3b145ce3-f6cf-4c25-bc0a-b8cc3b34950e.roa
Signing time:             Sat 23 Jul 2022 00:00:00 +0000
ROA not before:           Sat 23 Jul 2022 00:00:00 +0000
ROA not after:            Tue 26 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:93:ee:c2:11:24:8a:00:92:8b:d5:a4:a6:44:56:a1:a4:de:2a:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 23 00:00:00 2022 GMT
            Not After : Jul 26 23:59:59 2022 GMT
        Subject: serialNumber=2c750e290f9f7a530c30ae8184eb79e92cf7c039c3a91d4e8a11354980b81915, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:15:e8:4c:68:fd:fe:60:ea:a6:7d:71:62:9e:
                    27:04:b1:d9:7e:5b:0a:b1:43:bc:92:c1:60:5c:e9:
                    b0:be:c5:31:91:70:db:22:8a:ef:3d:c3:13:6a:0f:
                    b1:67:35:1a:ca:57:42:be:5c:f5:e8:b2:0e:e1:36:
                    2a:19:72:9d:df:08:57:48:b5:d3:46:7e:2c:7a:65:
                    d2:b6:76:11:94:7c:d6:ae:31:6b:e0:19:6f:a8:2b:
                    fa:7d:50:7c:80:d7:a3:70:1f:a2:c9:7d:b9:25:9f:
                    61:91:05:d8:15:99:d1:aa:c7:d7:75:54:06:9f:1d:
                    90:35:4d:9b:fa:cb:96:3a:b7:10:16:23:ca:94:03:
                    2a:83:01:47:a0:0e:61:b8:2d:dc:99:59:b1:a1:91:
                    fd:18:44:38:a0:15:f5:e8:5a:24:f4:69:e6:06:7f:
                    71:df:85:f9:60:87:3c:ab:7d:c5:08:18:76:bc:15:
                    e2:d1:44:41:c4:fc:17:15:b6:4c:4c:2c:db:ab:82:
                    42:66:d6:9b:20:8a:e7:b5:f9:0a:90:1d:58:a7:b5:
                    26:1f:12:55:cb:ba:ab:eb:cf:d7:80:29:e5:c3:92:
                    61:2e:e8:d7:03:d6:ca:46:35:44:cd:b5:4a:31:cf:
                    17:5d:18:67:92:d8:78:fc:04:3d:6d:d6:bb:12:db:
                    4f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:79:4E:CF:1B:E0:DF:37:F4:9F:C7:49:D2:89:94:55:DB:B9:2D:95
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3b145ce3-f6cf-4c25-bc0a-b8cc3b34950e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:ae:d8:cb:6e:8a:82:3d:5a:df:2f:65:79:cf:bc:77:d3:e0:
         82:a3:95:7a:08:73:2e:22:70:f6:b5:2c:33:d4:a3:4b:0a:dc:
         3d:22:cd:44:8a:a5:69:93:52:a8:dc:0b:e1:0c:c7:c4:b6:59:
         97:72:1e:c4:64:f8:d9:19:b2:ac:76:7d:4b:82:e6:31:c4:2f:
         6c:d0:e2:b6:d1:5d:ec:a9:31:a7:fc:69:f7:14:ca:4d:cf:80:
         e2:60:06:b0:d2:51:26:26:37:51:d3:89:78:16:74:dd:fb:cc:
         7c:ea:29:db:9c:c2:d4:4c:40:1d:62:32:54:39:93:0b:30:7d:
         61:73:5e:ae:43:88:3f:cd:d2:e6:0f:40:76:eb:f4:c3:09:a5:
         33:da:5e:e4:c8:c2:1c:97:b1:67:3e:39:2b:2a:6f:51:29:bc:
         f6:55:7a:87:f3:d7:53:f3:40:5f:ab:56:77:50:8a:69:94:aa:
         3b:5f:82:7b:a9:62:7c:32:f0:a3:b4:70:c5:65:8f:d9:3a:c1:
         01:22:7e:10:97:87:0e:0e:18:26:13:73:15:7a:55:f5:5e:a1:
         fb:7a:79:06:42:83:06:2c:00:20:6b:56:69:84:4f:fa:89:87:
         9b:19:f2:11:5d:ef:37:15:e3:0f:10:8f:ae:44:f8:9e:ee:6e:
         cc:c8:d6:b3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcZPuwhEkigCSi9WkpkRWoaTeKj4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzIzMDAwMDAwWhcNMjIwNzI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmM3NTBlMjkwZjlmN2E1MzBjMzBhZTgxODRlYjc5ZTky
Y2Y3YzAzOWMzYTkxZDRlOGExMTM1NDk4MGI4MTkxNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOQV6Exo/f5g6qZ9cWKeJwSx2X5bCrFDvJLBYFzpsL7FMZFw2yKK
7z3DE2oPsWc1GspXQr5c9eiyDuE2Khlynd8IV0i100Z+LHpl0rZ2EZR81q4xa+AZ
b6gr+n1QfIDXo3Afosl9uSWfYZEF2BWZ0arH13VUBp8dkDVNm/rLljq3EBYjypQD
KoMBR6AOYbgt3JlZsaGR/RhEOKAV9ehaJPRp5gZ/cd+F+WCHPKt9xQgYdrwV4tFE
QcT8FxW2TEws26uCQmbWmyCK57X5CpAdWKe1Jh8SVcu6q+vP14Ap5cOSYS7o1wPW
ykY1RM21SjHPF10YZ5LYePwEPW3WuxLbTxcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRAeU7PG+DfN/Sfx0nSiZRV27ktlTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2IxNDVjZTMtZjZjZi00YzI1LWJjMGEtYjhjYzNiMzQ5NTBlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEmu2MtuioI9Wt8v
ZXnPvHfT4IKjlXoIcy4icPa1LDPUo0sK3D0izUSKpWmTUqjcC+EMx8S2WZdyHsRk
+NkZsqx2fUuC5jHEL2zQ4rbRXeypMaf8afcUyk3PgOJgBrDSUSYmN1HTiXgWdN37
zHzqKducwtRMQB1iMlQ5kwswfWFzXq5DiD/N0uYPQHbr9MMJpTPaXuTIwhyXsWc+
OSsqb1EpvPZVeofz11PzQF+rVndQimmUqjtfgnupYnwy8KO0cMVlj9k6wQEifhCX
hw4OGCYTcxV6VfVeoft6eQZCgwYsACBrVmmET/qJh5sZ8hFd7zcV4w8Qj65E+J7u
bszI1rM=
-----END CERTIFICATE-----