Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ca84755-9c2f-4583-9a28-976fe19688e0.roa
File:                     3ca84755-9c2f-4583-9a28-976fe19688e0.roa (raw, json)
Hash identifier:          SoIFphFroDwt5xLnvb6eaB7zC7iW0vqNY977xW3gi6I=
Subject key identifier:   9E:26:77:F5:75:4A:6C:1D:72:68:DE:10:B1:FF:C2:4D:AF:9F:C9:5B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       539E853B9B88AFC8F6F81A3E9D21EEFE0D056D09
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ca84755-9c2f-4583-9a28-976fe19688e0.roa
Signing time:             Fri 09 Dec 2022 00:00:00 +0000
ROA not before:           Fri 09 Dec 2022 00:00:00 +0000
ROA not after:            Mon 12 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:9e:85:3b:9b:88:af:c8:f6:f8:1a:3e:9d:21:ee:fe:0d:05:6d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  9 00:00:00 2022 GMT
            Not After : Dec 12 23:59:59 2022 GMT
        Subject: serialNumber=fb174e2b92177dadf3e7839a0a2f8835906ef3b624827c2992a0dc374e97b8e3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9c:e1:be:e6:08:42:be:68:68:a5:69:c2:94:
                    0c:78:78:44:16:53:0e:89:2c:18:bd:08:ad:3a:a0:
                    c6:d7:da:d2:6a:6f:56:70:f7:2b:94:83:cc:76:53:
                    90:63:d9:f7:a1:af:7c:10:ed:ff:3a:77:49:86:d8:
                    4e:ee:93:3f:79:7b:4d:09:8d:4d:bc:02:0f:4e:80:
                    1d:be:48:0c:e8:da:46:c0:4d:6a:a7:2f:58:0f:45:
                    5b:64:96:e0:d7:54:be:33:d9:91:e7:a3:12:cd:84:
                    2d:d3:f2:4a:f9:61:0c:f6:d6:11:94:27:3d:47:50:
                    b8:64:21:83:a9:e4:e4:df:ae:39:31:42:86:d4:0c:
                    ea:ba:17:a2:95:2b:76:56:c7:8e:6c:37:18:20:c9:
                    fc:27:03:15:46:ce:68:81:b5:7c:29:cb:e5:47:a4:
                    87:55:f3:30:bd:64:34:fe:f8:14:80:6d:7e:f6:10:
                    3d:99:f8:b0:2e:d9:28:e7:43:27:e5:82:34:df:ca:
                    50:57:63:73:ff:bb:3c:ed:64:56:bf:e4:06:1b:c2:
                    1a:e4:6b:bb:5e:6b:e7:f6:03:c7:30:5c:8e:e1:81:
                    bc:14:35:58:ae:3f:5f:3e:ad:2e:8f:50:c3:16:28:
                    10:f2:06:c4:c4:6f:5b:08:43:fe:e0:f1:5c:48:da:
                    01:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:26:77:F5:75:4A:6C:1D:72:68:DE:10:B1:FF:C2:4D:AF:9F:C9:5B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ca84755-9c2f-4583-9a28-976fe19688e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:36:f8:4c:1b:01:5b:df:b3:a4:35:3d:92:d9:db:9f:b2:b8:
         31:a0:7a:c2:47:90:2a:ea:81:c1:92:3f:b3:61:d9:75:93:fe:
         5b:00:19:d3:65:ad:e8:15:48:d7:e7:47:eb:4d:e5:86:b2:9e:
         80:9e:1d:c2:bf:94:18:65:7c:3a:ec:05:96:92:47:4d:25:e6:
         f5:fb:91:80:d9:aa:dd:21:b5:f5:87:cf:3c:4f:9f:91:fc:1b:
         4f:7d:25:10:ff:87:de:18:7d:b1:89:02:0f:13:12:fe:c0:0f:
         5e:f4:3f:8f:6b:c9:26:22:96:7c:ad:b0:0f:84:c1:23:8c:b8:
         cb:e6:70:80:85:8f:09:81:05:bf:c4:72:4c:79:f8:e1:90:aa:
         10:31:33:a5:04:45:0e:c3:d7:e4:f1:ed:c8:93:e6:d5:b8:b4:
         d4:82:66:01:ca:67:67:42:97:f2:e5:da:4c:fa:a8:06:06:d1:
         9f:ef:63:f7:ba:a0:0d:e1:80:27:ca:fb:27:73:28:3e:ac:0d:
         c1:e0:bc:ba:cb:a8:2b:88:dd:90:49:3a:da:95:87:55:6d:1e:
         ce:e3:e3:06:ab:2f:76:d0:45:f8:95:a1:76:74:90:bd:88:f3:
         80:57:db:ad:09:1c:17:b9:ea:8d:c7:1c:bf:27:ef:1f:da:64:
         97:13:51:21
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUU56FO5uIr8j2+Bo+nSHu/g0FbQkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjA5MDAwMDAwWhcNMjIxMjEyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmIxNzRlMmI5MjE3N2RhZGYzZTc4MzlhMGEyZjg4MzU5
MDZlZjNiNjI0ODI3YzI5OTJhMGRjMzc0ZTk3YjhlMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJyc4b7mCEK+aGilacKUDHh4RBZTDoksGL0IrTqgxtfa0mpvVnD3
K5SDzHZTkGPZ96GvfBDt/zp3SYbYTu6TP3l7TQmNTbwCD06AHb5IDOjaRsBNaqcv
WA9FW2SW4NdUvjPZkeejEs2ELdPySvlhDPbWEZQnPUdQuGQhg6nk5N+uOTFChtQM
6roXopUrdlbHjmw3GCDJ/CcDFUbOaIG1fCnL5Uekh1XzML1kNP74FIBtfvYQPZn4
sC7ZKOdDJ+WCNN/KUFdjc/+7PO1kVr/kBhvCGuRru15r5/YDxzBcjuGBvBQ1WK4/
Xz6tLo9QwxYoEPIGxMRvWwhD/uDxXEjaAdUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSeJnf1dUpsHXJo3hCx/8JNr5/JWzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2NhODQ3NTUtOWMyZi00NTgzLTlhMjgtOTc2ZmUxOTY4OGUwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFE2+EwbAVvfs6Q1
PZLZ25+yuDGgesJHkCrqgcGSP7Nh2XWT/lsAGdNlregVSNfnR+tN5YaynoCeHcK/
lBhlfDrsBZaSR00l5vX7kYDZqt0htfWHzzxPn5H8G099JRD/h94YfbGJAg8TEv7A
D170P49rySYilnytsA+EwSOMuMvmcICFjwmBBb/Eckx5+OGQqhAxM6UERQ7D1+Tx
7ciT5tW4tNSCZgHKZ2dCl/Ll2kz6qAYG0Z/vY/e6oA3hgCfK+ydzKD6sDcHgvLrL
qCuI3ZBJOtqVh1VtHs7j4warL3bQRfiVoXZ0kL2I84BX260JHBe56o3HHL8n7x/a
ZJcTUSE=
-----END CERTIFICATE-----