Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3d8e7e10-dd3d-454a-8e60-af1643fd44d0.roa
File:                     3d8e7e10-dd3d-454a-8e60-af1643fd44d0.roa (raw, json)
Hash identifier:          adDL0fd3khZJPtuUs+UvQd9anq4nso18IQtfPCQI28E=
Subject key identifier:   1F:CA:36:DD:EB:4A:3D:3B:95:64:D7:3F:9A:1C:8B:11:34:5D:8E:3A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       473617A10562B1E205E3E57417499CFD014FED54
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3d8e7e10-dd3d-454a-8e60-af1643fd44d0.roa
Signing time:             Mon 26 Dec 2022 00:00:00 +0000
ROA not before:           Mon 26 Dec 2022 00:00:00 +0000
ROA not after:            Thu 29 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:36:17:a1:05:62:b1:e2:05:e3:e5:74:17:49:9c:fd:01:4f:ed:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 26 00:00:00 2022 GMT
            Not After : Dec 29 23:59:59 2022 GMT
        Subject: serialNumber=f770e791e1d42b5ac03bb6455f61ad3b592696661472344520b2ec59eb8cf4bb, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2e:cb:fa:be:0c:72:29:90:43:74:05:95:d5:
                    43:f8:f9:41:69:aa:d0:f5:be:8e:be:cb:dd:28:4c:
                    9b:51:c6:ef:3c:81:2e:30:90:17:5b:ef:ab:6a:79:
                    4a:f2:13:7e:95:b9:2e:f8:b3:f5:6e:b6:d9:b0:0f:
                    38:33:c2:52:0a:be:08:e9:35:e2:43:52:76:f6:6c:
                    cc:fd:98:a6:0a:2d:7e:c7:4d:90:1e:98:2b:ac:b0:
                    d8:18:43:64:c6:ac:10:66:1a:cc:ac:88:86:05:84:
                    a3:ad:22:bf:6c:a9:2a:dd:f3:96:8f:38:b2:d7:7c:
                    86:97:4d:98:48:3d:d0:9f:3a:0d:17:80:62:e2:e5:
                    14:5f:0d:53:1d:bb:ba:44:b8:de:7b:d1:ed:e0:ad:
                    13:c0:e8:bf:7c:11:d8:f2:6b:5f:b2:4d:f7:6c:61:
                    a2:e4:16:33:53:16:f2:d1:f5:9e:66:e1:98:52:76:
                    2c:91:62:1f:e2:25:0f:a2:bc:14:5e:d7:6b:8d:a2:
                    9f:18:58:d8:e4:2b:e1:b0:a3:de:87:a5:e3:5a:4b:
                    ed:d9:8a:73:7e:f3:97:cf:27:94:72:82:e7:f1:b8:
                    30:3b:3b:98:e6:ed:83:8a:ae:92:1d:0c:a8:9c:34:
                    3c:6a:e7:9a:38:86:30:fd:89:70:e7:3b:99:5d:a0:
                    f2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:CA:36:DD:EB:4A:3D:3B:95:64:D7:3F:9A:1C:8B:11:34:5D:8E:3A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3d8e7e10-dd3d-454a-8e60-af1643fd44d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:b3:10:61:c0:5f:38:b9:8d:fe:72:47:06:a1:bc:f8:6b:42:
         c5:7f:b8:44:90:56:ec:a9:40:ae:31:61:f6:5d:6f:f6:59:81:
         79:1d:f4:a8:34:33:fb:a4:e7:65:9c:1e:f6:aa:32:c8:3f:0f:
         f4:9c:96:01:05:3b:8d:8a:82:de:75:ff:03:59:bd:17:c7:65:
         b5:f6:e8:25:32:6c:03:f9:e0:6f:97:7f:45:e5:88:3c:81:fd:
         4c:d8:53:12:cc:c5:ba:d2:10:f0:40:81:1b:0d:60:9d:57:ac:
         6f:31:e9:94:63:12:7e:4e:34:ce:9a:6e:81:63:7c:83:02:b1:
         17:b8:d6:74:67:cb:3a:2f:57:25:f1:a0:07:dc:29:e0:59:76:
         95:65:ee:e1:4f:b6:75:8f:dd:e5:7f:e4:e5:58:a6:74:1e:ab:
         6f:cd:40:04:b4:37:61:30:9e:50:d2:57:19:8d:34:39:a6:ed:
         4f:0a:59:d1:4a:c2:77:88:0e:37:ed:43:4c:9c:d1:02:0a:a0:
         f8:a5:3c:25:bb:5f:7b:cc:67:a8:ec:90:f1:35:48:d1:85:4f:
         ce:d8:fa:3f:15:38:7f:5e:56:e2:bf:15:43:9d:18:bd:be:84:
         5d:aa:b7:99:53:17:bd:05:a1:a3:e7:88:55:da:af:c4:57:ea:
         18:2a:bf:4b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURzYXoQViseIF4+V0F0mc/QFP7VQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI2MDAwMDAwWhcNMjIxMjI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjc3MGU3OTFlMWQ0MmI1YWMwM2JiNjQ1NWY2MWFkM2I1
OTI2OTY2NjE0NzIzNDQ1MjBiMmVjNTllYjhjZjRiYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALsuy/q+DHIpkEN0BZXVQ/j5QWmq0PW+jr7L3ShMm1HG7zyBLjCQ
F1vvq2p5SvITfpW5Lviz9W622bAPODPCUgq+COk14kNSdvZszP2YpgotfsdNkB6Y
K6yw2BhDZMasEGYazKyIhgWEo60iv2ypKt3zlo84std8hpdNmEg90J86DReAYuLl
FF8NUx27ukS43nvR7eCtE8Dov3wR2PJrX7JN92xhouQWM1MW8tH1nmbhmFJ2LJFi
H+IlD6K8FF7Xa42inxhY2OQr4bCj3oel41pL7dmKc37zl88nlHKC5/G4MDs7mObt
g4qukh0MqJw0PGrnmjiGMP2JcOc7mV2g8lcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQfyjbd60o9O5Vk1z+aHIsRNF2OOjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2Q4ZTdlMTAtZGQzZC00NTRhLThlNjAtYWYxNjQzZmQ0NGQwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALazEGHAXzi5jf5y
RwahvPhrQsV/uESQVuypQK4xYfZdb/ZZgXkd9Kg0M/uk52WcHvaqMsg/D/SclgEF
O42Kgt51/wNZvRfHZbX26CUybAP54G+Xf0XliDyB/UzYUxLMxbrSEPBAgRsNYJ1X
rG8x6ZRjEn5ONM6aboFjfIMCsRe41nRnyzovVyXxoAfcKeBZdpVl7uFPtnWP3eV/
5OVYpnQeq2/NQAS0N2EwnlDSVxmNNDmm7U8KWdFKwneIDjftQ0yc0QIKoPilPCW7
X3vMZ6jskPE1SNGFT87Y+j8VOH9eVuK/FUOdGL2+hF2qt5lTF70FoaPniFXar8RX
6hgqv0s=
-----END CERTIFICATE-----