Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ec09334-0b4f-4089-9d1a-c61f79398e3c.roa
File:                     3ec09334-0b4f-4089-9d1a-c61f79398e3c.roa (raw, json)
Hash identifier:          +ZxjfrtioI0VZ/9+Yruyw3fuPGXdRfW3+0njtUdaTzQ=
Subject key identifier:   DE:CA:94:0F:87:04:FC:3B:50:03:AE:36:25:2C:C7:68:7D:86:8B:E6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       620C99B6725366B2884713F1F97C3FC64C2EBE70
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ec09334-0b4f-4089-9d1a-c61f79398e3c.roa
Signing time:             Sun 04 Dec 2022 00:00:00 +0000
ROA not before:           Sun 04 Dec 2022 00:00:00 +0000
ROA not after:            Wed 07 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:0c:99:b6:72:53:66:b2:88:47:13:f1:f9:7c:3f:c6:4c:2e:be:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  4 00:00:00 2022 GMT
            Not After : Dec  7 23:59:59 2022 GMT
        Subject: serialNumber=513e96fdbcdbf474590d7f2f8fbc2541a546bf28f4c37a91043fab53f8299c85, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6f:d8:69:26:2d:0e:6d:a4:dd:b5:f1:54:d8:
                    49:2b:48:bb:8b:b6:19:5d:f6:52:9f:c5:8f:7e:54:
                    12:e9:ca:df:e1:93:cf:ad:16:8c:8b:04:0b:b3:2e:
                    f0:7d:5e:ac:6c:49:d9:0f:5a:82:72:bb:1f:63:38:
                    e3:53:74:2b:05:47:bc:90:66:00:a4:ed:7e:53:00:
                    82:55:ae:86:3a:9b:f3:cc:7f:d4:38:0c:e0:2e:16:
                    d3:62:6f:5e:32:56:a6:4b:63:61:20:36:c2:97:68:
                    0b:f7:2b:ba:f1:fa:e8:c2:c4:91:00:29:79:06:2a:
                    09:a5:72:7d:1a:c0:32:92:74:92:6c:3d:78:ba:16:
                    35:32:a4:6b:bc:fe:3e:5b:ff:89:49:fb:71:64:b1:
                    62:a8:2d:58:94:b6:6f:d8:17:1f:7d:d4:55:46:54:
                    0d:42:3c:43:5c:86:2a:39:7c:09:24:a4:25:41:d7:
                    00:c0:55:86:33:75:73:d5:78:ac:33:ce:1a:79:54:
                    e4:6b:a2:57:f1:09:91:72:b7:c6:2a:f2:3c:69:7f:
                    b8:1b:99:c0:63:48:b2:30:f3:12:c9:31:06:3c:f6:
                    02:ae:80:7c:2d:44:fa:0c:d3:5f:2f:f8:c6:96:2a:
                    be:17:bf:8e:6b:bd:41:d5:79:22:f8:45:d1:97:b2:
                    31:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:CA:94:0F:87:04:FC:3B:50:03:AE:36:25:2C:C7:68:7D:86:8B:E6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ec09334-0b4f-4089-9d1a-c61f79398e3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:e6:26:ba:68:90:9c:26:d9:c6:e7:1c:52:f3:e4:bb:ab:16:
         03:b9:ef:c3:ee:8d:42:6b:b8:bc:fa:05:17:6c:ee:0a:17:86:
         2b:05:33:4f:43:b7:47:a1:80:c4:f2:9a:0f:51:d6:9f:4a:f3:
         a1:2f:f3:d8:bd:94:af:6d:ef:e7:9b:07:cf:e5:70:bd:3f:ee:
         12:13:12:02:b8:b6:46:c5:d0:81:13:55:15:0c:39:9c:da:5e:
         f3:68:45:a1:a1:ae:de:97:f3:13:8d:a2:b9:51:a8:21:2e:46:
         16:3c:da:c7:8d:50:56:77:21:59:40:19:67:e3:8f:fc:f0:12:
         4d:9a:8e:b6:92:0c:d3:88:c3:c1:07:92:84:db:7f:65:3f:e3:
         42:fc:2d:ca:89:9e:e3:08:a3:ff:f6:de:a7:cc:2b:ad:30:f3:
         7f:f4:64:be:df:98:fd:0e:83:30:3a:9c:f9:8c:60:0a:3c:9d:
         58:c5:7c:fc:8b:0f:9f:f6:6f:b8:95:47:30:dd:4e:ba:b4:91:
         bf:55:ce:f6:9c:d3:46:01:c9:f5:6c:2d:48:1a:ae:1d:e0:c9:
         8f:61:0f:94:63:1e:48:aa:08:84:2a:1e:92:b8:22:ae:d6:c0:
         d7:fc:5c:2a:31:fc:e0:d7:33:35:36:55:c3:2b:73:a7:fe:3f:
         8a:15:04:9a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYgyZtnJTZrKIRxPx+Xw/xkwuvnAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjA0MDAwMDAwWhcNMjIxMjA3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTEzZTk2ZmRiY2RiZjQ3NDU5MGQ3ZjJmOGZiYzI1NDFh
NTQ2YmYyOGY0YzM3YTkxMDQzZmFiNTNmODI5OWM4NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALVv2GkmLQ5tpN218VTYSStIu4u2GV32Up/Fj35UEunK3+GTz60W
jIsEC7Mu8H1erGxJ2Q9agnK7H2M441N0KwVHvJBmAKTtflMAglWuhjqb88x/1DgM
4C4W02JvXjJWpktjYSA2wpdoC/cruvH66MLEkQApeQYqCaVyfRrAMpJ0kmw9eLoW
NTKka7z+Plv/iUn7cWSxYqgtWJS2b9gXH33UVUZUDUI8Q1yGKjl8CSSkJUHXAMBV
hjN1c9V4rDPOGnlU5GuiV/EJkXK3xiryPGl/uBuZwGNIsjDzEskxBjz2Aq6AfC1E
+gzTXy/4xpYqvhe/jmu9QdV5IvhF0ZeyMYUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTeypQPhwT8O1ADrjYlLMdofYaL5jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2VjMDkzMzQtMGI0Zi00MDg5LTlkMWEtYzYxZjc5Mzk4ZTNjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFPmJrpokJwm2cbn
HFLz5LurFgO578PujUJruLz6BRds7goXhisFM09Dt0ehgMTymg9R1p9K86Ev89i9
lK9t7+ebB8/lcL0/7hITEgK4tkbF0IETVRUMOZzaXvNoRaGhrt6X8xONorlRqCEu
RhY82seNUFZ3IVlAGWfjj/zwEk2ajraSDNOIw8EHkoTbf2U/40L8LcqJnuMIo//2
3qfMK60w83/0ZL7fmP0OgzA6nPmMYAo8nVjFfPyLD5/2b7iVRzDdTrq0kb9Vzvac
00YByfVsLUgarh3gyY9hD5RjHkiqCIQqHpK4Iq7WwNf8XCox/ODXMzU2VcMrc6f+
P4oVBJo=
-----END CERTIFICATE-----