Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3f652f15-c24b-4a94-a5fa-f6dd94549481.roa
File:                     3f652f15-c24b-4a94-a5fa-f6dd94549481.roa (raw, json)
Hash identifier:          zc7jKF4+rpS7D7Aa6tiyOF+Jqa9JCaE/Q+kvuucMFqM=
Subject key identifier:   10:E4:B1:90:BA:C5:20:9F:C0:16:D6:FA:07:78:BB:60:E6:36:9D:8B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2109FE16B18A37B8311F311CA5F73F23C3B005A3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3f652f15-c24b-4a94-a5fa-f6dd94549481.roa
Signing time:             Wed 28 Dec 2022 00:00:00 +0000
ROA not before:           Wed 28 Dec 2022 00:00:00 +0000
ROA not after:            Sat 31 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:09:fe:16:b1:8a:37:b8:31:1f:31:1c:a5:f7:3f:23:c3:b0:05:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 28 00:00:00 2022 GMT
            Not After : Dec 31 23:59:59 2022 GMT
        Subject: serialNumber=9d04575ee31a06364da65eccb8ec2c26148df1b08bd2de6c0748a9fac1409eb9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:91:28:6a:72:14:29:ac:88:84:ed:2c:28:5d:
                    c6:65:88:d7:b8:5e:e0:cb:bd:04:33:11:a9:6f:49:
                    f7:fd:b7:8b:c0:2d:67:69:2b:47:58:2e:d0:7e:a0:
                    58:a4:8d:c2:77:30:d3:b8:33:3b:41:0c:c7:57:d6:
                    6f:2e:b8:21:b2:03:78:c7:ea:78:14:5e:33:35:a4:
                    06:84:ef:b1:f2:30:a2:12:81:2b:fc:df:12:1b:95:
                    e2:15:0f:cb:20:32:b8:2a:9a:cc:e3:28:1e:25:8e:
                    f6:ca:31:2f:50:1a:57:7f:30:95:f3:11:62:42:c4:
                    6c:7a:d7:c1:a0:ff:19:b6:ac:ea:42:55:7d:6f:4c:
                    06:57:a9:23:f9:76:b7:f3:c9:e9:dd:7c:a7:28:44:
                    1a:7e:08:49:cc:68:2a:c1:bd:27:9a:a0:92:e6:8c:
                    85:77:bc:de:b4:cf:51:f2:e1:2e:da:b3:b4:9b:f8:
                    78:9d:73:39:31:fd:d2:e0:18:81:d9:2b:59:67:12:
                    37:3a:42:96:b2:75:fa:2a:27:83:7b:f9:a4:db:f4:
                    5c:8a:90:ce:57:7b:93:48:9d:84:dd:05:79:f8:72:
                    23:17:02:fc:a7:0e:02:8c:30:12:db:da:df:da:cd:
                    7c:53:db:49:1e:6d:54:6a:3b:ab:f0:02:f6:75:94:
                    62:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:E4:B1:90:BA:C5:20:9F:C0:16:D6:FA:07:78:BB:60:E6:36:9D:8B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3f652f15-c24b-4a94-a5fa-f6dd94549481.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:65:fa:6a:f9:6c:1a:f4:06:a4:c9:a5:7d:4a:2b:c2:1b:16:
         5c:68:fe:0e:f7:4d:b0:eb:68:3b:40:b2:96:b8:5e:22:70:86:
         87:e3:5c:b2:4c:5d:bd:4c:60:32:9a:c8:da:11:62:a8:c4:94:
         de:e0:b8:40:0b:70:5f:cb:6d:df:7d:99:d8:29:0f:da:1f:78:
         73:d4:d3:7a:80:58:65:fd:e4:7d:58:df:3e:da:13:dd:ab:39:
         4a:ca:97:d1:a8:6a:2a:55:8d:79:16:83:e7:d0:ee:11:4c:ae:
         34:59:0b:c4:e8:36:0c:17:f4:a5:9b:23:4b:10:0c:34:f6:66:
         46:97:77:da:1b:0a:a4:cf:bf:82:f6:6c:68:d3:49:5a:73:fe:
         ca:bf:01:b6:e4:18:bd:14:5b:2e:00:fe:41:a9:67:80:d8:c8:
         5f:77:25:dc:4f:92:52:b6:f9:22:26:d3:e7:57:17:c4:c6:d7:
         d7:8b:da:15:ca:ee:a2:0a:49:26:b3:a5:38:9e:68:a5:cd:fc:
         c7:d4:16:bf:4a:14:e8:56:ec:0e:98:93:9b:a4:3b:ea:9a:bc:
         cf:e9:b6:b6:08:56:d4:5f:53:d2:7f:40:b1:5a:6c:9f:89:d4:
         a2:13:e3:7e:ab:1a:4b:1e:b1:c2:dd:60:6b:b9:62:b1:a6:29:
         d1:7e:a0:68
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIQn+FrGKN7gxHzEcpfc/I8OwBaMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI4MDAwMDAwWhcNMjIxMjMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOWQwNDU3NWVlMzFhMDYzNjRkYTY1ZWNjYjhlYzJjMjYx
NDhkZjFiMDhiZDJkZTZjMDc0OGE5ZmFjMTQwOWViOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJyRKGpyFCmsiITtLChdxmWI17he4Mu9BDMRqW9J9/23i8AtZ2kr
R1gu0H6gWKSNwncw07gzO0EMx1fWby64IbIDeMfqeBReMzWkBoTvsfIwohKBK/zf
EhuV4hUPyyAyuCqazOMoHiWO9soxL1AaV38wlfMRYkLEbHrXwaD/Gbas6kJVfW9M
BlepI/l2t/PJ6d18pyhEGn4IScxoKsG9J5qgkuaMhXe83rTPUfLhLtqztJv4eJ1z
OTH90uAYgdkrWWcSNzpClrJ1+iong3v5pNv0XIqQzld7k0idhN0FefhyIxcC/KcO
AowwEtva39rNfFPbSR5tVGo7q/AC9nWUYq0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQQ5LGQusUgn8AW1voHeLtg5jadizAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2Y2NTJmMTUtYzI0Yi00YTk0LWE1ZmEtZjZkZDk0NTQ5NDgxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAVl+mr5bBr0BqTJ
pX1KK8IbFlxo/g73TbDraDtAspa4XiJwhofjXLJMXb1MYDKayNoRYqjElN7guEAL
cF/Lbd99mdgpD9ofeHPU03qAWGX95H1Y3z7aE92rOUrKl9GoaipVjXkWg+fQ7hFM
rjRZC8ToNgwX9KWbI0sQDDT2ZkaXd9obCqTPv4L2bGjTSVpz/sq/AbbkGL0UWy4A
/kGpZ4DYyF93JdxPklK2+SIm0+dXF8TG19eL2hXK7qIKSSazpTieaKXN/MfUFr9K
FOhW7A6Yk5ukO+qavM/ptrYIVtRfU9J/QLFabJ+J1KIT436rGksescLdYGu5YrGm
KdF+oGg=
-----END CERTIFICATE-----