Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41018866-fe36-4e95-b98c-e787ff642547.roa
File:                     41018866-fe36-4e95-b98c-e787ff642547.roa (raw, json)
Hash identifier:          iTpMeyOze5z08pUazTJ8hBZtqhi112mLIiWu8dAHWpo=
Subject key identifier:   31:F3:D4:18:40:A9:3D:20:1D:38:D6:55:4F:70:E1:6D:0F:79:2A:31
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4467C9511D90E5BA047924F33068C1F793FA16C7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41018866-fe36-4e95-b98c-e787ff642547.roa
Signing time:             Sat 31 Dec 2022 00:00:00 +0000
ROA not before:           Sat 31 Dec 2022 00:00:00 +0000
ROA not after:            Tue 03 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:67:c9:51:1d:90:e5:ba:04:79:24:f3:30:68:c1:f7:93:fa:16:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 31 00:00:00 2022 GMT
            Not After : Jan  3 23:59:59 2023 GMT
        Subject: serialNumber=90c161caa97b10e5d8571c5d85865c24a0fb016afd19f9c58aaa9146aebdebcd, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6a:7b:d5:be:88:bf:bb:76:03:42:e1:b3:25:
                    8a:99:52:0f:ab:56:78:ca:9e:ef:35:7e:2b:8c:6e:
                    e6:d3:39:a5:d5:b7:04:2f:69:6e:42:a4:40:d6:ab:
                    38:b3:ec:77:b1:0e:c2:70:2d:22:18:90:71:e7:42:
                    60:af:32:44:79:ee:56:55:94:28:dc:af:45:56:22:
                    b2:f3:95:33:33:c4:f4:19:02:61:9f:a7:35:33:f7:
                    02:57:ae:26:b6:fc:08:ab:36:70:87:b0:e2:7e:eb:
                    c6:09:64:b2:8e:1f:a4:89:aa:47:b0:23:f2:1a:83:
                    70:6b:8b:ee:47:59:9f:98:b1:3f:cd:fa:19:ca:79:
                    a1:ee:b4:e4:62:c1:8d:71:d3:9a:55:33:cc:f7:95:
                    2f:69:c2:ab:e5:08:c9:16:ba:42:de:fc:4c:27:cd:
                    0a:a6:d7:bd:41:0d:86:d8:75:1a:3c:1f:7d:96:7b:
                    59:f1:09:d8:bd:54:30:a5:50:f9:a3:82:56:c0:c5:
                    55:df:51:81:2e:6c:3b:72:58:72:01:fc:a4:8a:a4:
                    b5:0a:eb:9a:be:10:a4:ba:88:40:a7:8a:58:82:06:
                    6a:5c:a6:b7:00:37:d0:28:fa:5d:6d:ca:7f:f2:69:
                    8a:72:72:0e:ca:f8:21:72:a5:4c:3f:b3:ec:08:49:
                    8a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:F3:D4:18:40:A9:3D:20:1D:38:D6:55:4F:70:E1:6D:0F:79:2A:31
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41018866-fe36-4e95-b98c-e787ff642547.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:69:6d:50:e1:15:c7:19:0d:8c:22:f0:a3:6b:54:c0:29:53:
         df:00:4d:be:3e:25:92:d8:10:91:fe:7e:16:3a:1b:cc:0b:df:
         e0:84:81:05:d4:1e:ca:35:ef:2a:2d:4b:8b:60:da:ed:8e:ba:
         ce:ce:ae:cc:ef:4d:48:32:85:20:00:22:5b:67:49:86:dc:0b:
         90:6a:ff:9b:08:1f:99:14:53:6e:7b:34:b2:e4:0f:a0:96:7c:
         8f:6c:cf:ab:7d:e7:4b:ff:21:71:b2:b7:73:7d:2d:06:6e:06:
         82:bd:7b:ec:7e:39:dd:34:41:cd:9d:fd:37:35:6d:9d:7c:90:
         f3:17:79:07:c7:d2:2f:24:f2:e9:00:b7:11:da:72:54:0d:9a:
         a6:6e:1f:51:af:5d:44:c8:14:54:16:c2:4f:f6:92:33:8a:56:
         76:c6:f0:8c:ec:dd:0f:db:e5:39:eb:4a:2f:60:f7:cc:d6:e5:
         1b:a1:32:07:90:32:6b:53:56:bf:46:92:2b:c5:57:a9:1f:25:
         da:b8:17:f7:f8:85:a0:8f:e6:08:e4:d6:be:d9:f7:b2:f2:85:
         82:f2:7b:d5:33:19:28:e8:ee:86:59:de:5e:77:03:21:6a:41:
         79:36:b1:f5:9d:b8:61:08:cb:8e:55:98:14:28:43:90:91:38:
         8f:aa:27:f6
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURGfJUR2Q5boEeSTzMGjB95P6FscwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjMxMDAwMDAwWhcNMjMwMTAzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTBjMTYxY2FhOTdiMTBlNWQ4NTcxYzVkODU4NjVjMjRh
MGZiMDE2YWZkMTlmOWM1OGFhYTkxNDZhZWJkZWJjZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK9qe9W+iL+7dgNC4bMliplSD6tWeMqe7zV+K4xu5tM5pdW3BC9p
bkKkQNarOLPsd7EOwnAtIhiQcedCYK8yRHnuVlWUKNyvRVYisvOVMzPE9BkCYZ+n
NTP3AleuJrb8CKs2cIew4n7rxglkso4fpImqR7Aj8hqDcGuL7kdZn5ixP836Gcp5
oe605GLBjXHTmlUzzPeVL2nCq+UIyRa6Qt78TCfNCqbXvUENhth1GjwffZZ7WfEJ
2L1UMKVQ+aOCVsDFVd9RgS5sO3JYcgH8pIqktQrrmr4QpLqIQKeKWIIGalymtwA3
0Cj6XW3Kf/JpinJyDsr4IXKlTD+z7AhJir0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQx89QYQKk9IB041lVPcOFtD3kqMTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDEwMTg4NjYtZmUzNi00ZTk1LWI5OGMtZTc4N2ZmNjQyNTQ3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACdpbVDhFccZDYwi
8KNrVMApU98ATb4+JZLYEJH+fhY6G8wL3+CEgQXUHso17yotS4tg2u2Ous7Orszv
TUgyhSAAIltnSYbcC5Bq/5sIH5kUU257NLLkD6CWfI9sz6t950v/IXGyt3N9LQZu
BoK9e+x+Od00Qc2d/Tc1bZ18kPMXeQfH0i8k8ukAtxHaclQNmqZuH1GvXUTIFFQW
wk/2kjOKVnbG8Izs3Q/b5TnrSi9g98zW5RuhMgeQMmtTVr9GkivFV6kfJdq4F/f4
haCP5gjk1r7Z97LyhYLye9UzGSjo7oZZ3l53AyFqQXk2sfWduGEIy45VmBQoQ5CR
OI+qJ/Y=
-----END CERTIFICATE-----