Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41f183be-1c71-4f35-8206-6990de1a9449.roa
File:                     41f183be-1c71-4f35-8206-6990de1a9449.roa (raw, json)
Hash identifier:          2lKA+zwzgT3LD+t8bIe6VcHH1avJehz/S+EJK8zaNWA=
Subject key identifier:   1B:57:7E:03:65:0A:8D:78:18:1A:81:25:C4:FD:40:09:A8:15:79:52
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6BCB411B2740330AB984D931B806542000880862
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41f183be-1c71-4f35-8206-6990de1a9449.roa
Signing time:             Tue 04 Oct 2022 00:00:00 +0000
ROA not before:           Tue 04 Oct 2022 00:00:00 +0000
ROA not after:            Fri 07 Oct 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:cb:41:1b:27:40:33:0a:b9:84:d9:31:b8:06:54:20:00:88:08:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Oct  4 00:00:00 2022 GMT
            Not After : Oct  7 23:59:59 2022 GMT
        Subject: serialNumber=1f2d2a7f64025d124c068d45beb565bee2f3a107f8b45ae08599a68810dbfe85, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:80:f0:b4:4a:dd:1e:76:b8:a7:7e:72:d5:80:
                    96:30:44:2c:a0:b2:dd:0d:0d:32:3a:80:5f:a9:da:
                    63:dd:a2:20:39:dd:e9:e0:d1:1d:28:96:8e:99:22:
                    16:5e:fd:5b:4c:ad:75:ce:69:18:40:f3:5a:a7:30:
                    15:58:7f:03:d2:17:2a:f0:33:b3:45:e4:77:ca:17:
                    03:47:62:8b:55:0f:97:28:df:f4:cb:b3:c5:74:fe:
                    57:c1:1b:e1:fe:fc:9d:0a:13:ce:b3:01:cf:46:00:
                    c0:91:bb:95:57:ce:89:1e:b6:ae:5e:e2:45:48:95:
                    41:e6:00:59:0b:b1:6c:b6:ee:99:b2:d5:4d:f0:6f:
                    0f:9f:1a:84:e5:7b:21:02:a4:3a:48:16:b2:a1:8d:
                    05:27:40:8c:38:94:49:97:8a:66:28:98:6a:0c:05:
                    d2:79:4f:00:45:6c:7f:4a:ff:24:7a:31:cb:41:31:
                    1b:cf:09:d4:61:27:8e:1d:ad:cc:0b:55:55:67:74:
                    fc:63:13:3f:f0:8e:a2:07:a0:de:1e:ab:2e:cd:35:
                    02:cc:c0:18:51:9b:48:5b:c4:a3:50:9f:82:d2:c5:
                    b3:a0:8e:62:21:59:8a:d9:62:2b:6f:8e:94:53:53:
                    90:18:f1:a2:15:4e:27:f5:9c:56:e0:10:a6:0c:a4:
                    24:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:57:7E:03:65:0A:8D:78:18:1A:81:25:C4:FD:40:09:A8:15:79:52
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41f183be-1c71-4f35-8206-6990de1a9449.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:6d:49:85:38:12:fe:4e:86:af:bf:c7:ab:a3:b2:41:a2:c0:
         fc:7b:17:d1:87:02:44:44:80:ca:3f:41:fc:fc:b0:98:93:4b:
         d1:1a:51:11:c2:63:64:ef:e5:7f:c9:35:e4:ae:bb:ad:ce:1c:
         ef:e8:de:f3:e9:c9:4c:08:73:00:34:e7:30:0d:8c:4b:41:f8:
         0c:22:43:0c:9d:bd:ab:8b:61:18:8e:7b:2f:39:aa:65:cc:83:
         70:30:b6:07:68:05:d0:c8:3a:f9:43:aa:0e:f0:4a:f5:71:23:
         1c:a6:56:17:99:31:c1:19:50:ae:13:73:0b:34:6f:f5:56:c3:
         f2:6f:ca:e7:b3:c5:3b:ab:fe:90:1f:35:51:d9:b0:29:68:8f:
         69:34:16:63:18:05:5e:08:cf:b3:26:da:ea:6a:fa:b1:aa:9e:
         78:3c:7a:e1:ab:a4:79:ad:ca:c4:c4:75:03:24:7b:03:91:34:
         78:3c:89:0e:1d:83:b6:9e:87:b2:50:2b:9b:75:23:f8:0c:3a:
         18:88:5a:7d:eb:47:b9:a7:77:bf:f5:d3:43:67:4f:bb:e1:d1:
         51:fe:76:9f:ae:ec:94:43:63:eb:c0:c1:67:2b:8a:5c:71:46:
         b5:57:a6:fe:04:49:9e:7a:08:f1:83:ca:f8:13:ad:1b:23:23:
         a9:5c:96:ee
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUa8tBGydAMwq5hNkxuAZUIACICGIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMDA0MDAwMDAwWhcNMjIxMDA3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWYyZDJhN2Y2NDAyNWQxMjRjMDY4ZDQ1YmViNTY1YmVl
MmYzYTEwN2Y4YjQ1YWUwODU5OWE2ODgxMGRiZmU4NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJeA8LRK3R52uKd+ctWAljBELKCy3Q0NMjqAX6naY92iIDnd6eDR
HSiWjpkiFl79W0ytdc5pGEDzWqcwFVh/A9IXKvAzs0Xkd8oXA0dii1UPlyjf9Muz
xXT+V8Eb4f78nQoTzrMBz0YAwJG7lVfOiR62rl7iRUiVQeYAWQuxbLbumbLVTfBv
D58ahOV7IQKkOkgWsqGNBSdAjDiUSZeKZiiYagwF0nlPAEVsf0r/JHoxy0ExG88J
1GEnjh2tzAtVVWd0/GMTP/COogeg3h6rLs01AszAGFGbSFvEo1CfgtLFs6COYiFZ
itliK2+OlFNTkBjxohVOJ/WcVuAQpgykJGkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQbV34DZQqNeBgagSXE/UAJqBV5UjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDFmMTgzYmUtMWM3MS00ZjM1LTgyMDYtNjk5MGRlMWE5NDQ5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC5tSYU4Ev5Ohq+/
x6ujskGiwPx7F9GHAkREgMo/Qfz8sJiTS9EaURHCY2Tv5X/JNeSuu63OHO/o3vPp
yUwIcwA05zANjEtB+AwiQwydvauLYRiOey85qmXMg3AwtgdoBdDIOvlDqg7wSvVx
IxymVheZMcEZUK4Tcws0b/VWw/JvyuezxTur/pAfNVHZsCloj2k0FmMYBV4Iz7Mm
2upq+rGqnng8euGrpHmtysTEdQMkewORNHg8iQ4dg7aeh7JQK5t1I/gMOhiIWn3r
R7mnd7/100NnT7vh0VH+dp+u7JRDY+vAwWcrilxxRrVXpv4ESZ56CPGDyvgTrRsj
I6lclu4=
-----END CERTIFICATE-----