Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/48affb76-ad32-4eed-8714-ecd48ffbf16a.roa
File:                     48affb76-ad32-4eed-8714-ecd48ffbf16a.roa (raw, json)
Hash identifier:          LuTNDMB0vsA8VShEhGDZ40fNywH6MaDYBh0ViNBMth0=
Subject key identifier:   87:5B:8A:69:06:28:BC:87:DC:2C:AA:EA:1A:A8:3A:56:68:36:ED:45
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       43C2526843D244AFC6B0DA9E2732A9AB1632BFE7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/48affb76-ad32-4eed-8714-ecd48ffbf16a.roa
Signing time:             Mon 19 Sep 2022 00:00:00 +0000
ROA not before:           Mon 19 Sep 2022 00:00:00 +0000
ROA not after:            Thu 22 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:c2:52:68:43:d2:44:af:c6:b0:da:9e:27:32:a9:ab:16:32:bf:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 19 00:00:00 2022 GMT
            Not After : Sep 22 23:59:59 2022 GMT
        Subject: serialNumber=af75ac55a26e70a7c100558f47e65e68753977d159cb3724b6598d75e2d86221, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:31:b9:5a:89:bb:8c:f4:53:6f:7c:2f:3b:25:
                    f4:64:6a:61:93:bf:00:1b:7b:3b:e1:84:d3:83:b8:
                    5e:e3:b0:63:7f:f8:f5:c9:6e:f8:e8:a2:cc:0a:2c:
                    33:e8:10:fc:a8:3a:0e:53:5f:21:d2:3c:3f:1a:fd:
                    bf:cf:22:8f:3f:91:31:b6:83:35:03:4a:b3:df:67:
                    9c:e9:e4:d5:f5:8c:a9:80:1e:ed:86:6a:46:2c:3f:
                    50:82:84:db:f2:fc:ee:a6:61:81:12:0b:cc:ab:c8:
                    2c:ac:af:87:68:ab:1b:a1:30:60:08:e0:c1:e8:be:
                    fe:04:c7:d9:2b:79:75:b2:a0:bb:b4:bf:bd:a6:a5:
                    e6:dd:a9:c4:e7:ab:76:30:cc:86:5e:7c:6e:4a:bd:
                    33:52:80:c0:c9:14:d1:66:0e:a0:da:58:88:4c:61:
                    e9:7a:6c:d4:8c:e5:47:f2:6e:03:84:f0:3f:2c:49:
                    fe:8b:b0:98:aa:57:34:9f:0c:c9:7f:28:8b:58:61:
                    a5:d5:1a:d6:32:12:97:8b:46:e9:00:58:7a:0e:3a:
                    ae:a3:95:33:16:db:25:22:ce:36:fe:d1:e1:d6:7c:
                    09:cc:1c:6a:9d:47:b4:db:25:2d:8f:5f:76:1c:52:
                    4c:3d:59:e9:f3:da:7f:18:86:90:ec:3e:f0:ff:96:
                    70:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:5B:8A:69:06:28:BC:87:DC:2C:AA:EA:1A:A8:3A:56:68:36:ED:45
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/48affb76-ad32-4eed-8714-ecd48ffbf16a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:e2:8a:1d:49:51:ae:a7:09:90:f2:ee:12:bc:e0:f2:db:24:
         02:db:ff:99:cf:95:85:d1:ba:b1:8e:cc:bf:d4:8b:24:d8:1a:
         7a:32:d8:ee:40:7e:d1:bc:a7:2f:2b:c2:b4:e8:05:4a:96:7b:
         63:3c:c3:82:23:99:8e:ab:6b:9c:15:67:73:c4:44:ec:fb:43:
         a3:2a:b4:b6:cf:fc:ab:61:57:24:70:cc:3a:06:36:73:d6:cc:
         ad:e7:1e:a0:ab:0d:0c:59:8e:50:ab:8f:72:4b:2c:d5:93:96:
         08:5c:dd:c2:fb:63:ae:cf:09:68:6c:db:17:c6:49:22:c4:9b:
         9c:0e:c4:72:ad:2c:fc:c9:57:3b:13:f8:73:78:e7:7c:5b:10:
         9a:75:a0:1e:df:65:ff:0a:f5:10:1f:f3:aa:34:73:58:7b:75:
         0b:68:28:6f:a5:d1:ef:79:63:12:93:9b:c6:9c:cf:fa:77:b3:
         31:3c:45:da:ac:1d:9e:72:a3:4e:08:d6:8f:10:ba:26:42:bf:
         e1:6f:48:c5:2b:58:32:f0:ad:e1:f8:d3:75:da:fe:4a:06:10:
         e7:2b:a6:03:05:7e:53:0b:13:77:01:a5:96:3e:48:d8:d7:1a:
         2d:a0:a3:c8:57:d9:66:a2:e9:ff:68:09:ac:e0:d2:f1:89:6a:
         49:2a:57:5b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQ8JSaEPSRK/GsNqeJzKpqxYyv+cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTE5MDAwMDAwWhcNMjIwOTIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWY3NWFjNTVhMjZlNzBhN2MxMDA1NThmNDdlNjVlNjg3
NTM5NzdkMTU5Y2IzNzI0YjY1OThkNzVlMmQ4NjIyMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOgxuVqJu4z0U298Lzsl9GRqYZO/ABt7O+GE04O4XuOwY3/49clu
+OiizAosM+gQ/Kg6DlNfIdI8Pxr9v88ijz+RMbaDNQNKs99nnOnk1fWMqYAe7YZq
Riw/UIKE2/L87qZhgRILzKvILKyvh2irG6EwYAjgwei+/gTH2St5dbKgu7S/vaal
5t2pxOerdjDMhl58bkq9M1KAwMkU0WYOoNpYiExh6Xps1IzlR/JuA4TwPyxJ/ouw
mKpXNJ8MyX8oi1hhpdUa1jISl4tG6QBYeg46rqOVMxbbJSLONv7R4dZ8Ccwcap1H
tNslLY9fdhxSTD1Z6fPafxiGkOw+8P+WcOECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSHW4ppBii8h9wsquoaqDpWaDbtRTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDhhZmZiNzYtYWQzMi00ZWVkLTg3MTQtZWNkNDhmZmJmMTZhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD3iih1JUa6nCZDy
7hK84PLbJALb/5nPlYXRurGOzL/UiyTYGnoy2O5AftG8py8rwrToBUqWe2M8w4Ij
mY6ra5wVZ3PEROz7Q6MqtLbP/KthVyRwzDoGNnPWzK3nHqCrDQxZjlCrj3JLLNWT
lghc3cL7Y67PCWhs2xfGSSLEm5wOxHKtLPzJVzsT+HN453xbEJp1oB7fZf8K9RAf
86o0c1h7dQtoKG+l0e95YxKTm8acz/p3szE8RdqsHZ5yo04I1o8QuiZCv+FvSMUr
WDLwreH403Xa/koGEOcrpgMFflMLE3cBpZY+SNjXGi2go8hX2Wai6f9oCazg0vGJ
akkqV1s=
-----END CERTIFICATE-----