Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4dc475cf-c9e3-445b-9b09-f82375ae85de.roa
File:                     4dc475cf-c9e3-445b-9b09-f82375ae85de.roa (raw, json)
Hash identifier:          m398fAZjPoRznLa7uJ8nMjextTr6k3KG9szxUdTE1rI=
Subject key identifier:   A7:C3:6D:CD:C4:E7:81:83:50:18:EA:91:E8:ED:B3:31:72:22:03:BE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2D586CDA9F5DC6140BA78D94568006AC8352EAE4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4dc475cf-c9e3-445b-9b09-f82375ae85de.roa
Signing time:             Wed 07 Dec 2022 00:00:00 +0000
ROA not before:           Wed 07 Dec 2022 00:00:00 +0000
ROA not after:            Sat 10 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:58:6c:da:9f:5d:c6:14:0b:a7:8d:94:56:80:06:ac:83:52:ea:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  7 00:00:00 2022 GMT
            Not After : Dec 10 23:59:59 2022 GMT
        Subject: serialNumber=d4afc6720ea0c76fed1b2deb0ac064f503454ffd0d77ff1a30640458510f3718, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:43:c2:13:3c:b6:ec:d8:b4:42:56:34:03:7e:
                    f3:36:81:fc:04:41:ef:04:c3:6e:d5:8d:dd:41:6f:
                    e2:85:1d:b9:97:3f:0b:5f:94:1f:d3:a9:08:06:cd:
                    c2:63:a2:00:ad:80:ad:ad:e5:35:eb:52:fb:51:bb:
                    f9:67:69:da:0a:4d:c7:7a:92:87:db:77:4e:22:ce:
                    b5:3b:b7:54:18:27:22:8f:42:a8:f5:b6:45:e7:23:
                    0c:16:53:25:ca:c6:cd:10:d5:0a:3a:78:4e:f8:36:
                    47:9b:38:e4:c1:76:58:09:25:42:3e:0f:37:b7:c7:
                    29:bb:f7:17:74:d4:7a:2e:5a:79:10:f8:46:74:ec:
                    f7:32:1b:d1:73:f9:13:fe:d6:38:42:a3:b3:06:56:
                    33:ef:43:d7:18:6d:bd:16:04:37:41:c4:d9:bb:eb:
                    5a:dc:7f:ec:3b:15:d5:ff:3b:4b:38:98:ac:3f:9e:
                    61:3e:4e:f0:38:7a:10:e7:3e:65:a8:aa:8d:23:26:
                    11:79:eb:e6:c9:8b:bf:af:96:66:7c:28:98:ea:f7:
                    40:5b:01:33:f8:11:1c:9c:07:66:fc:ab:5f:8a:a6:
                    ba:83:4a:35:92:b1:44:9b:d7:d4:da:5e:4a:29:e1:
                    87:3d:d9:4c:5c:56:93:60:83:ee:a2:23:35:a3:1e:
                    b7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:C3:6D:CD:C4:E7:81:83:50:18:EA:91:E8:ED:B3:31:72:22:03:BE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4dc475cf-c9e3-445b-9b09-f82375ae85de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:a8:0a:d7:4f:62:1f:ec:91:cc:83:5e:e3:49:b3:88:f3:de:
         e3:93:6f:48:9e:e0:7f:d9:a9:63:a6:ca:61:b0:27:54:bf:c2:
         fd:c5:57:c0:1c:a0:56:bb:6f:4e:08:56:4a:4c:d5:17:eb:ad:
         1c:d3:61:c4:4d:97:fc:f8:9f:b2:3c:9e:ca:37:fe:05:f6:43:
         42:f4:e4:b0:7d:af:d6:3f:40:27:4c:6b:f8:28:e4:d2:b0:6e:
         b5:c2:37:22:1c:6e:81:25:bb:a7:67:59:67:d3:67:b6:10:9b:
         b5:0f:8f:6d:d2:65:8d:2b:06:8e:2f:03:98:a6:24:8a:4f:80:
         8f:4e:dd:f1:56:1d:02:77:b9:c5:95:ed:9a:5a:19:6c:c8:a3:
         dc:30:9a:0f:3c:4a:4d:fb:0f:c6:b2:f1:90:33:0f:34:2d:84:
         6e:2b:7a:91:97:ca:45:6d:f5:b9:b1:6c:e0:ab:4d:b7:8b:7d:
         4b:36:a3:64:15:28:19:14:17:cc:14:53:ba:64:e3:71:22:83:
         c0:24:24:9c:38:f4:10:e2:3a:8f:e4:3e:9d:34:e7:87:9b:26:
         a8:e9:21:ea:1a:57:d4:84:c9:6d:3b:17:ab:71:82:3f:54:9e:
         e0:b2:de:9e:cd:5f:bb:c1:a5:72:5a:b2:3e:da:bc:6b:c9:03:
         52:1c:bb:e6
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULVhs2p9dxhQLp42UVoAGrINS6uQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjA3MDAwMDAwWhcNMjIxMjEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDRhZmM2NzIwZWEwYzc2ZmVkMWIyZGViMGFjMDY0ZjUw
MzQ1NGZmZDBkNzdmZjFhMzA2NDA0NTg1MTBmMzcxODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANxDwhM8tuzYtEJWNAN+8zaB/ARB7wTDbtWN3UFv4oUduZc/C1+U
H9OpCAbNwmOiAK2Ara3lNetS+1G7+Wdp2gpNx3qSh9t3TiLOtTu3VBgnIo9CqPW2
RecjDBZTJcrGzRDVCjp4Tvg2R5s45MF2WAklQj4PN7fHKbv3F3TUei5aeRD4RnTs
9zIb0XP5E/7WOEKjswZWM+9D1xhtvRYEN0HE2bvrWtx/7DsV1f87SziYrD+eYT5O
8Dh6EOc+ZaiqjSMmEXnr5smLv6+WZnwomOr3QFsBM/gRHJwHZvyrX4qmuoNKNZKx
RJvX1NpeSinhhz3ZTFxWk2CD7qIjNaMet98CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSnw23NxOeBg1AY6pHo7bMxciIDvjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNGRjNDc1Y2YtYzllMy00NDViLTliMDktZjgyMzc1YWU4NWRlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAL2oCtdPYh/skcyD
XuNJs4jz3uOTb0ie4H/ZqWOmymGwJ1S/wv3FV8AcoFa7b04IVkpM1RfrrRzTYcRN
l/z4n7I8nso3/gX2Q0L05LB9r9Y/QCdMa/go5NKwbrXCNyIcboElu6dnWWfTZ7YQ
m7UPj23SZY0rBo4vA5imJIpPgI9O3fFWHQJ3ucWV7ZpaGWzIo9wwmg88Sk37D8ay
8ZAzDzQthG4repGXykVt9bmxbOCrTbeLfUs2o2QVKBkUF8wUU7pk43Eig8AkJJw4
9BDiOo/kPp0054ebJqjpIeoaV9SEyW07F6txgj9UnuCy3p7NX7vBpXJasj7avGvJ
A1Icu+Y=
-----END CERTIFICATE-----