Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4e591529-ccd6-4db1-8fbd-579f2e7015dc.roa
File:                     4e591529-ccd6-4db1-8fbd-579f2e7015dc.roa (raw, json)
Hash identifier:          9BTY9flWKzF5/w53F9/AsZhRPSh98SBvHTiTEhcpN0A=
Subject key identifier:   B8:CF:A8:3D:2F:02:22:7E:CB:65:99:84:13:F3:2F:65:8B:81:9B:E4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2B64C0A895ED693EFBBF938310880CFAD81390E8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4e591529-ccd6-4db1-8fbd-579f2e7015dc.roa
Signing time:             Sat 10 Sep 2022 00:00:00 +0000
ROA not before:           Sat 10 Sep 2022 00:00:00 +0000
ROA not after:            Tue 13 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:64:c0:a8:95:ed:69:3e:fb:bf:93:83:10:88:0c:fa:d8:13:90:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 10 00:00:00 2022 GMT
            Not After : Sep 13 23:59:59 2022 GMT
        Subject: serialNumber=fd96a16efd5f4aaf96438294fb105aa3b51a12ac9b4cb8f3466a0fb19633cdbc, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1f:83:54:c9:2b:5f:61:7b:5a:5b:4f:57:0d:
                    3f:c8:40:c7:f8:55:a4:e5:49:0e:bf:66:ca:76:a8:
                    9b:1c:27:ee:b4:1e:a4:6e:fc:e6:47:5b:61:92:32:
                    77:a0:cb:78:26:12:27:76:a0:d8:e7:a7:31:7b:81:
                    4f:6c:7c:d8:2a:63:ff:93:7e:c9:49:e7:02:3f:6e:
                    cf:7c:2d:b9:bd:61:5c:a1:76:e9:18:1d:12:71:b2:
                    21:f8:84:db:bb:84:37:90:49:1e:f4:07:e7:f3:8e:
                    2c:93:66:91:3d:b2:e2:8d:d9:7b:73:b6:43:4d:73:
                    ff:bb:2f:e2:61:c9:1e:e7:a8:f7:ff:3f:ae:11:e1:
                    9e:af:a4:fa:b9:c8:ee:f2:c7:26:ea:5b:cd:af:59:
                    c7:58:56:d4:c1:a0:2e:46:2a:74:45:f0:1f:41:8f:
                    98:c3:31:7c:b4:02:eb:f9:be:a6:41:7f:2b:53:d0:
                    1f:13:d2:0b:7e:df:3e:d3:cc:29:4b:3c:0a:5d:fb:
                    88:a4:8e:57:5c:0d:ee:25:bb:a8:b6:f8:40:c2:6a:
                    d8:dd:4b:ad:3e:84:7b:fa:35:8e:dd:f7:ff:87:84:
                    ea:6a:3b:12:dd:c2:72:ce:e4:7a:5e:7c:ed:a8:82:
                    c5:09:8c:8c:66:7e:be:f9:19:d3:a2:f0:e4:e2:9f:
                    b3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:CF:A8:3D:2F:02:22:7E:CB:65:99:84:13:F3:2F:65:8B:81:9B:E4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4e591529-ccd6-4db1-8fbd-579f2e7015dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:68:ff:aa:94:5f:47:a7:f8:a4:85:22:17:b3:e1:9d:26:b6:
         02:22:3c:2d:32:d3:8a:9b:23:9e:ca:b5:0e:a9:d9:28:c4:1e:
         8a:2f:ef:6c:6d:16:5d:89:b1:2a:42:d2:f8:59:71:05:b9:1c:
         b1:02:90:eb:f6:6e:f4:f0:83:b1:11:23:b7:c9:17:72:89:0e:
         5f:f4:cd:96:d1:91:62:23:36:b0:48:b2:d8:c3:8b:91:e2:f9:
         c4:1d:88:ee:c8:7d:9a:87:e2:45:c7:1f:4a:dc:19:b9:b5:19:
         db:5b:e3:aa:75:6a:79:50:5a:09:28:31:cb:15:3a:46:55:df:
         ad:03:bc:00:a9:b4:b8:b3:cc:d1:cb:f1:fa:63:2b:12:5f:c8:
         1e:0c:cb:4a:92:b1:8f:d1:6a:bb:34:0c:bb:45:c2:8c:6b:07:
         85:e3:8b:c2:01:32:d2:7f:c2:70:f7:4c:a5:56:64:c6:ac:fb:
         26:d6:1e:bc:6a:aa:82:ad:41:de:0d:75:f0:c7:c5:00:a3:1f:
         55:72:4d:83:fe:3d:66:b3:50:6d:c5:35:e4:51:3f:94:e9:0c:
         3c:e4:ec:6e:50:8a:39:41:ec:30:9c:c8:01:f6:84:61:3e:49:
         2e:87:8f:bc:4c:ff:d9:d7:36:8d:00:33:59:de:8c:aa:5d:a4:
         9f:41:2a:bf
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUK2TAqJXtaT77v5ODEIgM+tgTkOgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTEwMDAwMDAwWhcNMjIwOTEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmQ5NmExNmVmZDVmNGFhZjk2NDM4Mjk0ZmIxMDVhYTNi
NTFhMTJhYzliNGNiOGYzNDY2YTBmYjE5NjMzY2RiYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ8fg1TJK19he1pbT1cNP8hAx/hVpOVJDr9mynaomxwn7rQepG78
5kdbYZIyd6DLeCYSJ3ag2OenMXuBT2x82Cpj/5N+yUnnAj9uz3wtub1hXKF26Rgd
EnGyIfiE27uEN5BJHvQH5/OOLJNmkT2y4o3Ze3O2Q01z/7sv4mHJHueo9/8/rhHh
nq+k+rnI7vLHJupbza9Zx1hW1MGgLkYqdEXwH0GPmMMxfLQC6/m+pkF/K1PQHxPS
C37fPtPMKUs8Cl37iKSOV1wN7iW7qLb4QMJq2N1LrT6Ee/o1jt33/4eE6mo7Et3C
cs7kel587aiCxQmMjGZ+vvkZ06Lw5OKfs9MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS4z6g9LwIifstlmYQT8y9li4Gb5DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNGU1OTE1MjktY2NkNi00ZGIxLThmYmQtNTc5ZjJlNzAxNWRjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC9o/6qUX0en+KSF
Ihez4Z0mtgIiPC0y04qbI57KtQ6p2SjEHoov72xtFl2JsSpC0vhZcQW5HLECkOv2
bvTwg7ERI7fJF3KJDl/0zZbRkWIjNrBIstjDi5Hi+cQdiO7IfZqH4kXHH0rcGbm1
Gdtb46p1anlQWgkoMcsVOkZV360DvACptLizzNHL8fpjKxJfyB4My0qSsY/Rars0
DLtFwoxrB4Xji8IBMtJ/wnD3TKVWZMas+ybWHrxqqoKtQd4NdfDHxQCjH1VyTYP+
PWazUG3FNeRRP5TpDDzk7G5QijlB7DCcyAH2hGE+SS6Hj7xM/9nXNo0AM1nejKpd
pJ9BKr8=
-----END CERTIFICATE-----