Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/52afb866-9192-4ae2-8668-49656806baa7.roa
File:                     52afb866-9192-4ae2-8668-49656806baa7.roa (raw, json)
Hash identifier:          TBYTvtpeOrISeNltBK1SsRBUKlDX9/6YBHUlNsCpVx8=
Subject key identifier:   53:76:03:BC:E8:65:67:94:1C:D6:9A:06:41:45:3B:FF:FA:DC:59:BF
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       33B996E9D46B6E63C46B61F19E60369B12868F61
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/52afb866-9192-4ae2-8668-49656806baa7.roa
Signing time:             Tue 20 Dec 2022 00:00:00 +0000
ROA not before:           Tue 20 Dec 2022 00:00:00 +0000
ROA not after:            Fri 23 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:b9:96:e9:d4:6b:6e:63:c4:6b:61:f1:9e:60:36:9b:12:86:8f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 20 00:00:00 2022 GMT
            Not After : Dec 23 23:59:59 2022 GMT
        Subject: serialNumber=f27609427b8164e7a461f3f3695421a2ac06d04ad8db197256ae0380429d51af, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:51:ee:49:9e:6e:98:93:ec:94:1a:d4:f1:42:
                    14:3d:54:e0:52:89:b3:ae:f2:61:96:77:9c:9c:e4:
                    0b:f9:f8:fa:f3:05:dd:10:99:e5:37:7e:c6:b6:5a:
                    88:34:ae:cc:5b:3e:68:fe:c0:bf:fd:ec:68:18:19:
                    32:3f:44:c2:a4:85:78:f1:8b:f8:7d:72:27:72:eb:
                    96:da:af:ed:4e:7d:89:62:e9:a8:c3:e7:ae:fa:70:
                    28:81:d9:20:80:9a:bf:e8:e4:af:88:bd:0e:d1:a1:
                    71:3a:06:d9:1c:69:21:64:42:94:13:79:a0:e6:e7:
                    38:ae:7c:53:6b:ee:21:c7:f7:67:14:8c:a1:49:60:
                    ef:f6:c2:c9:41:2d:c8:be:19:36:70:b7:75:f7:dd:
                    43:9f:af:15:08:d6:f8:bb:7d:e2:02:4d:54:b0:c1:
                    61:b9:ee:61:eb:16:a6:00:33:6c:7d:ce:7a:08:ec:
                    74:8a:9e:c3:eb:a1:6b:fe:a7:2a:b0:3d:7c:17:70:
                    f8:a7:03:38:ef:5d:25:fb:85:af:d6:0d:9c:92:24:
                    c2:3c:43:c2:f4:b4:3b:df:68:6d:89:94:ea:1f:e5:
                    ef:7b:1f:8e:37:02:93:f6:01:3b:1b:4a:18:d3:89:
                    a7:c1:6b:b6:e3:15:6e:0a:0e:49:00:f7:6f:42:3a:
                    40:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:76:03:BC:E8:65:67:94:1C:D6:9A:06:41:45:3B:FF:FA:DC:59:BF
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/52afb866-9192-4ae2-8668-49656806baa7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:09:77:1d:a0:69:b6:0f:c4:18:f3:af:65:9a:d7:77:4d:7c:
         b8:8d:a8:76:c4:39:d4:1f:bd:ed:c3:5b:2d:54:f1:dc:1a:3e:
         06:ef:b2:f3:c5:7c:d8:f7:1d:5c:1d:c9:3a:19:29:38:9d:f0:
         00:a6:72:03:ff:e2:cd:1a:64:51:45:86:4b:0a:69:1c:2b:1a:
         e3:36:8b:ab:9c:45:c6:91:df:38:89:07:39:37:95:55:65:e5:
         7c:1b:1b:be:ee:51:db:1e:c3:fb:f0:17:86:4c:09:63:b7:8b:
         85:6a:ac:75:47:be:e9:fc:37:84:fa:63:d4:79:93:b8:60:66:
         88:d4:fb:a0:48:12:b2:b1:eb:d6:13:77:ce:b1:55:72:c3:19:
         ee:20:23:f4:68:2d:cf:f1:4f:ea:17:df:b1:bb:df:29:80:7b:
         7a:e3:e6:d3:ce:91:8e:d9:49:60:69:93:ee:42:0c:29:43:ab:
         fc:8a:7d:87:18:a0:5e:d9:73:c3:12:a4:bd:a1:fa:06:2c:77:
         e4:49:c0:0e:44:e7:2b:6b:6a:19:d7:1b:e2:b0:a2:43:1e:b8:
         c8:74:77:54:26:f4:d6:ac:81:44:e6:24:b5:62:50:ab:67:fd:
         e5:9c:9e:ca:c7:97:87:e7:c8:9e:b8:4b:ca:28:08:f8:70:ab:
         75:7a:3a:3d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUM7mW6dRrbmPEa2HxnmA2mxKGj2EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjIwMDAwMDAwWhcNMjIxMjIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjI3NjA5NDI3YjgxNjRlN2E0NjFmM2YzNjk1NDIxYTJh
YzA2ZDA0YWQ4ZGIxOTcyNTZhZTAzODA0MjlkNTFhZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK5R7kmebpiT7JQa1PFCFD1U4FKJs67yYZZ3nJzkC/n4+vMF3RCZ
5Td+xrZaiDSuzFs+aP7Av/3saBgZMj9EwqSFePGL+H1yJ3Lrltqv7U59iWLpqMPn
rvpwKIHZIICav+jkr4i9DtGhcToG2RxpIWRClBN5oObnOK58U2vuIcf3ZxSMoUlg
7/bCyUEtyL4ZNnC3dffdQ5+vFQjW+Lt94gJNVLDBYbnuYesWpgAzbH3OegjsdIqe
w+uha/6nKrA9fBdw+KcDOO9dJfuFr9YNnJIkwjxDwvS0O99obYmU6h/l73sfjjcC
k/YBOxtKGNOJp8FrtuMVbgoOSQD3b0I6QD0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRTdgO86GVnlBzWmgZBRTv/+txZvzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTJhZmI4NjYtOTE5Mi00YWUyLTg2NjgtNDk2NTY4MDZiYWE3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI0Jdx2gabYPxBjz
r2Wa13dNfLiNqHbEOdQfve3DWy1U8dwaPgbvsvPFfNj3HVwdyToZKTid8ACmcgP/
4s0aZFFFhksKaRwrGuM2i6ucRcaR3ziJBzk3lVVl5XwbG77uUdsew/vwF4ZMCWO3
i4VqrHVHvun8N4T6Y9R5k7hgZojU+6BIErKx69YTd86xVXLDGe4gI/RoLc/xT+oX
37G73ymAe3rj5tPOkY7ZSWBpk+5CDClDq/yKfYcYoF7Zc8MSpL2h+gYsd+RJwA5E
5ytrahnXG+KwokMeuMh0d1Qm9NasgUTmJLViUKtn/eWcnsrHl4fnyJ64S8ooCPhw
q3V6Oj0=
-----END CERTIFICATE-----