Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5660b624-9ed1-4613-82ff-4b4c1b3cc40e.roa
File:                     5660b624-9ed1-4613-82ff-4b4c1b3cc40e.roa (raw, json)
Hash identifier:          NoDfDrWtTGFaWc2KaGxHIrt0KkmTJMt8tvuuka9/8x8=
Subject key identifier:   07:C9:AC:CB:81:E8:8D:D3:9D:97:85:06:00:E7:26:61:02:15:60:84
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       627BBE9B7A8C0CB949D1C4649D7C361706B96F3D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5660b624-9ed1-4613-82ff-4b4c1b3cc40e.roa
Signing time:             Wed 20 Jul 2022 00:00:00 +0000
ROA not before:           Wed 20 Jul 2022 00:00:00 +0000
ROA not after:            Sat 23 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:7b:be:9b:7a:8c:0c:b9:49:d1:c4:64:9d:7c:36:17:06:b9:6f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 20 00:00:00 2022 GMT
            Not After : Jul 23 23:59:59 2022 GMT
        Subject: serialNumber=b0a4bf154762cc164ac6d457bbbc706fbcfc8745dd72dec1a52c0571be754fc0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a3:26:97:0c:69:a8:28:ef:14:31:35:41:ae:
                    9c:6c:25:24:66:0d:78:a4:d2:06:28:48:a1:8c:de:
                    01:eb:33:d2:81:72:17:6a:f4:0b:e6:52:a0:d6:1d:
                    63:b3:39:97:26:36:81:02:34:98:44:79:4f:c4:70:
                    22:5c:7b:aa:ee:0e:60:5f:e5:ec:e3:c6:c3:ad:fc:
                    59:14:53:92:e1:3f:7f:ef:ee:9f:ab:c6:64:1b:d2:
                    b3:09:de:ee:5f:0a:50:0b:ad:4b:38:9c:b9:ca:08:
                    86:48:71:c9:d0:fa:3e:40:fa:c0:0e:9d:41:ea:4f:
                    f0:a7:16:4d:e1:77:aa:25:fb:22:ca:f8:11:86:d4:
                    d4:fc:df:f6:fd:69:fd:82:d1:be:0b:89:eb:29:c9:
                    8a:55:92:94:74:87:d7:a4:4e:e9:f6:c0:6f:24:b9:
                    20:69:f6:3a:6e:d0:a7:ea:85:61:08:07:75:dc:89:
                    a8:d6:59:6e:75:c1:3f:12:bc:4e:13:19:00:9b:37:
                    b3:ab:f8:cb:79:96:a4:86:6c:92:c6:e2:d2:50:8e:
                    f6:dd:13:06:77:68:10:f0:4a:c0:6d:66:12:2b:58:
                    1a:7b:76:be:ac:73:4c:70:24:42:3f:3f:3c:62:40:
                    96:f5:c8:dd:80:e2:c4:48:6c:1f:b5:b0:6f:36:ad:
                    9a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:C9:AC:CB:81:E8:8D:D3:9D:97:85:06:00:E7:26:61:02:15:60:84
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5660b624-9ed1-4613-82ff-4b4c1b3cc40e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:6b:b7:73:7c:09:a6:c9:da:c9:50:0c:64:3f:d4:c2:98:2a:
         b5:61:6a:60:cb:5a:62:81:29:93:71:35:c8:01:8b:d1:d0:c7:
         ad:e1:c9:4f:81:8b:31:0b:54:f0:70:23:19:90:32:f3:33:78:
         b6:c9:16:ed:4f:ec:07:36:4a:15:38:d0:27:48:12:c7:89:19:
         58:c0:e8:df:0d:73:ff:56:92:e6:39:24:3c:e5:91:f0:f1:a7:
         1e:e8:1b:2f:0f:3e:8b:99:1a:c1:cf:f3:71:24:81:4c:ac:fe:
         57:d2:ff:b3:56:08:2e:44:26:bc:2a:71:87:da:e3:1d:09:8f:
         3d:20:8f:80:38:28:b7:49:5e:05:eb:bb:79:4a:55:25:9b:a9:
         68:2c:9b:5e:d3:7c:40:c2:a3:0c:41:55:fc:58:6c:d3:e5:2e:
         e8:d2:e9:72:38:d8:74:d7:09:d7:cb:9b:28:25:eb:ff:1b:26:
         5e:98:88:07:b4:38:2f:6a:be:0c:f1:33:27:d5:bb:3e:4d:26:
         6d:62:1e:55:2a:96:0f:ab:60:3a:4b:fe:07:d9:c4:c4:7d:b8:
         91:1e:27:7b:7b:53:3d:1d:08:c8:45:aa:09:93:d2:21:39:95:
         4c:5e:6c:25:7d:62:86:55:c7:3b:90:f4:d0:e4:1f:5a:20:8e:
         56:39:21:4f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYnu+m3qMDLlJ0cRknXw2Fwa5bz0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzIwMDAwMDAwWhcNMjIwNzIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjBhNGJmMTU0NzYyY2MxNjRhYzZkNDU3YmJiYzcwNmZi
Y2ZjODc0NWRkNzJkZWMxYTUyYzA1NzFiZTc1NGZjMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANGjJpcMaago7xQxNUGunGwlJGYNeKTSBihIoYzeAesz0oFyF2r0
C+ZSoNYdY7M5lyY2gQI0mER5T8RwIlx7qu4OYF/l7OPGw638WRRTkuE/f+/un6vG
ZBvSswne7l8KUAutSzicucoIhkhxydD6PkD6wA6dQepP8KcWTeF3qiX7Isr4EYbU
1Pzf9v1p/YLRvguJ6ynJilWSlHSH16RO6fbAbyS5IGn2Om7Qp+qFYQgHddyJqNZZ
bnXBPxK8ThMZAJs3s6v4y3mWpIZsksbi0lCO9t0TBndoEPBKwG1mEitYGnt2vqxz
THAkQj8/PGJAlvXI3YDixEhsH7WwbzatmrcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQHyazLgeiN052XhQYA5yZhAhVghDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTY2MGI2MjQtOWVkMS00NjEzLTgyZmYtNGI0YzFiM2NjNDBlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKxrt3N8CabJ2slQ
DGQ/1MKYKrVhamDLWmKBKZNxNcgBi9HQx63hyU+BizELVPBwIxmQMvMzeLbJFu1P
7Ac2ShU40CdIEseJGVjA6N8Nc/9WkuY5JDzlkfDxpx7oGy8PPouZGsHP83EkgUys
/lfS/7NWCC5EJrwqcYfa4x0Jjz0gj4A4KLdJXgXru3lKVSWbqWgsm17TfEDCowxB
VfxYbNPlLujS6XI42HTXCdfLmygl6/8bJl6YiAe0OC9qvgzxMyfVuz5NJm1iHlUq
lg+rYDpL/gfZxMR9uJEeJ3t7Uz0dCMhFqgmT0iE5lUxebCV9YoZVxzuQ9NDkH1og
jlY5IU8=
-----END CERTIFICATE-----