Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5b48c814-e451-4fd9-9b36-1766727a5122.roa
File:                     5b48c814-e451-4fd9-9b36-1766727a5122.roa (raw, json)
Hash identifier:          vm6Q/TOyoUDCklwoGgcwLLyY4aL/Ymu6AzKHBUvdsaM=
Subject key identifier:   C1:93:E3:5A:03:CE:C6:CF:E0:15:28:74:E5:21:1D:83:79:3F:94:42
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0E4D177A13304A95F535663FF5CCD1C3AB22220D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5b48c814-e451-4fd9-9b36-1766727a5122.roa
Signing time:             Sat 13 Aug 2022 00:00:00 +0000
ROA not before:           Sat 13 Aug 2022 00:00:00 +0000
ROA not after:            Tue 16 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:4d:17:7a:13:30:4a:95:f5:35:66:3f:f5:cc:d1:c3:ab:22:22:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 13 00:00:00 2022 GMT
            Not After : Aug 16 23:59:59 2022 GMT
        Subject: serialNumber=f6d0a6a7d57f90c2aa2fe363a4a41c014ed7dd957dee5932d10e0438c0a18dcb, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a1:60:ba:9b:a1:a6:0c:d5:59:85:ec:0a:b9:
                    f6:1c:1e:56:5e:05:b9:91:42:80:a6:54:d9:cf:42:
                    c9:23:42:a3:70:48:b1:87:80:4a:8e:35:c0:05:e4:
                    80:db:6d:9b:d2:cb:03:02:11:c8:1a:3d:f2:01:f3:
                    ac:ba:c6:6a:73:2a:02:8c:7e:0e:c9:70:96:d7:d5:
                    d7:00:96:bd:a2:1e:0d:ec:82:54:8d:a4:eb:73:12:
                    e3:d4:1e:98:a0:e5:40:c8:69:b9:65:70:55:b3:cf:
                    87:fb:b0:6f:88:47:2f:fc:2f:cd:3d:1f:0b:e8:28:
                    f9:b4:4a:3e:0c:d7:de:6d:bd:13:f7:58:7b:15:9f:
                    39:15:d5:62:5e:98:5a:f3:1d:f0:80:ce:48:ee:ff:
                    31:63:93:31:71:ea:23:2c:f9:ae:05:3d:8b:26:ca:
                    af:61:40:13:44:b2:d2:58:ea:d2:f3:36:ca:4f:19:
                    c4:26:c0:c1:51:7d:5a:fb:83:6f:0b:44:95:75:06:
                    6d:1d:4c:bc:43:e0:bf:b0:82:3f:52:bc:71:f3:0b:
                    58:02:e8:4d:38:14:59:e0:c9:98:68:90:50:9b:b2:
                    af:e0:5d:a2:ba:69:d6:00:d7:cd:72:6d:d8:d3:f5:
                    fc:3a:19:0e:ec:3f:93:f1:0b:93:42:4d:7d:ad:e3:
                    ec:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:93:E3:5A:03:CE:C6:CF:E0:15:28:74:E5:21:1D:83:79:3F:94:42
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5b48c814-e451-4fd9-9b36-1766727a5122.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:de:c5:b6:14:92:41:c8:e9:98:d5:c5:4e:12:79:82:94:a9:
         59:60:f7:f3:a8:18:5b:7e:fc:1a:3f:fd:34:a6:6f:93:39:ee:
         4b:c4:d7:b9:3e:c6:ea:a6:f5:33:ad:c5:e7:cd:10:31:a8:06:
         bb:c5:ca:e0:e6:60:c4:c7:ad:26:f9:a2:47:a0:cc:0c:dc:08:
         17:ff:41:58:b7:c7:c3:a1:ed:c9:8d:89:e7:35:60:9a:93:b8:
         28:ec:62:40:10:47:61:7b:52:d8:30:ab:e1:66:15:52:ca:89:
         da:1f:e4:fb:e4:05:85:62:42:9c:c1:4e:25:fc:51:79:e3:26:
         2a:5d:ed:b2:d9:cf:e5:5f:f2:a3:23:51:d5:68:c5:ca:ce:67:
         b2:7e:34:9e:dd:ff:26:7c:a2:f4:30:f1:ce:17:fc:90:b3:92:
         6a:4b:07:80:a8:ce:5d:90:d6:1e:ac:73:9c:a6:9f:92:23:ab:
         1c:d4:fd:91:96:9f:1d:d5:70:32:43:41:3c:0c:b8:96:c9:34:
         fc:31:23:94:f2:ae:a7:1b:c5:f7:33:59:58:1b:0a:45:f4:c1:
         37:1d:66:b3:5e:7e:7e:54:60:8a:84:a0:8b:e8:ff:33:2f:2c:
         15:1c:d5:bd:e0:9e:da:38:dd:37:e0:d5:10:65:1d:d5:81:0b:
         42:dd:59:55
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDk0XehMwSpX1NWY/9czRw6siIg0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODEzMDAwMDAwWhcNMjIwODE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjZkMGE2YTdkNTdmOTBjMmFhMmZlMzYzYTRhNDFjMDE0
ZWQ3ZGQ5NTdkZWU1OTMyZDEwZTA0MzhjMGExOGRjYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKihYLqboaYM1VmF7Aq59hweVl4FuZFCgKZU2c9CySNCo3BIsYeA
So41wAXkgNttm9LLAwIRyBo98gHzrLrGanMqAox+DslwltfV1wCWvaIeDeyCVI2k
63MS49QemKDlQMhpuWVwVbPPh/uwb4hHL/wvzT0fC+go+bRKPgzX3m29E/dYexWf
ORXVYl6YWvMd8IDOSO7/MWOTMXHqIyz5rgU9iybKr2FAE0Sy0ljq0vM2yk8ZxCbA
wVF9WvuDbwtElXUGbR1MvEPgv7CCP1K8cfMLWALoTTgUWeDJmGiQUJuyr+Bdorpp
1gDXzXJt2NP1/DoZDuw/k/ELk0JNfa3j7LcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTBk+NaA87Gz+AVKHTlIR2DeT+UQjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNWI0OGM4MTQtZTQ1MS00ZmQ5LTliMzYtMTc2NjcyN2E1MTIyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABPexbYUkkHI6ZjV
xU4SeYKUqVlg9/OoGFt+/Bo//TSmb5M57kvE17k+xuqm9TOtxefNEDGoBrvFyuDm
YMTHrSb5okegzAzcCBf/QVi3x8Oh7cmNiec1YJqTuCjsYkAQR2F7Utgwq+FmFVLK
idof5PvkBYViQpzBTiX8UXnjJipd7bLZz+Vf8qMjUdVoxcrOZ7J+NJ7d/yZ8ovQw
8c4X/JCzkmpLB4Cozl2Q1h6sc5ymn5IjqxzU/ZGWnx3VcDJDQTwMuJbJNPwxI5Ty
rqcbxfczWVgbCkX0wTcdZrNefn5UYIqEoIvo/zMvLBUc1b3gnto43Tfg1RBlHdWB
C0LdWVU=
-----END CERTIFICATE-----