Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/617b1e2e-cfc5-4b80-ab9f-c31d801b590a.roa
File:                     617b1e2e-cfc5-4b80-ab9f-c31d801b590a.roa (raw, json)
Hash identifier:          oOnAkIHqhcaE69ypKRV6lJdh9VjcTd75uyzZEZU8V7k=
Subject key identifier:   2C:AA:F3:38:0C:51:E2:03:67:59:D6:D3:BB:BD:A3:0B:5E:3D:D6:9A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       A4ACC1D843F7F99758A745B79CF067810616C7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/617b1e2e-cfc5-4b80-ab9f-c31d801b590a.roa
Signing time:             Wed 16 Nov 2022 00:00:00 +0000
ROA not before:           Wed 16 Nov 2022 00:00:00 +0000
ROA not after:            Sat 19 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            a4:ac:c1:d8:43:f7:f9:97:58:a7:45:b7:9c:f0:67:81:06:16:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov 16 00:00:00 2022 GMT
            Not After : Nov 19 23:59:59 2022 GMT
        Subject: serialNumber=95bc1e51d5101aa62f646a4868ce3ff8f183fc00926f7f1cd1870365774ec685, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:90:7c:03:24:c6:03:b7:93:c5:f0:28:2c:65:
                    80:d2:92:09:96:51:3d:de:27:a2:2f:cb:a4:83:23:
                    01:f3:4c:9f:9e:be:94:0c:6d:6b:d2:fc:6d:31:a3:
                    1b:03:a0:7e:ed:8e:0d:d2:dc:79:c9:54:68:5b:8e:
                    6d:ca:fc:99:3c:ae:de:b7:83:d4:f0:6c:fd:b9:79:
                    db:cd:9b:f3:0e:a0:7b:d8:19:11:c5:eb:eb:0e:8c:
                    84:d5:8b:58:87:99:ed:8d:4b:c5:43:00:97:f0:d2:
                    08:f2:50:01:51:5e:78:8a:26:03:cb:e6:e0:bf:b8:
                    21:9c:a9:4a:e1:f8:79:35:f5:24:3e:34:74:3c:d4:
                    71:00:85:ee:58:9f:80:d2:65:1c:f1:2b:8b:7a:17:
                    fa:f6:47:b6:ad:4d:9a:1d:68:64:83:e0:76:88:aa:
                    77:be:6e:12:bc:17:b7:f5:e1:44:30:86:b5:14:31:
                    96:d1:5b:66:db:91:b8:ae:fa:8e:e7:5e:1d:33:65:
                    7f:0d:a4:d6:fd:b3:d4:9d:58:fb:71:2c:66:c7:7c:
                    70:60:47:d4:c9:e3:32:a4:20:72:89:39:9c:51:56:
                    91:43:c2:8b:85:d2:9c:9a:58:71:40:8b:a8:6d:d6:
                    cd:be:2a:88:13:75:55:00:1d:24:fa:e7:f6:e6:28:
                    1e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:AA:F3:38:0C:51:E2:03:67:59:D6:D3:BB:BD:A3:0B:5E:3D:D6:9A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/617b1e2e-cfc5-4b80-ab9f-c31d801b590a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:d4:01:50:0a:9c:70:78:c6:65:34:6a:0b:05:86:73:a6:33:
         8d:55:7c:15:c0:e6:78:a7:4b:e4:39:9f:a6:ae:89:15:e7:b9:
         b7:76:0b:c4:eb:73:c5:fd:00:96:87:a8:b6:d4:a8:de:44:5b:
         00:f2:a6:aa:1e:5b:79:90:1f:2c:79:dd:47:fb:e1:b5:a4:85:
         ce:2f:85:b7:78:f5:45:22:09:36:a1:34:e9:8e:4b:26:35:3b:
         e8:d0:b6:5c:b8:a9:67:4c:3e:70:c5:62:f4:81:5d:03:19:79:
         66:41:45:7f:f7:54:3f:26:7d:c0:af:74:9a:eb:9d:f3:93:72:
         40:a6:88:4c:75:c5:74:d6:1a:15:e8:99:bb:a6:75:28:f2:b6:
         90:70:05:03:26:a6:c0:1d:82:33:10:c1:29:ca:0c:16:4e:6a:
         26:69:27:29:11:f5:2e:0e:8c:68:ff:f0:e7:56:e3:28:56:4d:
         02:ee:37:b2:df:50:fc:bf:29:9f:b5:fe:20:07:a4:30:d6:f3:
         e5:dd:4e:1e:63:90:62:05:e3:86:90:77:86:18:96:9d:37:a0:
         62:b3:a6:c9:b5:28:45:9e:39:9d:b6:17:86:74:1f:e5:02:f4:
         d9:3c:3c:3e:fd:fa:48:5a:0e:83:2d:71:30:32:d9:79:48:cc:
         7c:64:23:f1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAKSswdhD9/mXWKdFt5zwZ4EGFscwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTE2MDAwMDAwWhcNMjIxMTE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTViYzFlNTFkNTEwMWFhNjJmNjQ2YTQ4NjhjZTNmZjhm
MTgzZmMwMDkyNmY3ZjFjZDE4NzAzNjU3NzRlYzY4NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMGQfAMkxgO3k8XwKCxlgNKSCZZRPd4noi/LpIMjAfNMn56+lAxt
a9L8bTGjGwOgfu2ODdLceclUaFuObcr8mTyu3reD1PBs/bl5282b8w6ge9gZEcXr
6w6MhNWLWIeZ7Y1LxUMAl/DSCPJQAVFeeIomA8vm4L+4IZypSuH4eTX1JD40dDzU
cQCF7lifgNJlHPEri3oX+vZHtq1Nmh1oZIPgdoiqd75uErwXt/XhRDCGtRQxltFb
ZtuRuK76judeHTNlfw2k1v2z1J1Y+3EsZsd8cGBH1MnjMqQgcok5nFFWkUPCi4XS
nJpYcUCLqG3Wzb4qiBN1VQAdJPrn9uYoHm8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQsqvM4DFHiA2dZ1tO7vaMLXj3WmjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjE3YjFlMmUtY2ZjNS00YjgwLWFiOWYtYzMxZDgwMWI1OTBhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAfUAVAKnHB4xmU0
agsFhnOmM41VfBXA5ninS+Q5n6auiRXnubd2C8Trc8X9AJaHqLbUqN5EWwDypqoe
W3mQHyx53Uf74bWkhc4vhbd49UUiCTahNOmOSyY1O+jQtly4qWdMPnDFYvSBXQMZ
eWZBRX/3VD8mfcCvdJrrnfOTckCmiEx1xXTWGhXombumdSjytpBwBQMmpsAdgjMQ
wSnKDBZOaiZpJykR9S4OjGj/8OdW4yhWTQLuN7LfUPy/KZ+1/iAHpDDW8+XdTh5j
kGIF44aQd4YYlp03oGKzpsm1KEWeOZ22F4Z0H+UC9Nk8PD79+khaDoMtcTAy2XlI
zHxkI/E=
-----END CERTIFICATE-----