Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6368ea42-261d-4e1a-8780-4ad757a5bc64.roa
File:                     6368ea42-261d-4e1a-8780-4ad757a5bc64.roa (raw, json)
Hash identifier:          NF2MYXQ5jlgK9SZ6he1o+dxArWMVl5gsqi3qlwjKnlI=
Subject key identifier:   31:90:77:89:65:F5:13:65:62:1B:33:E6:A5:E4:5F:BA:E8:1F:4C:42
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       272D8BC5940211A0F765D83A0F470ACAA40056FD
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6368ea42-261d-4e1a-8780-4ad757a5bc64.roa
Signing time:             Mon 26 Dec 2022 00:00:00 +0000
ROA not before:           Mon 26 Dec 2022 00:00:00 +0000
ROA not after:            Thu 29 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:2d:8b:c5:94:02:11:a0:f7:65:d8:3a:0f:47:0a:ca:a4:00:56:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 26 00:00:00 2022 GMT
            Not After : Dec 29 23:59:59 2022 GMT
        Subject: serialNumber=06452d37b10bfc4f9b3b2ef81d8f49284895a69014b036864feb648a839f6ef0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3b:dc:f8:f5:96:37:85:b2:dc:9d:d3:fc:e5:
                    bb:9e:a3:c8:2c:c9:f1:ea:aa:bd:9e:7c:fe:62:2b:
                    c2:35:b5:df:56:a6:97:cf:50:87:44:f1:6d:af:a0:
                    11:62:87:dc:0c:e0:f1:72:08:86:65:ac:50:de:d8:
                    83:3a:c2:cf:80:0c:85:09:8e:59:bd:a5:8f:ea:ac:
                    46:f2:ca:4b:c2:5f:22:e2:c4:9f:44:43:82:65:b9:
                    b4:2d:3c:62:c5:a2:21:60:88:b8:c5:53:84:f0:f4:
                    bb:5e:6e:01:53:2c:cc:ed:fd:a2:42:cc:a6:93:de:
                    a8:54:8e:d2:86:5e:e7:a8:e1:fb:fa:c0:82:d3:8d:
                    08:2d:7a:f4:b0:05:b4:ff:3b:da:a6:69:8c:3a:7e:
                    d2:38:0d:4b:59:35:a4:e2:82:7b:d5:e2:05:d4:7e:
                    0b:ba:4a:9f:cc:f8:4b:ac:84:cc:e8:1e:e7:10:e3:
                    4c:35:ab:fa:2b:25:ec:8b:25:91:01:3a:1e:d3:9c:
                    05:a6:c8:74:8f:0f:6d:83:50:e9:a5:b5:7a:84:e6:
                    1a:7a:69:70:83:d1:54:69:ba:8c:ec:04:75:81:39:
                    a3:cc:97:0d:c6:95:ca:c9:04:b1:95:b8:aa:31:7e:
                    8e:8c:9c:bb:83:cc:f4:79:7d:0d:c2:a7:b0:ae:9c:
                    eb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:90:77:89:65:F5:13:65:62:1B:33:E6:A5:E4:5F:BA:E8:1F:4C:42
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6368ea42-261d-4e1a-8780-4ad757a5bc64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:e9:91:b5:9a:a8:d4:16:35:77:4f:67:d6:dd:1d:97:86:d5:
         b8:6f:90:5a:67:24:17:5a:49:2c:0c:7e:8a:0b:e4:bb:9c:7c:
         d6:fd:1a:3a:be:36:ab:6f:2d:13:db:5b:e2:af:2b:a6:8b:14:
         3e:c6:c2:eb:cf:2e:2a:ce:95:6d:a2:64:9b:70:e2:b3:6c:5c:
         85:bc:69:cc:82:39:28:4f:2c:e3:9c:7f:c5:6d:96:4d:30:70:
         3c:29:9a:0c:21:e6:f1:99:40:23:a1:6d:80:68:37:b0:c1:3e:
         a5:40:80:97:ff:9f:a9:6a:9d:eb:d4:2c:dd:48:88:80:80:72:
         50:d7:d4:fa:10:c8:da:f7:69:d1:53:55:e3:7e:80:f3:5d:00:
         ef:49:2d:f7:f7:0e:8f:0d:04:cd:1b:23:30:14:a2:f5:49:88:
         7e:2f:57:8b:fb:bd:69:fd:f0:f6:f3:cf:26:d6:de:b7:3b:4e:
         06:ff:97:9c:fa:f5:81:54:65:9b:a4:a2:f8:70:9b:1d:71:dd:
         35:73:d4:d6:a4:6e:15:6e:38:7b:67:57:ec:21:6a:fe:02:1b:
         a6:74:07:f8:33:48:7b:dc:6a:03:35:12:26:57:7a:f6:ba:aa:
         42:62:af:4a:73:35:5c:8f:67:b5:e1:ba:aa:72:ed:de:7b:1f:
         51:4c:7a:85
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJy2LxZQCEaD3Zdg6D0cKyqQAVv0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI2MDAwMDAwWhcNMjIxMjI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDY0NTJkMzdiMTBiZmM0ZjliM2IyZWY4MWQ4ZjQ5Mjg0
ODk1YTY5MDE0YjAzNjg2NGZlYjY0OGE4MzlmNmVmMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALQ73Pj1ljeFstyd0/zlu56jyCzJ8eqqvZ58/mIrwjW131aml89Q
h0Txba+gEWKH3Azg8XIIhmWsUN7YgzrCz4AMhQmOWb2lj+qsRvLKS8JfIuLEn0RD
gmW5tC08YsWiIWCIuMVThPD0u15uAVMszO39okLMppPeqFSO0oZe56jh+/rAgtON
CC169LAFtP872qZpjDp+0jgNS1k1pOKCe9XiBdR+C7pKn8z4S6yEzOge5xDjTDWr
+isl7IslkQE6HtOcBabIdI8PbYNQ6aW1eoTmGnppcIPRVGm6jOwEdYE5o8yXDcaV
yskEsZW4qjF+joycu4PM9Hl9DcKnsK6c69kCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQxkHeJZfUTZWIbM+al5F+66B9MQjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjM2OGVhNDItMjYxZC00ZTFhLTg3ODAtNGFkNzU3YTViYzY0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGLpkbWaqNQWNXdP
Z9bdHZeG1bhvkFpnJBdaSSwMfooL5LucfNb9Gjq+NqtvLRPbW+KvK6aLFD7GwuvP
LirOlW2iZJtw4rNsXIW8acyCOShPLOOcf8Vtlk0wcDwpmgwh5vGZQCOhbYBoN7DB
PqVAgJf/n6lqnevULN1IiICAclDX1PoQyNr3adFTVeN+gPNdAO9JLff3Do8NBM0b
IzAUovVJiH4vV4v7vWn98PbzzybW3rc7Tgb/l5z69YFUZZukovhwmx1x3TVz1Nak
bhVuOHtnV+whav4CG6Z0B/gzSHvcagM1EiZXeva6qkJir0pzNVyPZ7Xhuqpy7d57
H1FMeoU=
-----END CERTIFICATE-----