Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/63b013d7-9fcd-46cd-b676-701a5d6699e4.roa
File:                     63b013d7-9fcd-46cd-b676-701a5d6699e4.roa (raw, json)
Hash identifier:          LLSQg9APQIWFVFVvCjipmDWPB8JNpcAF/drMxGIdpCM=
Subject key identifier:   75:C8:49:CB:EC:DD:3C:D3:53:7C:98:59:B8:19:E6:1B:58:F9:16:F7
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       658074F15FEC6B8F3158AD10167243870E25756C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/63b013d7-9fcd-46cd-b676-701a5d6699e4.roa
Signing time:             Sat 17 Dec 2022 00:00:00 +0000
ROA not before:           Sat 17 Dec 2022 00:00:00 +0000
ROA not after:            Tue 20 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:80:74:f1:5f:ec:6b:8f:31:58:ad:10:16:72:43:87:0e:25:75:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 17 00:00:00 2022 GMT
            Not After : Dec 20 23:59:59 2022 GMT
        Subject: serialNumber=dd9ac5f213d24b7abc63c6e893c57ca6ed704bc492712b0a6bbc82449d0deb5b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:74:fb:83:dd:3f:7f:a5:94:9d:36:c4:4b:d6:
                    f3:3e:18:6c:25:ec:18:95:b6:e2:88:74:43:c9:4e:
                    22:89:aa:46:64:a7:16:a5:98:ea:a0:14:05:d2:c4:
                    0d:79:79:ba:be:fe:49:1d:80:e0:43:8c:f6:90:c1:
                    a3:f6:6a:34:e2:a8:b1:ee:7c:9b:11:1e:65:dd:eb:
                    fd:4b:0a:79:a1:2e:34:b0:d7:58:a6:f7:91:8c:53:
                    16:c9:6c:1d:fc:cd:23:34:1d:e1:c3:cc:9b:f6:d8:
                    de:6a:02:68:5e:79:20:44:9f:ae:a3:9d:19:5d:73:
                    e0:8c:2e:31:60:8f:8f:45:9a:26:75:dc:28:97:30:
                    9a:04:bb:27:cf:3f:07:ef:8c:e4:52:3e:09:c2:c2:
                    4c:f1:dd:30:22:3f:37:b4:d4:10:38:ea:29:de:42:
                    3f:c4:b9:bf:fc:39:6f:62:5a:30:b3:52:f8:54:d1:
                    79:12:9c:fc:59:78:fb:d4:e9:a8:c3:6e:3c:a5:41:
                    fb:73:40:12:fd:49:b7:d2:43:e7:ee:ff:1b:ca:de:
                    64:4d:14:d4:18:9b:41:a5:46:d5:15:18:21:71:4b:
                    4d:e2:c8:2e:76:70:50:da:c5:ee:b1:50:3e:26:a6:
                    9d:dd:84:3a:85:06:96:1b:dc:ee:d9:20:79:d0:a5:
                    5b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:C8:49:CB:EC:DD:3C:D3:53:7C:98:59:B8:19:E6:1B:58:F9:16:F7
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/63b013d7-9fcd-46cd-b676-701a5d6699e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:f5:86:bc:ed:0c:1d:bd:fe:e7:d9:0e:0b:f3:ab:96:e1:b5:
         5c:12:63:a1:12:c8:25:8e:36:66:76:6d:fb:e0:95:f8:a4:43:
         16:f0:60:c5:d3:c2:f0:ec:7f:1b:87:18:5d:e0:02:b8:db:5a:
         94:3f:d2:62:2b:08:f1:00:bd:ad:8e:08:c8:9a:71:57:bc:7d:
         0c:3b:08:13:ae:8b:eb:21:ba:02:1b:95:32:f0:e4:78:39:3a:
         c2:a6:d4:3f:ab:f7:96:e6:6a:bf:ac:0c:97:e7:7d:6c:ad:dd:
         9b:c2:42:ad:73:2f:eb:da:bd:99:03:8f:54:85:be:a2:9b:da:
         12:59:44:7d:11:c3:a7:ad:ab:04:64:b7:aa:34:4a:18:f3:49:
         35:75:1b:60:a5:d8:5f:eb:5f:20:1c:bd:45:97:b2:94:db:c0:
         3c:a9:94:f1:c1:4e:48:ac:df:7c:99:aa:c2:29:3a:02:98:25:
         b2:24:fb:a6:f2:90:e2:f7:86:20:af:fe:e5:2d:85:a2:4c:1f:
         f7:40:72:cd:73:cd:8e:d4:5b:1d:0a:59:c8:a5:e7:d3:16:fb:
         53:9f:90:c3:14:d6:30:75:b6:50:47:91:49:9d:95:0a:f1:51:
         72:1c:00:e0:2e:3a:81:b4:d0:69:35:b3:fe:c6:b0:a0:b1:d0:
         6c:fc:4d:3f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZYB08V/sa48xWK0QFnJDhw4ldWwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE3MDAwMDAwWhcNMjIxMjIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGQ5YWM1ZjIxM2QyNGI3YWJjNjNjNmU4OTNjNTdjYTZl
ZDcwNGJjNDkyNzEyYjBhNmJiYzgyNDQ5ZDBkZWI1YjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJp0+4PdP3+llJ02xEvW8z4YbCXsGJW24oh0Q8lOIomqRmSnFqWY
6qAUBdLEDXl5ur7+SR2A4EOM9pDBo/ZqNOKose58mxEeZd3r/UsKeaEuNLDXWKb3
kYxTFslsHfzNIzQd4cPMm/bY3moCaF55IESfrqOdGV1z4IwuMWCPj0WaJnXcKJcw
mgS7J88/B++M5FI+CcLCTPHdMCI/N7TUEDjqKd5CP8S5v/w5b2JaMLNS+FTReRKc
/Fl4+9TpqMNuPKVB+3NAEv1Jt9JD5+7/G8reZE0U1BibQaVG1RUYIXFLTeLILnZw
UNrF7rFQPiamnd2EOoUGlhvc7tkgedClWzsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR1yEnL7N0801N8mFm4GeYbWPkW9zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjNiMDEzZDctOWZjZC00NmNkLWI2NzYtNzAxYTVkNjY5OWU0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHD1hrztDB29/ufZ
Dgvzq5bhtVwSY6ESyCWONmZ2bfvglfikQxbwYMXTwvDsfxuHGF3gArjbWpQ/0mIr
CPEAva2OCMiacVe8fQw7CBOui+shugIblTLw5Hg5OsKm1D+r95bmar+sDJfnfWyt
3ZvCQq1zL+vavZkDj1SFvqKb2hJZRH0Rw6etqwRkt6o0ShjzSTV1G2Cl2F/rXyAc
vUWXspTbwDyplPHBTkis33yZqsIpOgKYJbIk+6bykOL3hiCv/uUthaJMH/dAcs1z
zY7UWx0KWcil59MW+1OfkMMU1jB1tlBHkUmdlQrxUXIcAOAuOoG00Gk1s/7GsKCx
0Gz8TT8=
-----END CERTIFICATE-----