Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6497a9bc-4902-4aaa-8036-9f32164f2eee.roa
File:                     6497a9bc-4902-4aaa-8036-9f32164f2eee.roa (raw, json)
Hash identifier:          UNOx6JDVRJVCb/DPKK1HX+eLFlOhAkZalJyVsOXfgvg=
Subject key identifier:   33:A3:54:02:3D:64:37:BF:E9:B8:3A:B9:D7:2E:16:43:D2:B1:92:1B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2462691CF18678E140F157D4978EAAC7A854CC2B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6497a9bc-4902-4aaa-8036-9f32164f2eee.roa
Signing time:             Thu 11 Aug 2022 00:00:00 +0000
ROA not before:           Thu 11 Aug 2022 00:00:00 +0000
ROA not after:            Sun 14 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:62:69:1c:f1:86:78:e1:40:f1:57:d4:97:8e:aa:c7:a8:54:cc:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 11 00:00:00 2022 GMT
            Not After : Aug 14 23:59:59 2022 GMT
        Subject: serialNumber=67879b5b1f18ff80c2fdb2a176364f5afb74f6d73e69bc36d0fd2661b3ba4823, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:07:b3:e0:86:9b:2f:cf:9e:fd:b2:29:a9:af:
                    87:85:7d:59:5d:ba:cb:27:ab:7b:db:47:e9:17:92:
                    1a:e7:47:05:9b:4a:8c:17:5e:86:ed:fb:5b:9f:29:
                    33:f4:0f:8b:8d:5d:4a:1b:e7:24:e7:c9:36:d6:9c:
                    0b:56:9c:0b:2a:3f:fd:e8:e3:92:6d:81:42:91:6a:
                    42:59:a9:81:7a:ee:c2:f4:dd:97:10:19:6a:ff:26:
                    0d:bf:22:aa:ad:1a:f1:bc:8a:ac:f8:1b:da:6c:5b:
                    bd:93:d5:4b:ea:38:28:8d:87:1a:17:1f:61:a6:33:
                    f6:ee:b0:d4:be:79:14:fb:b1:08:50:3b:68:03:4e:
                    a1:c8:d8:f5:92:19:14:62:4e:a3:7f:e0:a2:50:fb:
                    56:3f:33:1b:3b:2c:48:b9:11:54:28:e1:56:53:e6:
                    fd:92:51:79:dd:62:9c:15:55:2b:be:ab:af:2a:92:
                    b8:7b:4e:1a:74:ab:ca:f2:63:50:b3:fd:99:f5:81:
                    59:fa:26:3b:61:98:66:eb:ba:7e:16:11:b3:4a:d9:
                    f1:5a:87:4d:0c:bb:28:2e:8d:37:23:eb:6c:9d:fe:
                    a9:8d:bf:c9:cc:14:62:3e:5b:6a:7f:07:1e:9e:b7:
                    6a:54:0d:e8:5b:a4:14:0c:37:ca:c1:b3:fc:f7:42:
                    d4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A3:54:02:3D:64:37:BF:E9:B8:3A:B9:D7:2E:16:43:D2:B1:92:1B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6497a9bc-4902-4aaa-8036-9f32164f2eee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:45:d5:25:0b:3c:94:3a:3e:09:b3:06:61:a5:13:e5:bc:e5:
         f5:ae:c9:05:83:51:27:0c:6d:02:42:6d:8e:6a:46:d9:f1:4d:
         23:f6:51:9b:a6:4c:1a:8c:46:1e:1f:49:95:58:2f:17:f7:1a:
         f3:4f:6c:6d:29:9a:51:ef:fc:38:99:78:51:20:c0:15:fa:ec:
         a4:b7:67:4e:8a:a9:f0:b8:72:6e:3f:bd:a3:e0:f7:fb:97:51:
         d5:cf:2c:e4:36:57:b5:91:38:a0:ec:e9:0e:6b:58:b4:6b:54:
         b8:fc:e0:87:95:47:c2:8b:a1:b3:8c:3c:8f:e4:6d:b9:b1:df:
         af:23:e0:23:6d:ae:24:7f:6e:e0:15:e9:e9:e5:f7:83:d9:78:
         5d:05:5a:93:7d:5e:aa:14:dc:bd:8a:29:89:87:c7:60:62:dc:
         eb:36:ca:96:13:1a:50:f6:47:94:2e:66:ff:3e:b8:74:86:96:
         9b:10:b5:3b:3a:24:6b:2b:25:56:c4:41:df:14:88:ce:fe:04:
         6d:ba:1e:eb:2b:74:23:76:20:f5:d2:60:ce:77:05:f5:02:95:
         0f:f8:21:1d:51:66:1e:ff:f6:5b:7d:e7:3e:62:92:e5:09:91:
         1c:ef:c5:b7:eb:a0:9d:71:5a:9e:e2:eb:82:66:8f:ae:1a:79:
         69:18:c2:73
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJGJpHPGGeOFA8VfUl46qx6hUzCswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODExMDAwMDAwWhcNMjIwODE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjc4NzliNWIxZjE4ZmY4MGMyZmRiMmExNzYzNjRmNWFm
Yjc0ZjZkNzNlNjliYzM2ZDBmZDI2NjFiM2JhNDgyMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJoHs+CGmy/Pnv2yKamvh4V9WV26yyere9tH6ReSGudHBZtKjBde
hu37W58pM/QPi41dShvnJOfJNtacC1acCyo//ejjkm2BQpFqQlmpgXruwvTdlxAZ
av8mDb8iqq0a8byKrPgb2mxbvZPVS+o4KI2HGhcfYaYz9u6w1L55FPuxCFA7aANO
ocjY9ZIZFGJOo3/golD7Vj8zGzssSLkRVCjhVlPm/ZJRed1inBVVK76rryqSuHtO
GnSryvJjULP9mfWBWfomO2GYZuu6fhYRs0rZ8VqHTQy7KC6NNyPrbJ3+qY2/ycwU
Yj5ban8HHp63alQN6FukFAw3ysGz/PdC1AMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQzo1QCPWQ3v+m4OrnXLhZD0rGSGzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjQ5N2E5YmMtNDkwMi00YWFhLTgwMzYtOWYzMjE2NGYyZWVlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAtF1SULPJQ6Pgmz
BmGlE+W85fWuyQWDUScMbQJCbY5qRtnxTSP2UZumTBqMRh4fSZVYLxf3GvNPbG0p
mlHv/DiZeFEgwBX67KS3Z06KqfC4cm4/vaPg9/uXUdXPLOQ2V7WROKDs6Q5rWLRr
VLj84IeVR8KLobOMPI/kbbmx368j4CNtriR/buAV6enl94PZeF0FWpN9XqoU3L2K
KYmHx2Bi3Os2ypYTGlD2R5QuZv8+uHSGlpsQtTs6JGsrJVbEQd8UiM7+BG26Husr
dCN2IPXSYM53BfUClQ/4IR1RZh7/9lt95z5ikuUJkRzvxbfroJ1xWp7i64Jmj64a
eWkYwnM=
-----END CERTIFICATE-----