Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6573f3a9-b519-43a0-b41e-cd78b7140f64.roa
File:                     6573f3a9-b519-43a0-b41e-cd78b7140f64.roa (raw, json)
Hash identifier:          FCSpk9wN+qe6aVBjDDtgzqxygAZo8d+WQFehPXFCAKw=
Subject key identifier:   F4:C2:1C:40:2F:1C:D5:10:44:AA:0C:66:70:49:F5:93:BB:46:45:72
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7321128362B6BC8432DBAB1DD901E64BE0E25923
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6573f3a9-b519-43a0-b41e-cd78b7140f64.roa
Signing time:             Mon 26 Sep 2022 00:00:00 +0000
ROA not before:           Mon 26 Sep 2022 00:00:00 +0000
ROA not after:            Thu 29 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:21:12:83:62:b6:bc:84:32:db:ab:1d:d9:01:e6:4b:e0:e2:59:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 26 00:00:00 2022 GMT
            Not After : Sep 29 23:59:59 2022 GMT
        Subject: serialNumber=b11ebf4d04b20bf9825b476e6ebdbc9dbd99e54781789134b57aa8e5c471452e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:94:00:da:67:1c:d2:3f:6e:83:eb:89:24:87:
                    a6:ac:4a:f8:da:89:5d:22:39:97:89:4b:69:4b:bc:
                    6e:0e:69:21:81:a6:70:9d:68:26:a0:31:19:bf:2f:
                    6f:a8:12:71:62:99:cb:77:b5:9f:40:d7:26:38:f2:
                    31:02:95:94:d6:f7:94:1f:f7:7a:85:ae:50:4b:52:
                    97:ee:12:dd:4f:9c:1f:e8:38:f0:3a:2e:f0:f9:8e:
                    da:54:5b:d1:01:64:b6:4a:b8:26:73:81:00:b4:66:
                    1e:24:f2:c7:76:0c:d2:bb:ec:b7:62:fb:77:8d:d1:
                    d3:41:fa:a2:48:83:cb:7b:78:14:67:36:72:80:6d:
                    1d:86:45:cf:c7:63:1a:82:6e:5a:e5:85:f9:b8:91:
                    7f:a8:80:3f:6d:da:45:e9:7a:ac:50:29:fe:ac:27:
                    64:79:42:c5:5b:fd:26:cd:71:87:30:ca:18:7b:75:
                    94:c0:50:e1:6f:61:7d:20:d6:55:8c:82:2e:4a:80:
                    35:97:76:6a:3d:b7:82:17:86:50:7b:d9:72:9c:e4:
                    fb:35:f4:cc:93:9e:0f:14:3d:1e:56:43:79:1b:61:
                    e4:14:50:39:e0:20:a8:4d:45:eb:4a:f1:2c:03:24:
                    67:70:33:85:a0:3c:9d:00:79:1a:07:3b:24:39:84:
                    42:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C2:1C:40:2F:1C:D5:10:44:AA:0C:66:70:49:F5:93:BB:46:45:72
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6573f3a9-b519-43a0-b41e-cd78b7140f64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:6c:c7:f1:58:6b:64:14:a8:c4:99:c2:64:f9:3d:03:71:b4:
         6d:c6:84:39:6a:52:75:e1:9c:18:a1:c4:d3:7a:a7:c9:c3:44:
         c8:ac:81:0b:8f:35:28:e4:37:8e:20:61:4a:c0:b2:f8:f5:63:
         00:4c:5a:fd:91:0b:b9:52:a2:bc:a9:0f:ac:de:83:99:3b:a5:
         d5:d0:54:eb:e8:27:4c:13:3d:9e:10:45:e7:04:3e:30:b7:43:
         f6:c6:1a:e8:04:85:f1:f1:b0:93:57:f4:65:77:81:67:5a:b7:
         47:51:7e:67:57:51:2d:1b:ee:90:e8:46:cd:26:99:c0:e3:5e:
         20:0c:36:6f:2c:c3:79:90:2c:b3:e4:ce:14:16:77:2d:c9:b2:
         9c:7b:b8:ed:4d:aa:8e:7c:77:6c:04:31:0f:6a:10:a2:11:b4:
         92:d7:c8:a8:cc:3f:62:ac:78:99:53:ba:10:44:4b:c5:70:b3:
         6e:47:f8:24:12:99:d6:47:ad:64:3d:70:a6:31:3d:16:de:7e:
         e0:e8:59:73:15:53:82:5f:68:fa:f2:3f:f0:03:34:ed:4c:36:
         f1:65:a0:7b:85:c4:4a:1f:05:6a:56:ab:61:24:a7:89:12:c7:
         68:19:e8:24:7e:c7:3a:85:65:15:73:cb:fe:9c:d2:0b:d7:ca:
         bc:63:d4:20
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcyESg2K2vIQy26sd2QHmS+DiWSMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTI2MDAwMDAwWhcNMjIwOTI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjExZWJmNGQwNGIyMGJmOTgyNWI0NzZlNmViZGJjOWRi
ZDk5ZTU0NzgxNzg5MTM0YjU3YWE4ZTVjNDcxNDUyZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALGUANpnHNI/boPriSSHpqxK+NqJXSI5l4lLaUu8bg5pIYGmcJ1o
JqAxGb8vb6gScWKZy3e1n0DXJjjyMQKVlNb3lB/3eoWuUEtSl+4S3U+cH+g48Dou
8PmO2lRb0QFktkq4JnOBALRmHiTyx3YM0rvst2L7d43R00H6okiDy3t4FGc2coBt
HYZFz8djGoJuWuWF+biRf6iAP23aRel6rFAp/qwnZHlCxVv9Js1xhzDKGHt1lMBQ
4W9hfSDWVYyCLkqANZd2aj23gheGUHvZcpzk+zX0zJOeDxQ9HlZDeRth5BRQOeAg
qE1F60rxLAMkZ3AzhaA8nQB5Ggc7JDmEQhMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT0whxALxzVEESqDGZwSfWTu0ZFcjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjU3M2YzYTktYjUxOS00M2EwLWI0MWUtY2Q3OGI3MTQwZjY0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGhsx/FYa2QUqMSZ
wmT5PQNxtG3GhDlqUnXhnBihxNN6p8nDRMisgQuPNSjkN44gYUrAsvj1YwBMWv2R
C7lSorypD6zeg5k7pdXQVOvoJ0wTPZ4QRecEPjC3Q/bGGugEhfHxsJNX9GV3gWda
t0dRfmdXUS0b7pDoRs0mmcDjXiAMNm8sw3mQLLPkzhQWdy3Jspx7uO1Nqo58d2wE
MQ9qEKIRtJLXyKjMP2KseJlTuhBES8Vws25H+CQSmdZHrWQ9cKYxPRbefuDoWXMV
U4JfaPryP/ADNO1MNvFloHuFxEofBWpWq2Ekp4kSx2gZ6CR+xzqFZRVzy/6c0gvX
yrxj1CA=
-----END CERTIFICATE-----