Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/65e43ad7-6457-471c-b63c-fd5f541d2ded.roa
File:                     65e43ad7-6457-471c-b63c-fd5f541d2ded.roa (raw, json)
Hash identifier:          pn52rfVDM5vRshW4prqmehVXJoTo7HKR6fSK6yWy8gY=
Subject key identifier:   34:44:DA:E9:9A:A5:30:2D:F7:3F:85:91:4D:49:77:74:78:AA:94:07
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7C092607E76B20DF768CA014138DCE48DD1CF533
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/65e43ad7-6457-471c-b63c-fd5f541d2ded.roa
Signing time:             Tue 11 Oct 2022 00:00:00 +0000
ROA not before:           Tue 11 Oct 2022 00:00:00 +0000
ROA not after:            Fri 14 Oct 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:09:26:07:e7:6b:20:df:76:8c:a0:14:13:8d:ce:48:dd:1c:f5:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Oct 11 00:00:00 2022 GMT
            Not After : Oct 14 23:59:59 2022 GMT
        Subject: serialNumber=290d58e639a47e92f6bdf7852f22dcae7e5c332476e5f82c7b8532b0d2ac69fa, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:50:0a:80:0f:99:5f:03:e9:03:8c:f0:c7:42:
                    a0:b8:77:06:87:d6:b7:4a:09:2d:a5:e0:66:67:0e:
                    d7:a3:94:8a:e6:2e:ef:b8:39:51:75:d8:72:90:32:
                    68:25:3c:ee:fc:89:10:b7:f4:d1:85:5f:69:a3:a4:
                    f5:73:44:a7:98:e0:d5:82:d3:c8:bf:65:78:87:52:
                    d6:6a:5a:e2:29:02:ad:de:5d:7e:4b:e5:76:75:04:
                    2e:a1:21:5c:a7:64:52:25:a1:6d:77:79:bb:77:71:
                    e6:53:29:15:05:f2:96:69:e4:b1:b9:f6:3e:f0:ba:
                    24:ed:48:f3:2f:cf:c9:d5:06:2c:69:c0:09:38:00:
                    08:1f:b2:1b:de:d3:71:05:fe:2b:21:1b:f9:30:4c:
                    95:35:d4:08:19:03:67:ba:29:35:84:2b:b4:42:b8:
                    bb:7f:a2:b9:1e:0c:5a:7a:ba:12:c7:8a:91:e8:f8:
                    91:70:35:b9:97:80:ab:cb:c5:d2:37:c2:a4:f3:7e:
                    2e:f0:b7:4c:25:53:6f:71:4b:7a:20:8a:3e:fe:ad:
                    18:c0:17:b3:37:f8:0c:6c:d7:78:c8:b4:24:de:f0:
                    23:9b:89:c7:d5:fc:37:49:56:eb:1a:89:6b:61:f5:
                    7c:b3:46:7d:19:29:4a:38:df:c0:01:26:61:db:5a:
                    80:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:44:DA:E9:9A:A5:30:2D:F7:3F:85:91:4D:49:77:74:78:AA:94:07
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/65e43ad7-6457-471c-b63c-fd5f541d2ded.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ba:3c:c4:a5:9f:46:3d:ac:15:3b:9e:4b:54:f7:51:74:e1:
         32:f5:2f:d3:3b:9a:f1:1e:86:81:02:9d:44:81:52:b6:19:17:
         be:d4:aa:ea:b1:cc:a3:7a:95:89:ab:21:59:5d:fd:98:a1:36:
         9b:d1:e0:de:25:56:a2:9c:cb:23:52:48:2d:7a:7a:3b:ce:64:
         e6:55:e4:49:a1:4c:ea:36:2e:e3:3b:6f:39:86:43:95:90:ed:
         d4:a4:00:17:73:cd:f2:b9:d5:0f:f6:51:ae:a1:32:be:79:e2:
         aa:21:e7:a9:a2:4e:d4:75:39:8c:7a:cf:b9:8a:df:7a:cc:b8:
         e5:ad:f2:f4:e3:af:39:51:49:94:fb:14:70:2a:d9:7d:4e:2e:
         d6:77:4f:2d:ce:e1:f3:b9:c6:05:29:5e:77:2b:13:91:18:16:
         2e:f5:90:be:20:65:f2:a6:a5:52:64:45:82:cf:04:fa:55:8c:
         d9:e9:52:1d:e5:05:03:77:25:d3:27:26:01:33:d5:28:21:79:
         0f:70:91:93:e6:0e:76:20:2b:8b:dc:89:b2:9d:1b:1f:35:02:
         b8:35:1b:3e:f5:55:f5:cc:53:c9:52:1e:25:11:ad:64:71:a4:
         58:4b:5d:35:33:65:1d:8c:be:53:cb:a7:bf:93:1c:0e:08:cd:
         27:c6:83:20
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfAkmB+drIN92jKAUE43OSN0c9TMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMDExMDAwMDAwWhcNMjIxMDE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMjkwZDU4ZTYzOWE0N2U5MmY2YmRmNzg1MmYyMmRjYWU3
ZTVjMzMyNDc2ZTVmODJjN2I4NTMyYjBkMmFjNjlmYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOpQCoAPmV8D6QOM8MdCoLh3BofWt0oJLaXgZmcO16OUiuYu77g5
UXXYcpAyaCU87vyJELf00YVfaaOk9XNEp5jg1YLTyL9leIdS1mpa4ikCrd5dfkvl
dnUELqEhXKdkUiWhbXd5u3dx5lMpFQXylmnksbn2PvC6JO1I8y/PydUGLGnACTgA
CB+yG97TcQX+KyEb+TBMlTXUCBkDZ7opNYQrtEK4u3+iuR4MWnq6EseKkej4kXA1
uZeAq8vF0jfCpPN+LvC3TCVTb3FLeiCKPv6tGMAXszf4DGzXeMi0JN7wI5uJx9X8
N0lW6xqJa2H1fLNGfRkpSjjfwAEmYdtagNECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ0RNrpmqUwLfc/hZFNSXd0eKqUBzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjVlNDNhZDctNjQ1Ny00NzFjLWI2M2MtZmQ1ZjU0MWQyZGVkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADW6PMSln0Y9rBU7
nktU91F04TL1L9M7mvEehoECnUSBUrYZF77UquqxzKN6lYmrIVld/ZihNpvR4N4l
VqKcyyNSSC16ejvOZOZV5EmhTOo2LuM7bzmGQ5WQ7dSkABdzzfK51Q/2Ua6hMr55
4qoh56miTtR1OYx6z7mK33rMuOWt8vTjrzlRSZT7FHAq2X1OLtZ3Ty3O4fO5xgUp
XncrE5EYFi71kL4gZfKmpVJkRYLPBPpVjNnpUh3lBQN3JdMnJgEz1SgheQ9wkZPm
DnYgK4vcibKdGx81Arg1Gz71VfXMU8lSHiURrWRxpFhLXTUzZR2MvlPLp7+THA4I
zSfGgyA=
-----END CERTIFICATE-----