Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/68025b24-117b-4c68-9c85-52cad6487a0f.roa
File:                     68025b24-117b-4c68-9c85-52cad6487a0f.roa (raw, json)
Hash identifier:          11zNCTOL0bjlmPjbW3w+XRi6//+pzifAe4qFtJAYoRE=
Subject key identifier:   7F:C8:4E:88:79:2A:26:F1:5B:50:BC:B9:FE:C3:D4:A5:65:09:6F:47
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       76F5E917688EB097B62CED7B744DBE1C40AF0D6E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/68025b24-117b-4c68-9c85-52cad6487a0f.roa
Signing time:             Wed 23 Nov 2022 00:00:00 +0000
ROA not before:           Wed 23 Nov 2022 00:00:00 +0000
ROA not after:            Sat 26 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:f5:e9:17:68:8e:b0:97:b6:2c:ed:7b:74:4d:be:1c:40:af:0d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov 23 00:00:00 2022 GMT
            Not After : Nov 26 23:59:59 2022 GMT
        Subject: serialNumber=69752a32aba4f4f23053f7ae7f6fe6e1cb199cf87da233836ce62a7f3b7b80f6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:71:3e:c7:54:be:7e:33:52:ec:7e:bc:e7:33:
                    e4:5a:39:05:fc:9a:15:4d:4e:ab:95:bc:81:15:62:
                    5c:5f:75:f9:8d:e6:84:d9:2b:9a:98:6e:8d:53:48:
                    d5:7d:b3:6d:e7:8a:20:3f:ce:4e:97:bd:d4:61:33:
                    87:f7:fd:12:1d:49:9e:4a:d0:20:c5:46:51:0e:e7:
                    5e:fd:a1:e0:92:57:58:14:ad:d8:05:ad:85:55:1d:
                    45:70:c7:41:bd:36:79:80:21:b8:ff:b1:4a:36:84:
                    d5:e2:78:64:1b:aa:f6:47:9b:49:3a:2c:46:fb:89:
                    e7:1d:0d:84:43:ce:11:25:e4:fc:7a:1e:90:c3:88:
                    7a:7a:41:27:b0:dd:3e:4f:74:b9:17:d4:5d:d3:d5:
                    46:ca:7b:63:67:8b:d5:8c:48:96:9c:3d:93:7a:8f:
                    0d:c0:f9:e7:5d:52:78:68:b9:67:c7:87:63:de:8c:
                    e7:99:05:16:df:4d:3b:13:be:db:f4:4b:f1:92:fa:
                    4a:2a:f4:e8:db:f7:60:e4:b0:33:3f:d5:8b:06:b4:
                    d2:0c:b4:22:d6:d4:37:a0:6c:2c:ba:52:ed:da:7b:
                    69:d7:8f:7a:0f:16:cf:04:23:18:ed:5b:c0:1b:12:
                    b0:7a:8d:dc:5a:21:30:99:c1:14:19:75:c2:36:4e:
                    1b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C8:4E:88:79:2A:26:F1:5B:50:BC:B9:FE:C3:D4:A5:65:09:6F:47
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/68025b24-117b-4c68-9c85-52cad6487a0f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:a9:20:51:a3:94:5f:5a:05:0d:ae:14:64:a4:f6:c6:d2:82:
         06:66:76:22:52:72:6d:d4:50:3c:c4:0c:3c:4c:66:86:66:07:
         a0:46:4b:b6:75:e2:04:16:b4:a4:f6:65:aa:9c:9d:25:8a:82:
         0c:b9:8b:0d:dc:6e:ec:c5:0c:49:bb:30:92:81:5a:9f:92:c1:
         4a:b7:91:0f:87:64:6d:82:38:0e:b4:ec:cc:c8:4f:24:a5:45:
         ea:5d:ac:8d:eb:b3:03:ee:58:5c:7d:ca:0f:a5:6b:e1:99:76:
         7c:38:76:24:7e:05:1c:ae:a3:46:cc:b5:ac:fb:e4:0a:e1:ca:
         90:65:a4:21:0f:68:36:9a:c8:4f:03:af:eb:e7:d3:ab:9f:52:
         f3:22:0d:4c:37:17:d8:19:93:a4:8d:e8:7a:9c:37:2b:a9:88:
         0b:db:98:11:ea:3b:9c:79:72:c5:2b:60:98:6d:d8:16:22:9e:
         16:12:16:97:8c:44:ba:d8:1b:6e:cc:01:fa:78:8f:86:1e:2c:
         90:7f:5a:32:ab:3c:f1:80:df:51:93:69:e5:4c:ac:ea:28:6d:
         f3:1b:b0:6d:28:85:9c:3e:65:75:b9:05:6f:e4:23:96:b3:86:
         bd:84:03:7e:ce:69:b9:d7:99:c5:83:6d:3b:89:5e:a8:de:4c:
         7b:6a:d7:93
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdvXpF2iOsJe2LO17dE2+HECvDW4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTIzMDAwMDAwWhcNMjIxMTI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjk3NTJhMzJhYmE0ZjRmMjMwNTNmN2FlN2Y2ZmU2ZTFj
YjE5OWNmODdkYTIzMzgzNmNlNjJhN2YzYjdiODBmNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMpxPsdUvn4zUux+vOcz5Fo5BfyaFU1Oq5W8gRViXF91+Y3mhNkr
mphujVNI1X2zbeeKID/OTpe91GEzh/f9Eh1JnkrQIMVGUQ7nXv2h4JJXWBSt2AWt
hVUdRXDHQb02eYAhuP+xSjaE1eJ4ZBuq9kebSTosRvuJ5x0NhEPOESXk/HoekMOI
enpBJ7DdPk90uRfUXdPVRsp7Y2eL1YxIlpw9k3qPDcD5511SeGi5Z8eHY96M55kF
Ft9NOxO+2/RL8ZL6Sir06Nv3YOSwMz/Viwa00gy0ItbUN6BsLLpS7dp7adePeg8W
zwQjGO1bwBsSsHqN3FohMJnBFBl1wjZOGzMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR/yE6IeSom8VtQvLn+w9SlZQlvRzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjgwMjViMjQtMTE3Yi00YzY4LTljODUtNTJjYWQ2NDg3YTBmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEupIFGjlF9aBQ2u
FGSk9sbSggZmdiJScm3UUDzEDDxMZoZmB6BGS7Z14gQWtKT2ZaqcnSWKggy5iw3c
buzFDEm7MJKBWp+SwUq3kQ+HZG2COA607MzITySlRepdrI3rswPuWFx9yg+la+GZ
dnw4diR+BRyuo0bMtaz75ArhypBlpCEPaDaayE8Dr+vn06ufUvMiDUw3F9gZk6SN
6HqcNyupiAvbmBHqO5x5csUrYJht2BYinhYSFpeMRLrYG27MAfp4j4YeLJB/WjKr
PPGA31GTaeVMrOoobfMbsG0ohZw+ZXW5BW/kI5azhr2EA37OabnXmcWDbTuJXqje
THtq15M=
-----END CERTIFICATE-----