Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/682520ea-8a54-4d86-8a8b-2da1449067ac.roa
File:                     682520ea-8a54-4d86-8a8b-2da1449067ac.roa (raw, json)
Hash identifier:          K9aNdcugQqUd3vMvO+Hj4ioxEDHjJtEfB0IfK4ypyxU=
Subject key identifier:   48:D8:71:85:39:C1:1B:7A:23:F7:3F:CA:FB:62:ED:4C:70:E1:92:01
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       39F8DF300337856AD240E7EF9CAB5E51D6BCE0EE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/682520ea-8a54-4d86-8a8b-2da1449067ac.roa
Signing time:             Thu 27 Oct 2022 00:00:00 +0000
ROA not before:           Thu 27 Oct 2022 00:00:00 +0000
ROA not after:            Sun 30 Oct 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:f8:df:30:03:37:85:6a:d2:40:e7:ef:9c:ab:5e:51:d6:bc:e0:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Oct 27 00:00:00 2022 GMT
            Not After : Oct 30 23:59:59 2022 GMT
        Subject: serialNumber=6a0ce8b7fd54dfef5fdef76c7feccd99740583a8138ddcd1589f214e63de5bd8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4a:8a:43:6d:d7:05:b0:52:38:66:66:fd:40:
                    29:19:1d:60:43:25:34:a2:f4:cb:d5:5b:74:f3:0f:
                    51:6a:02:67:15:c4:ab:a6:ec:09:ea:25:4b:73:b4:
                    da:53:7a:4a:fd:22:de:a8:98:5d:fa:50:39:9c:de:
                    78:07:6a:56:6c:c4:ce:db:fb:4b:a1:59:2e:6f:b1:
                    6a:8a:26:7b:43:4f:38:13:a7:bd:5a:70:f9:fe:01:
                    41:44:84:20:28:0e:24:ec:cf:72:ac:a7:c4:ee:13:
                    3a:42:60:bc:06:4f:3d:a4:ca:21:c8:c6:2e:44:b3:
                    11:43:f5:0d:0c:31:4c:78:76:9d:39:44:76:d2:55:
                    b5:24:ca:8c:ac:85:54:8c:94:6a:5f:24:3c:8c:77:
                    b9:43:4a:90:31:02:dd:58:42:b1:67:4f:ae:55:19:
                    a1:85:bc:16:ef:f0:d5:c8:4c:9a:0d:6f:80:0c:d9:
                    f7:32:21:78:f1:0d:4a:78:07:4a:e5:60:a8:1b:22:
                    6f:e7:08:28:93:12:a2:e2:1a:bc:08:07:48:21:29:
                    f4:6f:c3:bb:68:e9:74:39:b0:79:b1:3f:17:bb:e3:
                    21:56:ad:9f:c6:61:2c:ac:90:b9:78:7f:b5:66:b6:
                    ef:b1:c0:80:c7:0f:c5:39:7d:41:50:5f:a5:2e:bb:
                    71:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:D8:71:85:39:C1:1B:7A:23:F7:3F:CA:FB:62:ED:4C:70:E1:92:01
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/682520ea-8a54-4d86-8a8b-2da1449067ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:74:b3:f3:64:ee:29:8a:eb:41:84:0e:cd:8a:0e:18:3f:ca:
         9b:e7:c0:36:3e:41:df:73:43:1f:96:d8:d0:ce:52:d5:25:b1:
         8a:5e:24:60:c6:27:84:96:6b:a0:6d:41:85:4a:59:2c:cc:10:
         09:6b:b0:1a:1f:a0:b3:2e:ee:0f:df:a5:55:73:3a:32:a0:3b:
         66:9e:ab:c2:c1:92:f3:fd:45:50:36:fd:be:ab:6f:ae:7b:27:
         d5:dc:80:36:95:35:7a:c0:97:2a:ef:2b:29:b6:1f:74:23:9d:
         ba:21:9e:22:40:67:cd:86:cd:fe:de:bc:b4:2d:f1:e2:f8:08:
         3c:98:45:db:d7:07:69:48:39:67:67:a4:be:d8:ab:a6:9f:9c:
         57:e1:42:ef:69:5c:c4:54:0d:bc:56:a6:00:f1:25:8d:bb:0e:
         2a:6b:d3:c5:02:a6:f8:cf:40:ea:fb:81:65:46:f4:e7:3c:0a:
         3d:49:18:85:00:c1:a3:1e:76:ce:c8:ec:f7:70:7c:01:e3:72:
         55:4e:24:17:58:b6:f9:f6:3d:05:a9:58:10:e6:82:6f:55:9d:
         c8:a9:1c:16:e0:4b:cb:c4:fa:2a:ff:88:23:0e:ab:7d:6d:96:
         16:52:7c:c9:c6:8c:52:61:88:fd:1f:f9:d9:ce:ec:06:37:09:
         5b:70:eb:55
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUOfjfMAM3hWrSQOfvnKteUda84O4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMDI3MDAwMDAwWhcNMjIxMDMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANmEwY2U4YjdmZDU0ZGZlZjVmZGVmNzZjN2ZlY2NkOTk3
NDA1ODNhODEzOGRkY2QxNTg5ZjIxNGU2M2RlNWJkODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANlKikNt1wWwUjhmZv1AKRkdYEMlNKL0y9VbdPMPUWoCZxXEq6bs
CeolS3O02lN6Sv0i3qiYXfpQOZzeeAdqVmzEztv7S6FZLm+xaoome0NPOBOnvVpw
+f4BQUSEICgOJOzPcqynxO4TOkJgvAZPPaTKIcjGLkSzEUP1DQwxTHh2nTlEdtJV
tSTKjKyFVIyUal8kPIx3uUNKkDEC3VhCsWdPrlUZoYW8Fu/w1chMmg1vgAzZ9zIh
ePENSngHSuVgqBsib+cIKJMSouIavAgHSCEp9G/Du2jpdDmwebE/F7vjIVatn8Zh
LKyQuXh/tWa277HAgMcPxTl9QVBfpS67casCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRI2HGFOcEbeiP3P8r7Yu1McOGSATAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjgyNTIwZWEtOGE1NC00ZDg2LThhOGItMmRhMTQ0OTA2N2FjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ90s/Nk7imK60GE
Ds2KDhg/ypvnwDY+Qd9zQx+W2NDOUtUlsYpeJGDGJ4SWa6BtQYVKWSzMEAlrsBof
oLMu7g/fpVVzOjKgO2aeq8LBkvP9RVA2/b6rb657J9XcgDaVNXrAlyrvKym2H3Qj
nbohniJAZ82Gzf7evLQt8eL4CDyYRdvXB2lIOWdnpL7Yq6afnFfhQu9pXMRUDbxW
pgDxJY27Dipr08UCpvjPQOr7gWVG9Oc8Cj1JGIUAwaMeds7I7PdwfAHjclVOJBdY
tvn2PQWpWBDmgm9VncipHBbgS8vE+ir/iCMOq31tlhZSfMnGjFJhiP0f+dnO7AY3
CVtw61U=
-----END CERTIFICATE-----