Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6aefef39-9b13-4f49-b159-5463ffc2c016.roa
File:                     6aefef39-9b13-4f49-b159-5463ffc2c016.roa (raw, json)
Hash identifier:          CJkQEL5jmQLoQa4UM15w+xtD9e7iG8ni9+v39lkJqQ4=
Subject key identifier:   5D:96:93:DA:AD:71:FB:2B:7E:0B:5A:5D:D8:3B:7E:E7:E5:CB:15:81
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3AD8EC793F3D85E9ECD6E656E89B9555048730AB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6aefef39-9b13-4f49-b159-5463ffc2c016.roa
Signing time:             Fri 18 Nov 2022 00:00:00 +0000
ROA not before:           Fri 18 Nov 2022 00:00:00 +0000
ROA not after:            Mon 21 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:d8:ec:79:3f:3d:85:e9:ec:d6:e6:56:e8:9b:95:55:04:87:30:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov 18 00:00:00 2022 GMT
            Not After : Nov 21 23:59:59 2022 GMT
        Subject: serialNumber=386329d4677f5f037f7bf2e2c4f06d9738790dc3fcd9d7d1d003aac288c82a11, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:9a:9f:19:3a:a6:21:aa:ae:e7:1a:8d:a8:ca:
                    90:b3:1b:92:03:94:bb:01:40:44:ad:cb:64:27:dc:
                    3f:06:a2:1d:c8:23:5f:c6:ee:f6:4c:37:a7:1a:a9:
                    52:b0:1e:0c:c4:c7:d0:80:a3:28:df:ac:2d:7c:71:
                    53:35:cf:68:29:a0:16:63:a9:39:c5:9b:39:cf:08:
                    e7:2b:4d:86:b9:52:e3:d6:e9:9c:8d:5d:80:35:9f:
                    bb:61:87:65:0d:aa:20:67:69:0e:50:9b:6c:ec:3a:
                    b9:69:29:e9:a2:68:9e:06:ea:3d:ba:35:07:fc:9b:
                    a8:89:0c:fb:e7:3b:ed:62:bd:ee:ea:89:e9:9e:4e:
                    2f:05:d4:be:82:6a:a5:dd:29:8b:ca:b0:f3:98:2b:
                    da:9c:d2:60:e5:72:9a:4c:b8:0a:f9:3a:f8:01:6b:
                    f8:fa:fe:12:e1:8c:5f:e7:91:de:d3:f9:5f:c6:51:
                    60:c7:1c:37:a3:9c:03:db:88:ac:16:8a:d4:10:75:
                    10:ed:8d:3a:eb:58:59:0a:b0:e2:58:c2:5f:a7:e5:
                    b4:80:84:2e:47:dc:94:a7:85:32:5d:f7:5c:ac:be:
                    66:40:0e:ec:14:2f:1f:6a:07:b3:62:33:1e:60:73:
                    83:d6:d8:05:a3:b9:45:9c:41:c9:47:8c:c7:36:8f:
                    ad:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:96:93:DA:AD:71:FB:2B:7E:0B:5A:5D:D8:3B:7E:E7:E5:CB:15:81
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6aefef39-9b13-4f49-b159-5463ffc2c016.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:72:09:28:40:68:73:84:47:83:f5:fd:27:e1:52:b3:90:4f:
         80:e9:d2:5a:65:49:78:e8:20:f7:9a:f0:26:74:0f:a1:82:c1:
         f7:50:8d:ab:1a:1f:b9:68:ae:42:ca:0b:fe:35:73:43:09:17:
         76:b1:d6:08:11:87:7e:2c:8f:93:e6:ad:f2:70:3b:7b:db:39:
         3d:e4:07:8c:8d:f3:c2:ab:ea:e0:05:fb:0b:cb:8b:2b:fe:5c:
         bf:fe:8e:3c:2c:57:97:3d:ed:1b:12:15:f2:88:1b:53:58:25:
         49:66:1f:4b:8f:f3:66:a3:0c:f5:a1:d4:bd:ad:88:75:49:ee:
         e0:c7:88:15:7a:56:64:80:b0:a2:bc:32:94:7e:8f:ce:3f:e1:
         82:08:02:02:fb:46:61:3e:78:7d:07:d4:7c:84:d8:fa:38:cd:
         76:e3:5f:46:6a:b6:ef:94:6a:c3:56:a7:c3:8f:76:fc:d3:9d:
         6a:01:1b:56:db:2b:0e:16:fd:c1:b6:32:33:46:e1:25:d9:48:
         3b:e0:09:3d:7a:1f:b9:bd:4c:2b:a2:88:2a:76:75:36:8b:41:
         41:cb:21:e8:f4:f6:94:02:07:c8:2a:da:2a:0c:7b:30:a1:b1:
         9c:ec:f4:c2:1d:73:17:d0:ac:3e:88:3d:99:ff:68:b5:32:25:
         47:ca:96:20
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUOtjseT89hens1uZW6JuVVQSHMKswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTE4MDAwMDAwWhcNMjIxMTIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzg2MzI5ZDQ2NzdmNWYwMzdmN2JmMmUyYzRmMDZkOTcz
ODc5MGRjM2ZjZDlkN2QxZDAwM2FhYzI4OGM4MmExMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANGanxk6piGqrucajajKkLMbkgOUuwFARK3LZCfcPwaiHcgjX8bu
9kw3pxqpUrAeDMTH0ICjKN+sLXxxUzXPaCmgFmOpOcWbOc8I5ytNhrlS49bpnI1d
gDWfu2GHZQ2qIGdpDlCbbOw6uWkp6aJongbqPbo1B/ybqIkM++c77WK97uqJ6Z5O
LwXUvoJqpd0pi8qw85gr2pzSYOVymky4Cvk6+AFr+Pr+EuGMX+eR3tP5X8ZRYMcc
N6OcA9uIrBaK1BB1EO2NOutYWQqw4ljCX6fltICELkfclKeFMl33XKy+ZkAO7BQv
H2oHs2IzHmBzg9bYBaO5RZxByUeMxzaPrZ8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRdlpParXH7K34LWl3YO37n5csVgTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNmFlZmVmMzktOWIxMy00ZjQ5LWIxNTktNTQ2M2ZmYzJjMDE2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAlyCShAaHOER4P1
/SfhUrOQT4Dp0lplSXjoIPea8CZ0D6GCwfdQjasaH7lorkLKC/41c0MJF3ax1ggR
h34sj5PmrfJwO3vbOT3kB4yN88Kr6uAF+wvLiyv+XL/+jjwsV5c97RsSFfKIG1NY
JUlmH0uP82ajDPWh1L2tiHVJ7uDHiBV6VmSAsKK8MpR+j84/4YIIAgL7RmE+eH0H
1HyE2Po4zXbjX0Zqtu+UasNWp8OPdvzTnWoBG1bbKw4W/cG2MjNG4SXZSDvgCT16
H7m9TCuiiCp2dTaLQUHLIej09pQCB8gq2ioMezChsZzs9MIdcxfQrD6IPZn/aLUy
JUfKliA=
-----END CERTIFICATE-----