Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7279cadf-1e9c-46de-a4f2-4b6a571a9b44.roa
File:                     7279cadf-1e9c-46de-a4f2-4b6a571a9b44.roa (raw, json)
Hash identifier:          wGVvtI7s1Om1GLb/Bh5R3pZzFr569Rdwdi8elFbLZbU=
Subject key identifier:   A7:F7:DE:00:8B:A2:39:8E:DD:F5:8D:6F:5A:E1:B6:D7:5B:36:DD:96
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       55C606FD1D7F475AD5BED34278C751718ABB263C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7279cadf-1e9c-46de-a4f2-4b6a571a9b44.roa
Signing time:             Thu 29 Dec 2022 00:00:00 +0000
ROA not before:           Thu 29 Dec 2022 00:00:00 +0000
ROA not after:            Sun 01 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:c6:06:fd:1d:7f:47:5a:d5:be:d3:42:78:c7:51:71:8a:bb:26:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 29 00:00:00 2022 GMT
            Not After : Jan  1 23:59:59 2023 GMT
        Subject: serialNumber=392a021b94d98441ceb0217b58e7782a6b0cb3f2fe9b033a15597d31fd2333b3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:91:dc:3b:ec:09:8b:2b:89:90:6f:32:2e:d3:
                    e5:ac:40:3c:49:b0:df:59:dc:a1:b9:7f:69:d0:98:
                    48:a1:8e:89:b5:47:31:b0:59:3f:b0:a0:53:30:ee:
                    9d:f8:6d:fa:41:aa:ae:6d:e9:32:1f:b8:b2:07:db:
                    9f:e6:b6:53:e7:1a:9f:bc:23:ac:41:2e:26:23:5f:
                    33:44:4e:cf:b9:f8:ed:06:2e:80:ea:b4:2a:7e:f7:
                    a5:fa:c9:ae:16:3a:c2:2d:7c:7f:97:71:5d:31:a7:
                    c1:73:94:3f:28:f2:de:22:bd:6c:07:cf:f4:bc:10:
                    58:28:7a:d2:d2:43:d9:8d:6d:41:8e:89:86:ad:a8:
                    7d:8d:af:e8:df:b1:fd:29:bb:ee:c3:e8:a1:9f:19:
                    03:6b:74:86:95:ff:78:8d:8b:75:c1:18:54:ff:f5:
                    03:38:fd:b8:50:e6:81:3a:66:20:65:53:73:8c:4f:
                    20:8e:b8:e5:78:c0:78:d9:8b:42:c5:e6:2a:46:bf:
                    5b:72:c9:75:ea:79:dd:76:3e:21:9f:cb:ff:b4:3f:
                    03:83:ed:8b:af:41:5d:4d:bf:91:eb:8e:6b:0b:bd:
                    fe:90:34:bf:fe:e4:26:75:a2:80:77:e1:0e:34:7d:
                    2e:00:21:40:dd:26:19:cb:5a:7b:4d:63:fd:35:ba:
                    58:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F7:DE:00:8B:A2:39:8E:DD:F5:8D:6F:5A:E1:B6:D7:5B:36:DD:96
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7279cadf-1e9c-46de-a4f2-4b6a571a9b44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:a5:3a:2c:2c:1c:52:bb:06:3d:8e:ae:84:ba:63:41:12:92:
         bd:3e:e6:f5:ad:d1:0b:be:aa:9f:df:2b:f9:1f:45:71:07:0e:
         46:d0:65:84:c6:5f:69:d8:6f:82:6e:2e:22:00:f4:08:8e:fd:
         2f:a0:29:04:6c:aa:ef:94:d8:cf:7b:7b:fb:5d:b7:fa:06:06:
         06:0c:e0:dc:4d:8d:2f:29:00:47:d4:c5:0c:54:e8:a6:ac:76:
         aa:60:ec:07:f3:1a:dc:39:65:0d:7b:5b:c3:8d:2a:4f:f3:6a:
         e3:a8:36:e2:51:c0:0b:a2:85:83:3e:47:72:e4:b2:92:49:03:
         13:45:64:e0:c5:f6:f7:d4:56:d7:48:81:a8:a2:90:83:68:26:
         9d:22:53:17:41:c3:02:ae:08:55:61:8c:8a:8d:98:1c:db:94:
         b5:3a:ff:92:17:45:66:e0:6f:e6:bf:f7:57:a4:29:d9:2b:4a:
         c5:9d:7a:69:19:22:10:9e:ae:44:8c:37:12:0d:5e:3d:e1:f7:
         9e:a7:7a:74:84:26:f3:4f:cf:78:2b:02:ab:b0:ae:fa:63:2a:
         37:ae:5c:1a:0a:46:87:96:99:b8:51:8a:21:5d:38:fc:38:f1:
         dc:d2:12:77:12:0f:10:e5:27:38:6c:0c:86:d5:91:4f:50:2f:
         c2:4d:38:97
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVcYG/R1/R1rVvtNCeMdRcYq7JjwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI5MDAwMDAwWhcNMjMwMTAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzkyYTAyMWI5NGQ5ODQ0MWNlYjAyMTdiNThlNzc4MmE2
YjBjYjNmMmZlOWIwMzNhMTU1OTdkMzFmZDIzMzNiMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAO+R3DvsCYsriZBvMi7T5axAPEmw31ncobl/adCYSKGOibVHMbBZ
P7CgUzDunfht+kGqrm3pMh+4sgfbn+a2U+can7wjrEEuJiNfM0ROz7n47QYugOq0
Kn73pfrJrhY6wi18f5dxXTGnwXOUPyjy3iK9bAfP9LwQWCh60tJD2Y1tQY6Jhq2o
fY2v6N+x/Sm77sPooZ8ZA2t0hpX/eI2LdcEYVP/1Azj9uFDmgTpmIGVTc4xPII64
5XjAeNmLQsXmKka/W3LJdep53XY+IZ/L/7Q/A4Pti69BXU2/keuOawu9/pA0v/7k
JnWigHfhDjR9LgAhQN0mGctae01j/TW6WAMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSn994Ai6I5jt31jW9a4bbXWzbdljAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzI3OWNhZGYtMWU5Yy00NmRlLWE0ZjItNGI2YTU3MWE5YjQ0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHKlOiwsHFK7Bj2O
roS6Y0ESkr0+5vWt0Qu+qp/fK/kfRXEHDkbQZYTGX2nYb4JuLiIA9AiO/S+gKQRs
qu+U2M97e/tdt/oGBgYM4NxNjS8pAEfUxQxU6Kasdqpg7AfzGtw5ZQ17W8ONKk/z
auOoNuJRwAuihYM+R3LkspJJAxNFZODF9vfUVtdIgaiikINoJp0iUxdBwwKuCFVh
jIqNmBzblLU6/5IXRWbgb+a/91ekKdkrSsWdemkZIhCerkSMNxINXj3h956nenSE
JvNPz3grAquwrvpjKjeuXBoKRoeWmbhRiiFdOPw48dzSEncSDxDlJzhsDIbVkU9Q
L8JNOJc=
-----END CERTIFICATE-----