Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/74154370-9491-4273-9783-ec1927b055b0.roa
File:                     74154370-9491-4273-9783-ec1927b055b0.roa (raw, json)
Hash identifier:          WSHZifkVUx/BYyqSlr32Qivu4JasAP+FYoG5nYJmbVs=
Subject key identifier:   51:A9:A8:02:75:0B:3F:78:2F:D7:A2:93:DE:62:C3:0A:B1:88:8C:A5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       11B96EE81D80BD1B15380DF22F641FFD423B4D58
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/74154370-9491-4273-9783-ec1927b055b0.roa
Signing time:             Fri 02 Dec 2022 00:00:00 +0000
ROA not before:           Fri 02 Dec 2022 00:00:00 +0000
ROA not after:            Mon 05 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:b9:6e:e8:1d:80:bd:1b:15:38:0d:f2:2f:64:1f:fd:42:3b:4d:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  2 00:00:00 2022 GMT
            Not After : Dec  5 23:59:59 2022 GMT
        Subject: serialNumber=7973a9abd581af157e465f659115b34bd1ffe55b4a5db378a3dd5940368d6341, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:16:32:a8:bb:07:5c:e5:43:ba:e2:56:0e:ac:
                    ed:9d:6d:37:db:05:ee:89:3f:6f:57:2a:d7:a0:45:
                    04:db:d7:ee:a9:8b:01:26:a7:56:e3:f4:6e:f8:8b:
                    61:13:9d:fb:c6:3c:0b:2c:60:ec:41:8a:c8:39:69:
                    cb:74:8c:2f:78:36:47:32:ca:89:83:a3:ce:de:3a:
                    56:9d:46:6b:2d:4d:e4:35:af:43:f9:19:af:3a:3c:
                    44:17:d8:a6:f5:bc:d0:64:76:1a:89:9a:81:47:8e:
                    9a:21:19:cd:3f:94:44:da:d3:de:ba:d0:f5:f7:7e:
                    d7:38:13:81:26:11:38:d1:c5:12:a2:c5:b8:ec:d7:
                    dc:69:38:12:4c:98:ee:ee:c8:cf:5a:f9:ab:f4:83:
                    48:a4:be:9d:bb:13:90:c8:58:6c:eb:43:1a:fa:9b:
                    a1:93:14:f8:31:70:8a:a0:dd:de:90:a2:3f:8e:ac:
                    a8:b4:2b:3c:73:44:76:71:ee:ef:06:b9:dd:72:86:
                    72:e8:67:62:37:df:12:22:cc:51:3e:e6:6b:04:e2:
                    03:5f:2e:e3:a3:0a:54:53:f2:e6:d0:80:eb:3a:f5:
                    bd:bc:7f:ab:95:59:c3:e4:89:0a:39:7c:de:a0:0d:
                    62:a5:88:ff:33:ad:cb:39:e3:36:41:1e:3e:06:ba:
                    f6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A9:A8:02:75:0B:3F:78:2F:D7:A2:93:DE:62:C3:0A:B1:88:8C:A5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/74154370-9491-4273-9783-ec1927b055b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:17:1e:48:90:b8:96:22:2c:47:fa:e5:83:18:44:a0:f5:a4:
         92:af:d7:41:e2:0f:69:28:5d:04:7b:2c:b4:58:1d:c4:d5:61:
         37:3b:78:37:be:45:f4:6b:ec:65:0e:9c:2b:26:f1:e7:63:5c:
         fa:1b:19:f1:23:11:bb:e5:40:7b:f1:b1:8d:0f:a6:cb:6a:40:
         6d:84:1d:5f:f9:f5:c3:e1:11:9c:d6:ae:6b:9f:34:3f:02:a9:
         2e:32:db:d5:d2:36:48:1d:ac:7f:93:20:5b:ca:6e:01:2d:39:
         32:ea:93:8d:d7:96:4e:64:84:2f:0a:ab:c9:18:9a:7a:7a:c8:
         64:bd:72:1b:a1:52:b7:e7:8a:c4:9f:08:2f:ae:9e:22:c9:50:
         7e:51:ac:2b:d3:e9:38:3c:28:40:b4:48:d7:04:8b:66:b6:11:
         97:4f:bc:b2:b1:c0:e5:4e:1c:9b:0f:e6:73:22:e0:73:ad:76:
         08:ed:fb:09:a0:b9:6b:56:12:e5:46:b5:33:6c:7d:a9:fa:cd:
         83:2a:18:c5:4f:5e:28:9d:2b:d8:3f:27:3b:e5:25:a3:38:17:
         b9:8e:7a:ab:cd:4c:4e:40:fa:ea:be:c2:ad:76:12:b2:bb:dd:
         6f:a1:fe:de:05:8b:78:ee:7e:d9:34:5d:c3:2e:84:9b:9b:a7:
         24:aa:cf:6b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEblu6B2AvRsVOA3yL2Qf/UI7TVgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjAyMDAwMDAwWhcNMjIxMjA1MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzk3M2E5YWJkNTgxYWYxNTdlNDY1ZjY1OTExNWIzNGJk
MWZmZTU1YjRhNWRiMzc4YTNkZDU5NDAzNjhkNjM0MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMEWMqi7B1zlQ7riVg6s7Z1tN9sF7ok/b1cq16BFBNvX7qmLASan
VuP0bviLYROd+8Y8Cyxg7EGKyDlpy3SML3g2RzLKiYOjzt46Vp1Gay1N5DWvQ/kZ
rzo8RBfYpvW80GR2GomagUeOmiEZzT+URNrT3rrQ9fd+1zgTgSYRONHFEqLFuOzX
3Gk4EkyY7u7Iz1r5q/SDSKS+nbsTkMhYbOtDGvqboZMU+DFwiqDd3pCiP46sqLQr
PHNEdnHu7wa53XKGcuhnYjffEiLMUT7mawTiA18u46MKVFPy5tCA6zr1vbx/q5VZ
w+SJCjl83qANYqWI/zOtyznjNkEePga69hkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRRqagCdQs/eC/XopPeYsMKsYiMpTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzQxNTQzNzAtOTQ5MS00MjczLTk3ODMtZWMxOTI3YjA1NWIwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF4XHkiQuJYiLEf6
5YMYRKD1pJKv10HiD2koXQR7LLRYHcTVYTc7eDe+RfRr7GUOnCsm8edjXPobGfEj
EbvlQHvxsY0PpstqQG2EHV/59cPhEZzWrmufND8CqS4y29XSNkgdrH+TIFvKbgEt
OTLqk43Xlk5khC8Kq8kYmnp6yGS9chuhUrfnisSfCC+uniLJUH5RrCvT6Tg8KEC0
SNcEi2a2EZdPvLKxwOVOHJsP5nMi4HOtdgjt+wmguWtWEuVGtTNsfan6zYMqGMVP
XiidK9g/JzvlJaM4F7mOeqvNTE5A+uq+wq12ErK73W+h/t4Fi3juftk0XcMuhJub
pySqz2s=
-----END CERTIFICATE-----