Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/763ee2ba-7c81-4d67-8d12-bb758b95d985.roa
File:                     763ee2ba-7c81-4d67-8d12-bb758b95d985.roa (raw, json)
Hash identifier:          aCpBOkiiHR4drVjegI1f2BJemb0MdRVFqNTnstO1lvY=
Subject key identifier:   BC:CC:A4:54:FE:2B:EA:F5:BD:DD:8B:E7:10:78:19:D3:40:54:F7:47
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       144AA36C75406177E04A65DB06C8B27D94738D99
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/763ee2ba-7c81-4d67-8d12-bb758b95d985.roa
Signing time:             Sun 25 Dec 2022 00:00:00 +0000
ROA not before:           Sun 25 Dec 2022 00:00:00 +0000
ROA not after:            Wed 28 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:4a:a3:6c:75:40:61:77:e0:4a:65:db:06:c8:b2:7d:94:73:8d:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 25 00:00:00 2022 GMT
            Not After : Dec 28 23:59:59 2022 GMT
        Subject: serialNumber=47d729936c0214fed9294e5a475a26d91b6aeba69c1849132f79657799779da1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:52:d9:a0:17:f9:f8:4d:79:a3:25:86:a8:27:
                    26:30:f0:55:a5:43:d8:b1:4b:1b:06:9f:8d:fe:ca:
                    5b:88:5e:43:d6:b2:c8:ff:90:3d:5d:39:6e:2c:8e:
                    08:43:5b:a6:59:f5:ca:8b:33:26:55:33:b6:98:95:
                    f6:f6:f8:45:ce:5e:df:8e:3c:d2:9d:71:8d:cf:f4:
                    e8:c6:99:12:b2:c7:41:b0:5c:f2:4d:e1:8f:82:98:
                    f8:74:0e:fd:56:22:03:f4:1f:fa:44:6d:1f:f8:e9:
                    2b:49:3f:d0:dc:6f:8b:d5:0e:79:da:11:f6:90:1a:
                    9f:08:cc:f8:27:86:8b:5d:1a:cb:e9:65:7e:4d:7f:
                    f5:66:dd:fe:33:49:dd:76:c6:6a:ff:c2:b4:6d:a9:
                    be:50:79:2d:46:80:c7:84:f5:f4:16:99:e0:45:b6:
                    4d:c9:b3:f7:e9:b3:5c:2d:a4:c6:39:79:05:5d:f3:
                    c9:21:86:dc:98:92:69:e5:3a:4e:1b:b4:8e:ce:97:
                    be:60:be:7b:0b:f9:65:ed:08:fa:b4:23:9f:8f:c0:
                    ba:31:b9:ac:73:ff:5b:c9:ff:2a:43:b7:72:2d:aa:
                    ad:b0:ba:27:3c:e7:ff:53:67:16:7a:89:31:7c:09:
                    81:9f:b4:69:8f:c7:2f:b8:ed:82:56:4e:eb:bf:4e:
                    63:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:CC:A4:54:FE:2B:EA:F5:BD:DD:8B:E7:10:78:19:D3:40:54:F7:47
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/763ee2ba-7c81-4d67-8d12-bb758b95d985.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:3c:49:4a:17:f6:93:d2:08:24:73:d7:4a:13:b6:c0:e6:60:
         ec:b9:0a:29:e8:ac:21:7d:7e:0c:f9:76:42:4a:d3:d5:8e:72:
         ea:51:22:75:3d:85:fd:d6:5f:67:a2:22:6e:d7:52:bd:05:c7:
         66:b2:e2:ca:c7:0d:d9:0a:b6:d7:89:01:1b:55:61:78:98:a9:
         45:06:b8:72:73:a9:96:ea:c3:88:8f:7b:1a:70:70:c5:94:1b:
         a0:16:57:f8:1c:34:33:57:44:16:25:04:7e:ec:62:39:64:8d:
         ce:fc:e3:9f:7d:22:61:c0:d8:17:c9:85:0a:e7:80:bd:a2:c9:
         aa:f2:46:de:51:cb:7f:c7:6b:ae:74:27:db:be:c8:a1:e3:8c:
         d0:4b:1e:af:93:c4:04:b3:af:73:2a:29:45:8b:23:c9:e3:03:
         86:0e:11:d1:6e:e3:35:3d:d0:03:ac:ee:52:0b:fe:8f:7c:ce:
         af:2d:dd:d1:8f:a2:55:9b:88:0f:02:81:24:38:52:c0:2b:14:
         dc:67:5d:bd:0c:12:a4:a1:f0:6d:e0:b6:cb:b7:b2:c3:d2:d3:
         45:3e:16:84:33:53:07:5e:51:32:16:d2:51:58:ce:65:53:75:
         43:e7:31:00:2c:28:2a:e8:2c:b9:09:57:d4:f3:46:c8:da:fa:
         9e:a0:69:8e
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUFEqjbHVAYXfgSmXbBsiyfZRzjZkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI1MDAwMDAwWhcNMjIxMjI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDdkNzI5OTM2YzAyMTRmZWQ5Mjk0ZTVhNDc1YTI2ZDkx
YjZhZWJhNjljMTg0OTEzMmY3OTY1Nzc5OTc3OWRhMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM1S2aAX+fhNeaMlhqgnJjDwVaVD2LFLGwafjf7KW4heQ9ayyP+Q
PV05biyOCENbpln1yoszJlUztpiV9vb4Rc5e34480p1xjc/06MaZErLHQbBc8k3h
j4KY+HQO/VYiA/Qf+kRtH/jpK0k/0Nxvi9UOedoR9pAanwjM+CeGi10ay+llfk1/
9Wbd/jNJ3XbGav/CtG2pvlB5LUaAx4T19BaZ4EW2Tcmz9+mzXC2kxjl5BV3zySGG
3JiSaeU6Thu0js6XvmC+ewv5Ze0I+rQjn4/AujG5rHP/W8n/KkO3ci2qrbC6Jzzn
/1NnFnqJMXwJgZ+0aY/HL7jtglZO679OY78CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS8zKRU/ivq9b3di+cQeBnTQFT3RzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzYzZWUyYmEtN2M4MS00ZDY3LThkMTItYmI3NThiOTVkOTg1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJk8SUoX9pPSCCRz
10oTtsDmYOy5CinorCF9fgz5dkJK09WOcupRInU9hf3WX2eiIm7XUr0Fx2ay4srH
DdkKtteJARtVYXiYqUUGuHJzqZbqw4iPexpwcMWUG6AWV/gcNDNXRBYlBH7sYjlk
jc784599ImHA2BfJhQrngL2iyaryRt5Ry3/Ha650J9u+yKHjjNBLHq+TxASzr3Mq
KUWLI8njA4YOEdFu4zU90AOs7lIL/o98zq8t3dGPolWbiA8CgSQ4UsArFNxnXb0M
EqSh8G3gtsu3ssPS00U+FoQzUwdeUTIW0lFYzmVTdUPnMQAsKCroLLkJV9TzRsja
+p6gaY4=
-----END CERTIFICATE-----