Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/79669d13-5735-480a-b341-b65abc134bc3.roa
File:                     79669d13-5735-480a-b341-b65abc134bc3.roa (raw, json)
Hash identifier:          46nrwHJNlETswSJDnENZ6DmpW2wyuvPVkz9bRbjLeXU=
Subject key identifier:   BF:F7:8F:FF:05:5F:C9:05:01:BA:6D:C3:75:6A:16:1C:FF:60:3E:FB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6D7865643C89DB7DE0693880CAAFDBE3129EA826
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/79669d13-5735-480a-b341-b65abc134bc3.roa
Signing time:             Sun 24 Jul 2022 00:00:00 +0000
ROA not before:           Sun 24 Jul 2022 00:00:00 +0000
ROA not after:            Wed 27 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:78:65:64:3c:89:db:7d:e0:69:38:80:ca:af:db:e3:12:9e:a8:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 24 00:00:00 2022 GMT
            Not After : Jul 27 23:59:59 2022 GMT
        Subject: serialNumber=743994303c207d67c015c6db626734625344072411cabbf68e14c64f4dae794d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5d:ff:4a:1d:05:f8:06:0b:cd:3b:64:f8:40:
                    c0:0d:e0:19:9c:81:e0:49:95:c1:aa:ac:ef:dd:6c:
                    88:4c:18:db:26:91:20:4a:e6:c0:73:b4:22:7a:27:
                    e5:24:32:58:85:2d:44:cb:80:75:c2:16:b2:df:05:
                    79:1c:07:62:22:02:c6:e3:7e:8a:59:18:74:19:b4:
                    3f:db:a4:39:59:5b:17:cd:0c:74:a5:26:b0:c3:fc:
                    c1:f4:8f:14:37:fa:a3:f2:ba:b9:eb:07:56:ef:73:
                    0d:35:b7:a3:e2:eb:60:c8:07:0e:db:71:eb:66:95:
                    1f:fd:7a:57:ba:96:2d:5d:5c:c7:50:91:6c:3f:ce:
                    12:70:9d:61:5a:92:a9:69:16:37:34:91:23:2b:0c:
                    4e:85:77:63:0a:12:02:9f:5a:6f:a0:e0:72:c3:4f:
                    31:71:77:e2:f4:e8:f1:e6:eb:65:e7:54:03:cb:8f:
                    82:d7:7a:ba:55:10:6f:f2:4b:48:2b:53:29:31:49:
                    20:c8:0f:b1:e8:9c:20:c5:d0:9c:53:71:1b:f5:6f:
                    9e:ad:69:f8:ab:2e:6e:8d:db:9e:d6:54:86:2b:25:
                    da:dd:3a:9d:fa:d9:4d:31:c2:a0:d3:2d:89:52:51:
                    84:48:fc:0f:06:9e:75:6c:98:21:5c:66:42:aa:f2:
                    af:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:F7:8F:FF:05:5F:C9:05:01:BA:6D:C3:75:6A:16:1C:FF:60:3E:FB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/79669d13-5735-480a-b341-b65abc134bc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:a9:f2:87:0e:12:65:3f:ae:ab:24:04:16:91:3e:cf:6c:b5:
         89:67:bf:fa:b1:ef:4e:79:74:d2:4b:bd:f3:fa:c4:fa:ab:f8:
         f2:d7:85:87:3a:68:b7:7d:04:1b:a0:2e:54:43:f0:da:28:17:
         d7:83:b2:3b:11:7a:de:7f:2f:6d:c8:cb:86:29:01:74:b0:86:
         22:be:dc:a8:41:2c:0a:f0:72:9b:b8:75:68:4d:4c:c2:b3:13:
         22:ed:16:82:ae:a0:1e:7e:4c:22:8a:60:95:a5:2a:a4:4e:7c:
         0f:78:b5:ee:95:bc:f9:2c:2b:89:df:0c:ff:3b:23:00:c9:75:
         42:2d:4c:2d:85:da:b1:03:47:6b:d0:dd:5a:10:75:c9:31:0b:
         ad:5d:65:f4:44:40:1e:42:e9:c2:30:be:2a:92:12:0e:5b:6b:
         b9:07:34:33:d4:d1:aa:3c:23:cc:9f:59:5c:0a:e3:05:cb:ea:
         1d:7b:f3:e8:bb:b9:3c:04:06:a6:19:38:8f:52:74:4e:d5:2f:
         b7:c4:ad:b3:3e:68:e1:ba:38:86:6c:a9:04:34:c3:3c:69:2b:
         51:77:e1:40:1c:e1:f2:5f:13:25:44:d8:10:08:15:f8:93:21:
         15:72:f0:7a:1d:65:8f:e7:64:16:ee:f9:b3:43:fd:ec:ba:f4:
         4b:e7:bf:27
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbXhlZDyJ233gaTiAyq/b4xKeqCYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzI0MDAwMDAwWhcNMjIwNzI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzQzOTk0MzAzYzIwN2Q2N2MwMTVjNmRiNjI2NzM0NjI1
MzQ0MDcyNDExY2FiYmY2OGUxNGM2NGY0ZGFlNzk0ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKBd/0odBfgGC807ZPhAwA3gGZyB4EmVwaqs791siEwY2yaRIErm
wHO0Inon5SQyWIUtRMuAdcIWst8FeRwHYiICxuN+ilkYdBm0P9ukOVlbF80MdKUm
sMP8wfSPFDf6o/K6uesHVu9zDTW3o+LrYMgHDttx62aVH/16V7qWLV1cx1CRbD/O
EnCdYVqSqWkWNzSRIysMToV3YwoSAp9ab6DgcsNPMXF34vTo8ebrZedUA8uPgtd6
ulUQb/JLSCtTKTFJIMgPseicIMXQnFNxG/Vvnq1p+Ksubo3bntZUhisl2t06nfrZ
TTHCoNMtiVJRhEj8DwaedWyYIVxmQqryrxECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS/94//BV/JBQG6bcN1ahYc/2A++zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzk2NjlkMTMtNTczNS00ODBhLWIzNDEtYjY1YWJjMTM0YmMzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFqp8ocOEmU/rqsk
BBaRPs9stYlnv/qx7055dNJLvfP6xPqr+PLXhYc6aLd9BBugLlRD8NooF9eDsjsR
et5/L23Iy4YpAXSwhiK+3KhBLArwcpu4dWhNTMKzEyLtFoKuoB5+TCKKYJWlKqRO
fA94te6VvPksK4nfDP87IwDJdUItTC2F2rEDR2vQ3VoQdckxC61dZfREQB5C6cIw
viqSEg5ba7kHNDPU0ao8I8yfWVwK4wXL6h178+i7uTwEBqYZOI9SdE7VL7fErbM+
aOG6OIZsqQQ0wzxpK1F34UAc4fJfEyVE2BAIFfiTIRVy8HodZY/nZBbu+bND/ey6
9Evnvyc=
-----END CERTIFICATE-----