Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/81d32aa9-8b65-428c-a4d4-bef077bc62d6.roa
File:                     81d32aa9-8b65-428c-a4d4-bef077bc62d6.roa (raw, json)
Hash identifier:          gJUEg1J6nFB2gTB/PSaYq6roG8h+SzVBiMoymPT2QaI=
Subject key identifier:   CD:78:E2:1D:98:9D:6B:8A:44:86:7D:A7:33:12:75:5A:32:6B:F7:B1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       18AB76E1F6223E81DFA9A5227B75EE3B906E0443
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/81d32aa9-8b65-428c-a4d4-bef077bc62d6.roa
Signing time:             Thu 08 Dec 2022 00:00:00 +0000
ROA not before:           Thu 08 Dec 2022 00:00:00 +0000
ROA not after:            Sun 11 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ab:76:e1:f6:22:3e:81:df:a9:a5:22:7b:75:ee:3b:90:6e:04:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  8 00:00:00 2022 GMT
            Not After : Dec 11 23:59:59 2022 GMT
        Subject: serialNumber=ffbceeae7026cb4d45e798473c766020ee1ab26032cabf7dfbfb27ec28d884e6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6a:3f:95:c9:cc:e7:91:0d:20:d3:e8:2d:3b:
                    8f:2e:27:16:7b:63:95:a5:d6:4a:c2:28:6f:f0:f0:
                    bb:04:ab:0b:2b:89:57:41:33:51:db:d1:bb:07:f4:
                    a7:bf:89:96:a4:e8:62:a7:23:03:d0:c4:30:a1:9c:
                    92:73:01:d6:ce:5b:71:19:3b:9b:39:b5:12:8c:ba:
                    9d:cb:e3:f6:ea:68:51:86:32:af:c3:43:dc:2e:95:
                    5c:a4:f3:0c:83:f4:30:c3:71:df:69:b4:cd:d3:6f:
                    35:51:a9:45:e8:91:ef:af:69:6b:eb:ff:9d:c4:5b:
                    b8:af:b1:04:af:97:a3:0c:47:f0:7e:bb:b0:f2:3c:
                    ff:d9:4a:7a:28:e4:fb:e6:b6:22:d7:ea:9c:b9:2a:
                    15:b7:a0:ff:35:ef:89:8d:4b:92:cc:04:54:dd:10:
                    24:d8:c0:cb:b5:34:e0:69:3b:5c:ba:cd:0f:7c:6a:
                    c9:32:9d:49:1a:ef:4a:92:30:0d:ba:20:02:35:95:
                    c4:c4:4c:14:1d:ca:b5:7d:b1:b7:b0:fc:89:06:b2:
                    6b:06:eb:ad:6d:39:40:a9:7a:22:83:82:81:75:9d:
                    85:0d:f9:55:56:bc:28:81:78:1c:52:0f:1a:ae:a8:
                    19:4a:35:79:77:4a:32:5d:d2:64:25:de:68:45:a1:
                    66:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:78:E2:1D:98:9D:6B:8A:44:86:7D:A7:33:12:75:5A:32:6B:F7:B1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/81d32aa9-8b65-428c-a4d4-bef077bc62d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:58:a1:2f:1f:be:08:eb:2b:67:b7:5a:0f:10:b9:44:ab:10:
         fb:aa:ae:42:03:92:97:47:9d:5c:5c:37:12:fe:a2:53:61:7c:
         ce:c1:ab:13:30:5b:2c:43:b5:b3:cb:e4:21:d2:83:48:e3:c2:
         d1:14:ad:bb:05:60:0c:40:79:08:8a:a4:8e:b7:70:a9:8a:8b:
         10:71:b5:bb:eb:f0:dc:10:ed:e9:2d:c1:b4:1f:21:92:52:4d:
         d4:b9:2f:79:4e:65:cf:e8:b5:a8:92:a9:10:d5:17:26:87:cb:
         dd:b2:9b:ce:89:cc:d0:01:d5:d4:f4:e7:16:6e:96:64:5d:29:
         a8:ae:bb:ee:7f:ac:5c:ea:6e:15:54:5d:87:f2:25:d0:a6:6e:
         81:f7:d4:45:ee:ca:19:47:bc:82:e8:8a:99:1a:e4:36:82:f3:
         7e:82:83:c4:d4:b2:9c:55:94:9f:9e:0a:fc:82:66:97:6f:2c:
         5a:9c:38:e7:27:8c:b0:3c:b5:00:a9:c0:c0:a7:4c:2f:cb:34:
         53:f2:74:12:ae:5f:f7:1d:55:2c:a7:89:d1:f8:f9:8d:f6:f4:
         ae:ac:4d:ff:95:92:dd:80:63:de:6d:9e:ae:20:7e:5a:d1:b4:
         d7:b3:ba:3e:25:5d:79:7d:80:71:63:ea:ba:5d:fc:94:38:23:
         91:dc:9b:5e
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGKt24fYiPoHfqaUie3XuO5BuBEMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjA4MDAwMDAwWhcNMjIxMjExMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmZiY2VlYWU3MDI2Y2I0ZDQ1ZTc5ODQ3M2M3NjYwMjBl
ZTFhYjI2MDMyY2FiZjdkZmJmYjI3ZWMyOGQ4ODRlNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKhqP5XJzOeRDSDT6C07jy4nFntjlaXWSsIob/DwuwSrCyuJV0Ez
UdvRuwf0p7+JlqToYqcjA9DEMKGcknMB1s5bcRk7mzm1Eoy6ncvj9upoUYYyr8ND
3C6VXKTzDIP0MMNx32m0zdNvNVGpReiR769pa+v/ncRbuK+xBK+XowxH8H67sPI8
/9lKeijk++a2ItfqnLkqFbeg/zXviY1LkswEVN0QJNjAy7U04Gk7XLrND3xqyTKd
SRrvSpIwDbogAjWVxMRMFB3KtX2xt7D8iQayawbrrW05QKl6IoOCgXWdhQ35VVa8
KIF4HFIPGq6oGUo1eXdKMl3SZCXeaEWhZkkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTNeOIdmJ1rikSGfaczEnVaMmv3sTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODFkMzJhYTktOGI2NS00MjhjLWE0ZDQtYmVmMDc3YmM2MmQ2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACRYoS8fvgjrK2e3
Wg8QuUSrEPuqrkIDkpdHnVxcNxL+olNhfM7BqxMwWyxDtbPL5CHSg0jjwtEUrbsF
YAxAeQiKpI63cKmKixBxtbvr8NwQ7ektwbQfIZJSTdS5L3lOZc/otaiSqRDVFyaH
y92ym86JzNAB1dT05xZulmRdKaiuu+5/rFzqbhVUXYfyJdCmboH31EXuyhlHvILo
ipka5DaC836Cg8TUspxVlJ+eCvyCZpdvLFqcOOcnjLA8tQCpwMCnTC/LNFPydBKu
X/cdVSynidH4+Y329K6sTf+Vkt2AY95tnq4gflrRtNezuj4lXXl9gHFj6rpd/JQ4
I5Hcm14=
-----END CERTIFICATE-----