Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/856aa5ea-5fd6-4654-912f-d2bf51930a91.roa
File:                     856aa5ea-5fd6-4654-912f-d2bf51930a91.roa (raw, json)
Hash identifier:          d6xihbt3ibblBsxhEddT1X3DQZt8vgGcOGhb2EzfG40=
Subject key identifier:   BE:F3:BC:2A:D4:EA:CA:63:62:C4:FF:B7:85:FB:7B:53:ED:46:57:3F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1D81B1BCD960B721CF45B8B78F5181E97A98FA43
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/856aa5ea-5fd6-4654-912f-d2bf51930a91.roa
Signing time:             Thu 14 Jul 2022 00:00:00 +0000
ROA not before:           Thu 14 Jul 2022 00:00:00 +0000
ROA not after:            Sun 17 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:81:b1:bc:d9:60:b7:21:cf:45:b8:b7:8f:51:81:e9:7a:98:fa:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 14 00:00:00 2022 GMT
            Not After : Jul 17 23:59:59 2022 GMT
        Subject: serialNumber=446c134bc1a5471be896ad86aab049b058db7d7ee7b202388967574bf8bea64e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8a:87:11:6b:32:5d:0d:66:db:7c:81:c8:bb:
                    33:7f:0a:f3:94:97:0b:ba:23:05:b2:df:dd:cd:2f:
                    38:9a:d0:dc:e6:59:52:ab:5a:72:d0:bd:44:c1:0d:
                    92:b5:1a:c1:5b:c4:62:73:16:65:3a:a2:5d:9f:22:
                    58:6c:c9:a4:e3:47:2c:61:11:7d:36:1f:f7:09:d5:
                    0a:5d:f2:34:82:7b:f9:be:fc:e7:6b:4d:07:d3:ac:
                    da:d3:10:bf:24:11:77:e1:72:f2:91:05:86:a0:b8:
                    22:c6:d5:66:c8:f6:76:13:c7:ab:84:d0:c2:5a:2b:
                    67:7b:12:08:42:78:38:41:20:e4:24:31:66:2d:74:
                    75:e3:5f:d7:fe:ae:e9:95:16:7a:56:87:03:47:cd:
                    2f:1d:4c:90:8b:6e:ad:1e:d6:08:3f:5b:e6:c0:ca:
                    b8:52:a8:41:12:b5:31:43:62:b1:68:ad:bc:8d:75:
                    e9:e0:e0:4b:24:b6:6b:a1:db:54:7c:e4:2e:9d:58:
                    a7:f8:26:30:82:a6:4d:7f:26:cb:3c:e3:6c:e3:f9:
                    06:f2:70:7c:ac:43:92:1c:b5:33:7d:e7:42:58:a6:
                    2e:dc:1d:cb:d3:10:89:de:82:5d:dd:dc:bc:4f:58:
                    6a:2a:ad:d2:0e:dd:0e:e2:7c:de:bd:b8:f1:83:30:
                    7a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:F3:BC:2A:D4:EA:CA:63:62:C4:FF:B7:85:FB:7B:53:ED:46:57:3F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/856aa5ea-5fd6-4654-912f-d2bf51930a91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:22:66:c6:f9:3f:52:d9:1e:a2:75:22:04:eb:02:d7:37:2d:
         34:5b:ee:ce:bb:65:65:28:c1:38:e4:20:b6:51:1d:a4:80:0a:
         2c:ab:c4:f9:94:e1:db:d2:4e:92:8f:14:83:0e:31:e9:73:38:
         ed:40:5c:65:c9:46:28:b4:ae:4b:23:91:24:3d:c5:27:d4:e2:
         5a:12:c8:1d:ca:ad:31:d3:0a:58:53:25:e7:6e:4b:8b:09:81:
         04:e3:64:18:e1:6e:7e:a3:36:71:73:ec:15:0d:f3:9a:71:67:
         c0:31:e9:41:c5:f7:4a:74:e9:71:a7:ad:ef:46:3e:f4:00:19:
         66:21:dd:71:3f:67:60:c5:81:38:ff:10:0b:2c:e1:62:48:fc:
         cd:34:00:d4:c3:d2:5f:4f:65:19:1d:d4:1d:2a:03:d5:ea:bd:
         69:e2:fd:d8:1b:53:05:00:d5:38:bc:40:df:28:f8:79:b8:31:
         b8:1c:1d:97:2b:29:a7:56:66:46:6c:e5:43:96:28:d4:e5:57:
         c3:d8:57:e2:8d:dc:54:bc:db:39:e2:96:14:6f:23:85:47:41:
         38:24:4c:bd:ca:b7:5e:30:7d:85:5a:e3:5e:e5:da:32:8a:ff:
         01:69:95:3b:50:c4:5d:66:5a:80:9b:8c:dc:bc:b4:ad:49:a6:
         a1:8b:7c:a6
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHYGxvNlgtyHPRbi3j1GB6XqY+kMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzE0MDAwMDAwWhcNMjIwNzE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDQ2YzEzNGJjMWE1NDcxYmU4OTZhZDg2YWFiMDQ5YjA1
OGRiN2Q3ZWU3YjIwMjM4ODk2NzU3NGJmOGJlYTY0ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKuKhxFrMl0NZtt8gci7M38K85SXC7ojBbLf3c0vOJrQ3OZZUqta
ctC9RMENkrUawVvEYnMWZTqiXZ8iWGzJpONHLGERfTYf9wnVCl3yNIJ7+b7852tN
B9Os2tMQvyQRd+Fy8pEFhqC4IsbVZsj2dhPHq4TQwlorZ3sSCEJ4OEEg5CQxZi10
deNf1/6u6ZUWelaHA0fNLx1MkIturR7WCD9b5sDKuFKoQRK1MUNisWitvI116eDg
SyS2a6HbVHzkLp1Yp/gmMIKmTX8myzzjbOP5BvJwfKxDkhy1M33nQlimLtwdy9MQ
id6CXd3cvE9Yaiqt0g7dDuJ83r248YMweocCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS+87wq1OrKY2LE/7eF+3tT7UZXPzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODU2YWE1ZWEtNWZkNi00NjU0LTkxMmYtZDJiZjUxOTMwYTkxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABEiZsb5P1LZHqJ1
IgTrAtc3LTRb7s67ZWUowTjkILZRHaSACiyrxPmU4dvSTpKPFIMOMelzOO1AXGXJ
Rii0rksjkSQ9xSfU4loSyB3KrTHTClhTJeduS4sJgQTjZBjhbn6jNnFz7BUN85px
Z8Ax6UHF90p06XGnre9GPvQAGWYh3XE/Z2DFgTj/EAss4WJI/M00ANTD0l9PZRkd
1B0qA9XqvWni/dgbUwUA1Ti8QN8o+Hm4MbgcHZcrKadWZkZs5UOWKNTlV8PYV+KN
3FS82znilhRvI4VHQTgkTL3Kt14wfYVa417l2jKK/wFplTtQxF1mWoCbjNy8tK1J
pqGLfKY=
-----END CERTIFICATE-----