Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/86630df7-b80f-4f2f-9aa5-28337e79ecfd.roa
File:                     86630df7-b80f-4f2f-9aa5-28337e79ecfd.roa (raw, json)
Hash identifier:          Ola7LRl4vCjNmLsfVDS0/m5QY0n7nXGVOOAnqarqlSI=
Subject key identifier:   2E:F1:91:62:88:A4:87:AD:C5:1E:1A:55:21:96:C0:29:5F:75:C1:B8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       39AA99635DC82E495CE11EDBBECB2E03F56ADB13
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/86630df7-b80f-4f2f-9aa5-28337e79ecfd.roa
Signing time:             Wed 24 Aug 2022 00:00:00 +0000
ROA not before:           Wed 24 Aug 2022 00:00:00 +0000
ROA not after:            Sat 27 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:aa:99:63:5d:c8:2e:49:5c:e1:1e:db:be:cb:2e:03:f5:6a:db:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 24 00:00:00 2022 GMT
            Not After : Aug 27 23:59:59 2022 GMT
        Subject: serialNumber=48f6a9d4f75bb1e238c40017687c056f2e72766de0152ae04d9471b8482202c8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ad:ef:d8:b8:1e:22:8b:98:e2:53:0f:b4:91:
                    9b:62:42:3f:e8:44:d3:5c:bd:db:67:c1:28:b2:99:
                    82:cd:fb:99:c0:d6:69:3a:ba:12:b3:77:c3:71:5a:
                    a6:4f:3a:3d:43:9f:b8:2e:4f:67:4e:d6:ba:ff:49:
                    5d:09:97:2e:5a:6f:7f:20:ef:53:dc:b6:33:e9:e2:
                    cf:b9:32:26:58:05:f9:c2:2f:c8:23:90:95:71:f1:
                    ba:67:61:eb:57:b1:3a:3c:75:26:f9:57:02:5c:85:
                    f9:7d:3d:ae:9f:cf:1a:cf:1f:4e:b2:85:ff:65:ec:
                    b0:b7:ef:be:a4:8e:bb:52:ee:73:42:ff:8b:50:49:
                    0d:47:1b:cb:bf:ca:38:40:40:6f:ae:26:2d:c9:fe:
                    86:9d:c5:5a:c1:da:7c:4b:95:aa:e2:b7:2d:87:5b:
                    16:2a:e3:c2:d9:9f:ee:37:0e:30:d8:4c:ef:86:33:
                    33:d6:db:11:60:6c:0c:0a:5f:b3:ef:ec:c4:0e:28:
                    b2:41:8c:40:96:08:cc:05:4e:c8:71:ab:97:bd:2c:
                    56:2a:38:73:f6:47:b1:5b:03:da:98:ce:2d:cb:84:
                    a0:df:17:75:12:cd:2f:27:d6:e0:3c:42:a3:79:e2:
                    1d:c7:50:c7:50:c2:ce:3c:c3:61:c4:34:ad:9d:5c:
                    94:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:F1:91:62:88:A4:87:AD:C5:1E:1A:55:21:96:C0:29:5F:75:C1:B8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/86630df7-b80f-4f2f-9aa5-28337e79ecfd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:d6:e7:f8:ed:f6:cc:f9:39:3b:25:2b:31:02:b9:27:a3:ae:
         c0:4d:02:09:0b:a4:b4:43:53:db:b5:9d:f6:28:33:0e:0e:23:
         2c:65:59:76:b6:93:b4:0c:0b:1e:4c:b4:5f:e5:84:c8:06:30:
         02:e9:98:ec:7a:76:85:74:0c:16:5d:7e:f8:5f:e7:32:3d:44:
         bf:f0:28:69:d7:4c:f5:a5:1d:10:f5:0b:6c:28:2c:76:ed:94:
         51:53:46:25:db:0d:79:6c:32:4f:32:f2:b1:e1:a2:b9:b7:69:
         34:11:7d:5b:5c:22:b2:5b:e3:71:08:3a:dd:7d:be:82:d1:68:
         7a:83:f9:3d:5a:6c:36:9b:60:b9:60:d3:8d:46:15:cb:a5:9f:
         d4:b2:50:94:9c:60:8b:2b:6e:b5:72:9b:4d:59:92:5d:8e:61:
         f8:43:b4:64:86:c8:ff:78:95:55:ba:23:b8:19:0a:0d:e9:6f:
         fe:3f:d1:a1:9b:c0:92:22:83:42:74:d9:4b:f3:66:b5:66:3b:
         8c:ef:a3:30:af:9d:7f:e9:9e:97:33:34:3e:56:86:64:0a:3f:
         02:3e:38:a3:a4:63:45:a2:1c:82:31:47:91:40:28:5b:86:2d:
         1f:b7:ca:17:d4:05:e0:a1:d0:96:af:af:4c:f4:a4:60:ff:1b:
         09:c1:da:48
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUOaqZY13ILklc4R7bvssuA/Vq2xMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODI0MDAwMDAwWhcNMjIwODI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDhmNmE5ZDRmNzViYjFlMjM4YzQwMDE3Njg3YzA1NmYy
ZTcyNzY2ZGUwMTUyYWUwNGQ5NDcxYjg0ODIyMDJjODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJSt79i4HiKLmOJTD7SRm2JCP+hE01y922fBKLKZgs37mcDWaTq6
ErN3w3Fapk86PUOfuC5PZ07Wuv9JXQmXLlpvfyDvU9y2M+niz7kyJlgF+cIvyCOQ
lXHxumdh61exOjx1JvlXAlyF+X09rp/PGs8fTrKF/2XssLfvvqSOu1Luc0L/i1BJ
DUcby7/KOEBAb64mLcn+hp3FWsHafEuVquK3LYdbFirjwtmf7jcOMNhM74YzM9bb
EWBsDApfs+/sxA4oskGMQJYIzAVOyHGrl70sVio4c/ZHsVsD2pjOLcuEoN8XdRLN
LyfW4DxCo3niHcdQx1DCzjzDYcQ0rZ1clL0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQu8ZFiiKSHrcUeGlUhlsApX3XBuDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODY2MzBkZjctYjgwZi00ZjJmLTlhYTUtMjgzMzdlNzllY2ZkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFnW5/jt9sz5OTsl
KzECuSejrsBNAgkLpLRDU9u1nfYoMw4OIyxlWXa2k7QMCx5MtF/lhMgGMALpmOx6
doV0DBZdfvhf5zI9RL/wKGnXTPWlHRD1C2woLHbtlFFTRiXbDXlsMk8y8rHhorm3
aTQRfVtcIrJb43EIOt19voLRaHqD+T1abDabYLlg041GFculn9SyUJScYIsrbrVy
m01Zkl2OYfhDtGSGyP94lVW6I7gZCg3pb/4/0aGbwJIig0J02UvzZrVmO4zvozCv
nX/pnpczND5WhmQKPwI+OKOkY0WiHIIxR5FAKFuGLR+3yhfUBeCh0Javr0z0pGD/
GwnB2kg=
-----END CERTIFICATE-----