Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/86c765c0-e4a1-494b-b9e0-747786ee49c1.roa
File:                     86c765c0-e4a1-494b-b9e0-747786ee49c1.roa (raw, json)
Hash identifier:          iifeUpAIK8TSrlmC1qCnaFLgAzcW522m5942u0R0yEs=
Subject key identifier:   AF:85:08:2A:55:F9:75:95:48:E0:C5:86:6D:CB:4F:BD:32:F7:40:5B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       51E5150B4B6CDCEA435158A0DD4F74D37F592A12
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/86c765c0-e4a1-494b-b9e0-747786ee49c1.roa
Signing time:             Sun 11 Sep 2022 00:00:00 +0000
ROA not before:           Sun 11 Sep 2022 00:00:00 +0000
ROA not after:            Wed 14 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:e5:15:0b:4b:6c:dc:ea:43:51:58:a0:dd:4f:74:d3:7f:59:2a:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 11 00:00:00 2022 GMT
            Not After : Sep 14 23:59:59 2022 GMT
        Subject: serialNumber=19fef8e8b593f5f9562b9bfe0169dbdb87177541f849e593ea4690660de99a66, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f6:e3:bd:50:ef:ae:df:d7:49:7e:a0:98:d7:
                    6a:5e:9a:91:47:98:c2:ee:ea:5d:39:54:d3:1a:be:
                    e9:9b:fa:1c:82:3d:fa:3d:24:3e:4b:b6:e4:bc:17:
                    67:1d:56:bf:fe:61:c2:2b:ad:30:44:30:e4:cf:76:
                    72:8e:69:cb:d6:e3:d0:41:7d:67:0d:33:9e:77:0b:
                    61:7a:a5:40:d1:38:ed:a7:77:d4:d0:0c:02:20:be:
                    bf:6e:f4:31:96:90:3b:f9:87:cd:66:84:bc:e8:e1:
                    65:83:ee:74:4b:a2:f4:dc:2b:e6:6a:7d:4a:c2:d8:
                    f9:b1:b3:44:e2:da:79:28:66:cb:ae:6a:30:3d:06:
                    a7:6e:16:2a:99:39:d7:45:2e:1b:e1:83:b5:fd:f0:
                    af:8f:2d:57:3d:dd:91:85:4f:a6:7b:f2:99:39:22:
                    16:ab:1c:4e:b9:32:82:99:80:f0:15:de:bb:f0:6f:
                    0d:57:fd:ce:54:29:88:c8:ab:d4:ea:6c:4f:ad:08:
                    d8:1f:88:29:07:8b:5d:7d:54:30:3a:c4:b1:d3:a8:
                    d6:06:53:c4:eb:0b:04:17:cd:95:36:4d:3c:4e:67:
                    a2:16:e7:75:db:77:61:d1:66:3c:32:67:5d:d7:5f:
                    c2:f9:4f:fd:14:eb:98:8b:1b:de:ce:94:01:34:bc:
                    6b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:85:08:2A:55:F9:75:95:48:E0:C5:86:6D:CB:4F:BD:32:F7:40:5B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/86c765c0-e4a1-494b-b9e0-747786ee49c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:96:9a:64:e0:9c:58:d2:5f:06:98:1a:32:ff:2c:cc:5d:30:
         c4:31:da:0a:32:cd:11:11:d4:a6:b9:41:bf:92:fd:48:a1:e7:
         59:8f:2e:db:8a:a6:91:11:c0:e0:99:5a:67:d7:43:9e:26:77:
         28:44:6e:5b:d1:7b:c8:29:d9:77:49:a6:0d:3b:ee:35:6c:69:
         e7:6b:6a:42:ff:10:74:b5:c7:37:6e:5b:07:5f:01:68:65:7d:
         c7:e9:45:79:b7:8d:8a:d9:34:a9:3a:34:50:61:08:b5:ed:dc:
         b1:d7:7d:0c:98:10:f8:82:25:11:a0:15:ab:d5:b6:30:c3:3b:
         2e:17:6b:d1:52:5d:5c:cb:9f:e9:88:50:1e:d3:cb:1a:15:af:
         d6:55:b4:0e:4b:97:e0:f9:d0:36:18:fa:c3:d2:06:1d:ee:f8:
         7f:88:2f:32:a4:ec:75:56:7f:a6:20:24:f8:06:95:a4:0f:2c:
         bc:5d:e1:68:10:22:cc:76:d7:8f:47:2a:bf:b9:8e:9b:d5:9a:
         96:61:93:29:f2:48:da:ce:e6:6b:a2:d2:ba:41:c8:a4:36:18:
         c2:87:7c:bc:21:90:54:5f:81:bc:49:8b:f8:e8:fc:37:d1:30:
         84:47:90:00:31:c8:76:a4:5e:85:bd:99:99:7d:58:e6:af:60:
         58:53:35:b9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUeUVC0ts3OpDUVig3U90039ZKhIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTExMDAwMDAwWhcNMjIwOTE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTlmZWY4ZThiNTkzZjVmOTU2MmI5YmZlMDE2OWRiZGI4
NzE3NzU0MWY4NDllNTkzZWE0NjkwNjYwZGU5OWE2NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAML2471Q767f10l+oJjXal6akUeYwu7qXTlU0xq+6Zv6HII9+j0k
Pku25LwXZx1Wv/5hwiutMEQw5M92co5py9bj0EF9Zw0znncLYXqlQNE47ad31NAM
AiC+v270MZaQO/mHzWaEvOjhZYPudEui9Nwr5mp9SsLY+bGzROLaeShmy65qMD0G
p24WKpk510UuG+GDtf3wr48tVz3dkYVPpnvymTkiFqscTrkygpmA8BXeu/BvDVf9
zlQpiMir1OpsT60I2B+IKQeLXX1UMDrEsdOo1gZTxOsLBBfNlTZNPE5nohbnddt3
YdFmPDJnXddfwvlP/RTrmIsb3s6UATS8a/UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSvhQgqVfl1lUjgxYZty0+9MvdAWzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODZjNzY1YzAtZTRhMS00OTRiLWI5ZTAtNzQ3Nzg2ZWU0OWMxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMGWmmTgnFjSXwaY
GjL/LMxdMMQx2goyzRER1Ka5Qb+S/Uih51mPLtuKppERwOCZWmfXQ54mdyhEblvR
e8gp2XdJpg077jVsaedrakL/EHS1xzduWwdfAWhlfcfpRXm3jYrZNKk6NFBhCLXt
3LHXfQyYEPiCJRGgFavVtjDDOy4Xa9FSXVzLn+mIUB7TyxoVr9ZVtA5Ll+D50DYY
+sPSBh3u+H+ILzKk7HVWf6YgJPgGlaQPLLxd4WgQIsx2149HKr+5jpvVmpZhkyny
SNrO5mui0rpByKQ2GMKHfLwhkFRfgbxJi/jo/DfRMIRHkAAxyHakXoW9mZl9WOav
YFhTNbk=
-----END CERTIFICATE-----