Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/872df365-8a54-4811-9ba2-c10eb2e733f2.roa
File:                     872df365-8a54-4811-9ba2-c10eb2e733f2.roa (raw, json)
Hash identifier:          nzkFOPdq0qAOWzJhmLFBSeKcUmfD8p42tCmWZn/SZjo=
Subject key identifier:   97:31:CC:4C:96:33:0F:1B:96:2D:0F:51:FD:98:FB:7C:F2:0E:84:71
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5571C3BA1C4E3078FC7D334874BE7BE9ACCAC5A2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/872df365-8a54-4811-9ba2-c10eb2e733f2.roa
Signing time:             Sun 18 Dec 2022 00:00:00 +0000
ROA not before:           Sun 18 Dec 2022 00:00:00 +0000
ROA not after:            Wed 21 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:71:c3:ba:1c:4e:30:78:fc:7d:33:48:74:be:7b:e9:ac:ca:c5:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 18 00:00:00 2022 GMT
            Not After : Dec 21 23:59:59 2022 GMT
        Subject: serialNumber=248ca0acea6f1f0855d4a2bc0fcd6574af70540d1cfd9bff41ee7fafcec2f64b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:76:ae:53:f1:9a:b2:8d:47:01:5e:dc:38:7a:
                    35:57:64:f8:d0:70:d3:10:e6:96:ca:5f:cb:58:a8:
                    c4:f2:95:48:29:ae:d7:2d:d8:14:96:01:7a:1e:7a:
                    38:f2:fd:a3:fe:0f:01:6f:92:c4:2c:e2:8e:3c:b5:
                    83:39:93:f9:37:9d:ca:9b:af:cf:d0:5f:30:40:da:
                    e1:eb:bc:9f:e9:b2:8d:79:82:78:c1:9b:d9:c0:38:
                    98:05:07:f9:b0:d5:f0:2b:4c:ae:8d:b6:cd:8c:16:
                    27:9b:98:32:04:33:07:c6:b0:ca:f3:49:53:55:5f:
                    98:60:f9:f5:c6:fb:28:1d:e0:d4:5d:33:f8:c9:80:
                    a1:9e:c5:3d:d3:38:dd:c0:6b:6d:05:3a:c0:3c:bb:
                    43:00:ac:c2:c4:de:6b:6e:ae:d2:23:c7:cc:c9:81:
                    04:ef:bc:73:bb:3d:1b:e8:d0:44:9f:90:04:c5:83:
                    67:5c:0f:37:98:63:b8:6a:ad:00:d0:02:4c:9e:c6:
                    34:fc:76:0d:07:b0:0d:94:2a:ad:a4:59:94:8b:b0:
                    04:19:70:ea:99:cf:de:c4:d3:e6:64:3f:80:38:4a:
                    1c:2e:2f:65:36:68:38:64:b1:8c:0a:4d:8b:06:6b:
                    21:c2:ea:08:dc:a7:60:34:5f:ac:76:77:66:77:2a:
                    04:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:31:CC:4C:96:33:0F:1B:96:2D:0F:51:FD:98:FB:7C:F2:0E:84:71
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/872df365-8a54-4811-9ba2-c10eb2e733f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:4c:13:b6:1d:b0:f2:33:49:15:41:5d:c1:6e:50:2d:23:a1:
         0f:b1:19:31:3c:2a:95:c6:0e:94:66:7c:34:e4:7a:1d:a6:32:
         10:0e:75:e3:c4:a3:c3:f9:e9:a5:ad:0c:2f:7d:bb:ba:3f:10:
         20:fb:be:33:e3:7a:a6:f2:5d:ae:6d:c8:1d:1d:51:eb:d5:09:
         12:3d:7a:21:27:71:2b:b2:8c:9b:56:e3:ac:44:49:58:10:98:
         a8:22:a4:ee:81:ad:c2:df:5b:91:b0:c5:e0:e8:e1:16:d7:03:
         bb:57:87:be:ff:3c:4d:3f:67:fd:76:53:c6:45:78:91:04:72:
         15:50:ea:1c:89:83:97:43:c8:ea:9f:ac:df:11:5c:b2:4e:9c:
         86:4c:08:d7:ba:c6:03:6b:f8:4a:10:5f:7a:16:31:6a:cd:44:
         40:bd:52:44:5e:90:fb:72:42:2b:84:02:d6:d6:b8:89:ca:aa:
         b0:39:0f:77:49:89:07:b8:71:c7:d4:d1:47:df:ca:37:e1:e9:
         6c:74:3c:15:f3:72:a9:c9:77:1c:af:dd:72:1b:12:34:e7:96:
         ae:59:39:39:6b:21:33:a0:0b:5a:e1:7f:9b:27:06:60:cb:31:
         21:f6:1b:e5:44:79:aa:c6:59:87:e1:e7:af:3e:87:21:ac:d7:
         d9:99:d0:a8
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVXHDuhxOMHj8fTNIdL576azKxaIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE4MDAwMDAwWhcNMjIxMjIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMjQ4Y2EwYWNlYTZmMWYwODU1ZDRhMmJjMGZjZDY1NzRh
ZjcwNTQwZDFjZmQ5YmZmNDFlZTdmYWZjZWMyZjY0YjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANx2rlPxmrKNRwFe3Dh6NVdk+NBw0xDmlspfy1ioxPKVSCmu1y3Y
FJYBeh56OPL9o/4PAW+SxCzijjy1gzmT+Tedypuvz9BfMEDa4eu8n+myjXmCeMGb
2cA4mAUH+bDV8CtMro22zYwWJ5uYMgQzB8awyvNJU1VfmGD59cb7KB3g1F0z+MmA
oZ7FPdM43cBrbQU6wDy7QwCswsTea26u0iPHzMmBBO+8c7s9G+jQRJ+QBMWDZ1wP
N5hjuGqtANACTJ7GNPx2DQewDZQqraRZlIuwBBlw6pnP3sTT5mQ/gDhKHC4vZTZo
OGSxjApNiwZrIcLqCNynYDRfrHZ3ZncqBI0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSXMcxMljMPG5YtD1H9mPt88g6EcTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODcyZGYzNjUtOGE1NC00ODExLTliYTItYzEwZWIyZTczM2YyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADJME7YdsPIzSRVB
XcFuUC0joQ+xGTE8KpXGDpRmfDTkeh2mMhAOdePEo8P56aWtDC99u7o/ECD7vjPj
eqbyXa5tyB0dUevVCRI9eiEncSuyjJtW46xESVgQmKgipO6BrcLfW5GwxeDo4RbX
A7tXh77/PE0/Z/12U8ZFeJEEchVQ6hyJg5dDyOqfrN8RXLJOnIZMCNe6xgNr+EoQ
X3oWMWrNREC9UkRekPtyQiuEAtbWuInKqrA5D3dJiQe4ccfU0Uffyjfh6Wx0PBXz
cqnJdxyv3XIbEjTnlq5ZOTlrITOgC1rhf5snBmDLMSH2G+VEearGWYfh568+hyGs
19mZ0Kg=
-----END CERTIFICATE-----