Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/887733fe-920d-4787-b262-5b04f3c8acd0.roa
File:                     887733fe-920d-4787-b262-5b04f3c8acd0.roa (raw, json)
Hash identifier:          D0DK3MDrwhdeV6cIlVs4o5J3lmU7LSSAitamkGWvT60=
Subject key identifier:   22:B8:6D:31:1E:1A:70:4A:A4:03:BC:4E:92:65:0E:10:3A:FE:50:FB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       03F390DC70D3F2CE2024E33F941A421C6912AC12
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/887733fe-920d-4787-b262-5b04f3c8acd0.roa
Signing time:             Tue 19 Jul 2022 00:00:00 +0000
ROA not before:           Tue 19 Jul 2022 00:00:00 +0000
ROA not after:            Fri 22 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:f3:90:dc:70:d3:f2:ce:20:24:e3:3f:94:1a:42:1c:69:12:ac:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 19 00:00:00 2022 GMT
            Not After : Jul 22 23:59:59 2022 GMT
        Subject: serialNumber=c8a2f48e620198693e775b7b9c0fa90a79691b88d7934ed7c80f090240fbb45c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f8:12:07:ba:e6:dc:6e:52:09:5b:ff:90:e5:
                    43:cb:1b:2d:ea:df:af:54:5a:97:32:f9:f7:e0:e9:
                    97:71:7b:b6:26:9f:fe:0a:86:7b:60:16:2d:87:b7:
                    82:53:34:4d:dd:c9:14:28:ba:a7:09:15:82:16:91:
                    a9:4b:61:ba:a3:9a:48:da:8d:9a:ba:c3:4c:e4:48:
                    25:3c:89:71:0e:50:ef:1f:25:6a:6c:e1:3f:ac:89:
                    2c:7e:a8:72:a0:20:c8:c9:b4:f8:3a:c7:23:04:6f:
                    0a:28:9d:95:1e:4c:cf:b0:66:34:a1:95:12:8c:99:
                    74:15:f5:0a:53:ba:19:b6:a5:c7:68:f0:0d:40:3d:
                    ca:1a:f5:30:ce:d6:f3:7e:bd:ad:fd:0a:51:f5:13:
                    53:e5:df:f6:88:9c:86:6e:eb:c6:23:87:57:bc:f3:
                    13:c5:15:30:d2:db:d7:49:b5:e1:b7:7a:34:f6:50:
                    7e:d2:f5:bd:f1:0b:c3:56:b6:4f:f5:be:90:31:26:
                    a5:a2:17:2a:45:ec:33:93:56:00:9f:e0:cf:1f:53:
                    dd:50:c3:09:ce:28:a3:18:52:82:da:82:6c:00:e4:
                    98:c9:b8:18:1b:8f:0f:92:9f:45:3f:90:f6:b8:3d:
                    08:f7:18:15:f5:b0:74:2e:85:80:4b:07:7e:cc:71:
                    93:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:B8:6D:31:1E:1A:70:4A:A4:03:BC:4E:92:65:0E:10:3A:FE:50:FB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/887733fe-920d-4787-b262-5b04f3c8acd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:2f:23:86:47:42:da:75:57:1c:0a:2e:3f:80:5b:c9:ed:60:
         09:30:f8:84:9d:c9:f3:3c:24:28:4b:88:bb:80:ce:93:50:e2:
         09:de:9f:7d:28:2f:47:84:b4:c6:ff:58:ea:6a:39:60:58:eb:
         79:d7:b1:70:cf:e2:6d:a7:ee:73:af:4d:51:d8:2b:9f:a3:c5:
         77:e3:b3:4d:37:9a:e8:e2:84:c1:8f:26:f7:71:7f:2b:77:0c:
         62:1e:99:be:c2:c3:ec:fc:e7:ae:9a:cd:86:4e:eb:99:27:b9:
         1c:68:3f:f9:33:b6:29:38:b1:21:0d:81:92:2d:63:f8:2a:34:
         64:60:e9:ea:b9:aa:a4:2e:fa:86:fb:a7:aa:cd:20:81:18:39:
         84:2d:7b:c1:50:c1:a1:36:d8:8d:30:4e:c0:7f:4f:3f:08:33:
         57:fd:d4:4f:d9:90:1b:79:70:02:f7:f0:8a:63:10:1a:94:8b:
         48:44:41:ec:21:3d:dc:01:c3:2a:4f:e0:f0:78:f1:76:a1:eb:
         9f:60:9c:7d:a4:e7:eb:21:2e:d5:01:ce:1e:f5:1c:72:7d:2d:
         a6:d3:71:96:73:72:ec:41:f2:cc:09:94:d1:5b:34:67:f1:c0:
         08:f9:c4:d1:1f:fb:1d:0e:75:bd:94:0c:aa:1d:0f:46:be:28:
         95:f3:94:53
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUA/OQ3HDT8s4gJOM/lBpCHGkSrBIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzE5MDAwMDAwWhcNMjIwNzIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzhhMmY0OGU2MjAxOTg2OTNlNzc1YjdiOWMwZmE5MGE3
OTY5MWI4OGQ3OTM0ZWQ3YzgwZjA5MDI0MGZiYjQ1YzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALf4Ege65txuUglb/5DlQ8sbLerfr1RalzL59+Dpl3F7tiaf/gqG
e2AWLYe3glM0Td3JFCi6pwkVghaRqUthuqOaSNqNmrrDTORIJTyJcQ5Q7x8lamzh
P6yJLH6ocqAgyMm0+DrHIwRvCiidlR5Mz7BmNKGVEoyZdBX1ClO6Gbalx2jwDUA9
yhr1MM7W8369rf0KUfUTU+Xf9oichm7rxiOHV7zzE8UVMNLb10m14bd6NPZQftL1
vfELw1a2T/W+kDEmpaIXKkXsM5NWAJ/gzx9T3VDDCc4ooxhSgtqCbADkmMm4GBuP
D5KfRT+Q9rg9CPcYFfWwdC6FgEsHfsxxk0UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQiuG0xHhpwSqQDvE6SZQ4QOv5Q+zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODg3NzMzZmUtOTIwZC00Nzg3LWIyNjItNWIwNGYzYzhhY2QwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF8vI4ZHQtp1VxwK
Lj+AW8ntYAkw+ISdyfM8JChLiLuAzpNQ4gnen30oL0eEtMb/WOpqOWBY63nXsXDP
4m2n7nOvTVHYK5+jxXfjs003mujihMGPJvdxfyt3DGIemb7Cw+z8566azYZO65kn
uRxoP/kztik4sSENgZItY/gqNGRg6eq5qqQu+ob7p6rNIIEYOYQte8FQwaE22I0w
TsB/Tz8IM1f91E/ZkBt5cAL38IpjEBqUi0hEQewhPdwBwypP4PB48Xah659gnH2k
5+shLtUBzh71HHJ9LabTcZZzcuxB8swJlNFbNGfxwAj5xNEf+x0Odb2UDKodD0a+
KJXzlFM=
-----END CERTIFICATE-----