Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8a191fd3-128b-4e82-ac0a-c38ea0a8f308.roa
File:                     8a191fd3-128b-4e82-ac0a-c38ea0a8f308.roa (raw, json)
Hash identifier:          8cohO07mNokpP7zjbcZ/Uwqdz5UPF6WJmp8qyrZXZpQ=
Subject key identifier:   C5:35:1F:72:8C:69:FE:39:B4:48:8C:47:87:4E:47:AB:8F:E5:18:1E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       64CF91DBBB4DAF5D29D52891FA1C4B1038488C23
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8a191fd3-128b-4e82-ac0a-c38ea0a8f308.roa
Signing time:             Fri 26 Aug 2022 00:00:00 +0000
ROA not before:           Fri 26 Aug 2022 00:00:00 +0000
ROA not after:            Mon 29 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:cf:91:db:bb:4d:af:5d:29:d5:28:91:fa:1c:4b:10:38:48:8c:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 26 00:00:00 2022 GMT
            Not After : Aug 29 23:59:59 2022 GMT
        Subject: serialNumber=e34a6849b1ad7e8e0792c302ea69d68ae3d088a95ab4423ed1ee832b0631eae0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a3:cf:81:de:2b:7d:d7:99:63:e9:a0:4a:0c:
                    2f:a7:47:5c:0e:47:3f:05:5a:7a:2d:47:71:03:2f:
                    39:62:7e:fc:73:57:0e:24:54:6d:6e:8e:75:c6:2d:
                    7e:58:05:aa:ed:51:36:fe:e4:4f:6d:7f:14:46:86:
                    cf:2d:06:01:2b:e6:4d:0c:cc:bf:cc:3d:4f:eb:6d:
                    bb:95:9b:6b:51:fb:38:c3:64:49:9d:fd:99:a2:f9:
                    30:22:fc:30:86:01:62:ef:55:bc:29:87:6f:89:1f:
                    9b:1b:3f:0b:ce:7d:e3:9d:16:e0:65:ef:4c:74:90:
                    00:9e:2e:5e:62:43:df:7e:6d:59:56:68:9d:03:10:
                    47:67:48:fe:ce:32:e7:dd:a8:d3:3f:d5:2f:a9:56:
                    53:63:d3:97:22:51:e1:cb:01:de:aa:ac:44:a4:dd:
                    83:ef:68:30:cf:06:20:94:78:5a:0c:5d:51:77:49:
                    af:58:62:a1:2c:7d:33:6e:b8:f2:18:32:4f:37:c5:
                    3e:8b:f9:90:e5:b6:8a:a6:7a:55:48:ea:3b:f9:33:
                    1a:f7:14:e6:25:c7:74:9f:1e:10:bd:b0:a3:29:ee:
                    27:66:aa:e2:df:10:b3:05:3f:1b:25:6e:6b:10:19:
                    b9:8f:b2:c2:22:fd:dc:9c:fd:df:f0:df:8e:48:b8:
                    f6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:35:1F:72:8C:69:FE:39:B4:48:8C:47:87:4E:47:AB:8F:E5:18:1E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8a191fd3-128b-4e82-ac0a-c38ea0a8f308.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:cd:7b:74:ab:7d:a6:c1:1a:16:fe:44:ac:2d:a5:5e:81:2c:
         a7:85:24:13:a9:f7:5c:1f:f4:b6:82:d0:42:44:6b:b3:47:dd:
         f1:c8:dd:4f:29:54:c3:05:43:7d:8a:01:d0:2f:b2:1a:6d:8a:
         2f:cc:cc:26:05:e5:59:38:ba:84:3d:08:51:31:54:87:59:a7:
         09:8a:67:c7:36:1c:2f:c3:ba:d7:d6:fa:3e:8f:4e:01:1d:d5:
         a2:60:e4:cd:d7:a0:99:92:83:44:5a:1a:00:6d:28:73:04:63:
         a2:59:f9:ac:c3:43:aa:b8:3f:f4:fb:8a:1a:52:cf:47:44:39:
         e4:73:10:fa:91:53:7a:bb:8c:8a:77:bd:c8:c5:ee:de:19:61:
         f8:6b:e1:db:45:d8:f4:e8:70:d7:ae:cd:22:4a:01:4b:2a:52:
         74:c9:92:a3:05:70:85:52:82:45:06:d8:76:37:0f:4d:7c:f5:
         7d:4e:57:b6:5b:c9:a1:03:01:c8:16:5e:e4:ce:97:35:86:0d:
         16:4c:33:53:98:40:fd:e0:45:0e:7b:e5:7b:2e:8b:4a:19:e1:
         08:02:32:a2:a7:fa:04:fe:05:0e:d0:93:14:0b:2e:4e:0b:87:
         b6:b0:1c:32:59:51:4a:d4:4f:87:8d:82:60:e0:92:1a:7d:94:
         ae:6d:41:24
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZM+R27tNr10p1SiR+hxLEDhIjCMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODI2MDAwMDAwWhcNMjIwODI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTM0YTY4NDliMWFkN2U4ZTA3OTJjMzAyZWE2OWQ2OGFl
M2QwODhhOTVhYjQ0MjNlZDFlZTgzMmIwNjMxZWFlMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKyjz4HeK33XmWPpoEoML6dHXA5HPwVaei1HcQMvOWJ+/HNXDiRU
bW6OdcYtflgFqu1RNv7kT21/FEaGzy0GASvmTQzMv8w9T+ttu5Wba1H7OMNkSZ39
maL5MCL8MIYBYu9VvCmHb4kfmxs/C859450W4GXvTHSQAJ4uXmJD335tWVZonQMQ
R2dI/s4y592o0z/VL6lWU2PTlyJR4csB3qqsRKTdg+9oMM8GIJR4WgxdUXdJr1hi
oSx9M2648hgyTzfFPov5kOW2iqZ6VUjqO/kzGvcU5iXHdJ8eEL2woynuJ2aq4t8Q
swU/GyVuaxAZuY+ywiL93Jz93/Dfjki49o8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTFNR9yjGn+ObRIjEeHTkerj+UYHjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGExOTFmZDMtMTI4Yi00ZTgyLWFjMGEtYzM4ZWEwYThmMzA4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHDNe3SrfabBGhb+
RKwtpV6BLKeFJBOp91wf9LaC0EJEa7NH3fHI3U8pVMMFQ32KAdAvshptii/MzCYF
5Vk4uoQ9CFExVIdZpwmKZ8c2HC/DutfW+j6PTgEd1aJg5M3XoJmSg0RaGgBtKHME
Y6JZ+azDQ6q4P/T7ihpSz0dEOeRzEPqRU3q7jIp3vcjF7t4ZYfhr4dtF2PTocNeu
zSJKAUsqUnTJkqMFcIVSgkUG2HY3D0189X1OV7ZbyaEDAcgWXuTOlzWGDRZMM1OY
QP3gRQ575Xsui0oZ4QgCMqKn+gT+BQ7QkxQLLk4Lh7awHDJZUUrUT4eNgmDgkhp9
lK5tQSQ=
-----END CERTIFICATE-----