Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8b343ca9-7b10-41be-9d52-8d6c4ae9d035.roa
File:                     8b343ca9-7b10-41be-9d52-8d6c4ae9d035.roa (raw, json)
Hash identifier:          oQO6xNeDwOw+IVZsxUZChHorUgHxwboiEYVgCtfEx68=
Subject key identifier:   F3:BD:84:B7:A9:6F:4F:5F:E3:2D:47:C5:93:3B:B3:D3:0A:FA:57:4D
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       55B4D86A5C509FA317DE9DA26E374A48C8C62B4C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8b343ca9-7b10-41be-9d52-8d6c4ae9d035.roa
Signing time:             Sun 06 Nov 2022 00:00:00 +0000
ROA not before:           Sun 06 Nov 2022 00:00:00 +0000
ROA not after:            Wed 09 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:b4:d8:6a:5c:50:9f:a3:17:de:9d:a2:6e:37:4a:48:c8:c6:2b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov  6 00:00:00 2022 GMT
            Not After : Nov  9 23:59:59 2022 GMT
        Subject: serialNumber=3c3bb494c3095e42d4af6dd97d28fb9bec2678c633c0be6dc1c09635d192af31, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:9c:7b:7a:50:98:5a:15:0c:3b:8f:75:10:18:
                    08:93:32:96:34:71:b1:bf:4f:4f:d3:5b:6f:25:d7:
                    3c:16:ae:3c:fd:6d:01:f6:87:d7:a1:49:b0:38:32:
                    bd:b3:ce:e1:9c:6a:85:c8:00:99:98:18:dc:c7:83:
                    78:dc:60:6b:7a:d9:78:ac:cf:ca:e6:68:45:96:d9:
                    12:2d:d6:50:db:ca:ce:70:3b:46:9f:43:fa:13:4a:
                    84:a0:2b:e7:dc:24:ec:ec:e0:b1:74:c6:f9:bd:85:
                    6c:ae:b7:a9:25:92:a4:2a:33:86:ed:e8:45:3e:06:
                    2a:82:5f:90:ed:52:9d:d6:02:8a:86:09:4c:49:1f:
                    0f:e9:56:1a:3b:6c:f6:dd:c1:22:43:a1:76:26:3b:
                    ad:39:c1:9f:e6:3a:bc:13:0d:e4:e9:a9:f7:ca:26:
                    a4:1e:0e:d4:35:77:6b:d0:11:00:52:ee:12:09:56:
                    05:3d:ed:28:9a:c2:84:56:67:9c:e1:6f:1a:68:ec:
                    6a:c6:08:77:e1:d0:8a:a1:82:40:9c:53:8b:9e:a1:
                    a6:c3:e2:29:45:d2:83:4b:f3:cc:10:3a:f5:43:28:
                    37:e2:ee:2f:c7:bf:a4:58:d2:e7:1d:e9:65:23:eb:
                    d7:d5:78:e3:95:86:28:16:d1:4d:1c:79:13:36:97:
                    80:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:BD:84:B7:A9:6F:4F:5F:E3:2D:47:C5:93:3B:B3:D3:0A:FA:57:4D
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8b343ca9-7b10-41be-9d52-8d6c4ae9d035.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:7b:14:f1:25:17:70:71:17:95:7b:e7:ba:5d:0c:e3:c7:33:
         60:4f:78:d8:1d:08:bd:59:52:63:a4:87:17:60:01:4e:7b:3e:
         bb:b4:24:13:30:1c:da:4c:34:04:78:a8:dc:18:ba:5f:e7:67:
         9e:65:c4:99:61:3b:71:dc:15:70:bf:b1:c4:57:ca:60:cf:00:
         9a:83:a9:27:bd:37:ed:d0:2c:7b:85:9f:b1:54:de:32:cc:13:
         37:53:88:cc:af:f7:2f:31:1e:6d:a8:22:03:b5:22:b6:b8:1f:
         a3:17:0a:89:28:ea:13:dc:66:ca:d3:fc:c7:00:f9:6b:1d:8a:
         20:74:49:4d:c9:db:13:b5:07:83:a6:c2:93:6f:bf:7c:68:58:
         30:6b:b3:00:9a:25:af:4a:14:a5:89:c9:58:e5:83:33:00:af:
         3a:69:cb:42:b3:72:71:c8:ca:e5:1d:4b:ca:b9:6b:67:4c:0f:
         09:89:a5:12:bf:e9:84:ef:a7:ee:be:33:f9:cb:2e:71:87:e8:
         05:02:be:38:f3:c5:44:2d:02:16:29:f1:08:83:20:4b:70:19:
         6c:bf:57:45:ff:f5:79:68:8b:1b:23:47:0a:6b:b4:41:f1:93:
         72:67:70:e7:fd:c7:a1:54:77:f4:22:68:18:6a:a2:97:7e:bd:
         a1:0b:10:02
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVbTYalxQn6MX3p2ibjdKSMjGK0wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTA2MDAwMDAwWhcNMjIxMTA5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2MzYmI0OTRjMzA5NWU0MmQ0YWY2ZGQ5N2QyOGZiOWJl
YzI2NzhjNjMzYzBiZTZkYzFjMDk2MzVkMTkyYWYzMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANyce3pQmFoVDDuPdRAYCJMyljRxsb9PT9NbbyXXPBauPP1tAfaH
16FJsDgyvbPO4ZxqhcgAmZgY3MeDeNxga3rZeKzPyuZoRZbZEi3WUNvKznA7Rp9D
+hNKhKAr59wk7OzgsXTG+b2FbK63qSWSpCozhu3oRT4GKoJfkO1SndYCioYJTEkf
D+lWGjts9t3BIkOhdiY7rTnBn+Y6vBMN5Omp98ompB4O1DV3a9ARAFLuEglWBT3t
KJrChFZnnOFvGmjsasYId+HQiqGCQJxTi56hpsPiKUXSg0vzzBA69UMoN+LuL8e/
pFjS5x3pZSPr19V445WGKBbRTRx5EzaXgOsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTzvYS3qW9PX+MtR8WTO7PTCvpXTTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGIzNDNjYTktN2IxMC00MWJlLTlkNTItOGQ2YzRhZTlkMDM1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB57FPElF3BxF5V7
57pdDOPHM2BPeNgdCL1ZUmOkhxdgAU57Pru0JBMwHNpMNAR4qNwYul/nZ55lxJlh
O3HcFXC/scRXymDPAJqDqSe9N+3QLHuFn7FU3jLMEzdTiMyv9y8xHm2oIgO1Ira4
H6MXCoko6hPcZsrT/McA+WsdiiB0SU3J2xO1B4OmwpNvv3xoWDBrswCaJa9KFKWJ
yVjlgzMArzppy0KzcnHIyuUdS8q5a2dMDwmJpRK/6YTvp+6+M/nLLnGH6AUCvjjz
xUQtAhYp8QiDIEtwGWy/V0X/9XloixsjRwprtEHxk3JncOf9x6FUd/QiaBhqopd+
vaELEAI=
-----END CERTIFICATE-----