Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8fddd7a8-53e6-4ab8-91b7-6234a033e961.roa
File:                     8fddd7a8-53e6-4ab8-91b7-6234a033e961.roa (raw, json)
Hash identifier:          VJbBOqbQqC4uHuwt0fCI4H7IlmThKK6QKi4o7r7rtsg=
Subject key identifier:   1C:06:58:8A:2A:47:9D:58:40:1C:27:16:81:08:C7:76:6E:E8:69:CA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       010E97870C2179D5CC7148D445674A0898ABEC36
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8fddd7a8-53e6-4ab8-91b7-6234a033e961.roa
Signing time:             Mon 26 Dec 2022 00:00:00 +0000
ROA not before:           Mon 26 Dec 2022 00:00:00 +0000
ROA not after:            Thu 29 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0e:97:87:0c:21:79:d5:cc:71:48:d4:45:67:4a:08:98:ab:ec:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 26 00:00:00 2022 GMT
            Not After : Dec 29 23:59:59 2022 GMT
        Subject: serialNumber=203a486fbf88aba70bd5f2b89b180b1986b4b7fba525394636a5275a44ca8c29, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:00:b2:2f:17:b5:aa:0d:86:da:11:1d:51:ae:
                    35:0a:da:01:d0:5b:93:03:e5:16:01:e4:04:41:66:
                    51:fd:c8:49:c9:50:a8:08:94:21:e6:2e:04:e2:e0:
                    a0:2b:00:a7:c6:27:b3:a1:0e:89:03:8c:e1:c2:f6:
                    50:33:a3:16:ab:e1:e1:5a:b6:fb:01:99:d4:5a:1b:
                    5a:19:f5:f1:a5:1f:36:8c:af:7a:2f:b3:77:8f:14:
                    da:d1:d4:39:3a:c4:32:d5:27:95:64:21:72:43:83:
                    c4:f2:6a:2e:2e:8e:ec:b8:32:b8:53:ca:f1:7d:cb:
                    3e:15:e0:5f:9c:37:bd:e0:c9:33:f8:9a:b0:37:57:
                    87:29:c4:b3:fa:f8:17:7e:35:e9:8e:96:ac:4e:f9:
                    8a:a9:37:ef:2e:25:a4:62:88:31:4a:21:e1:5b:f0:
                    01:c7:61:1d:6d:59:09:0a:8c:1e:27:8d:34:6a:fb:
                    e8:a6:3a:a6:1d:b9:93:64:7f:cc:67:22:69:90:b6:
                    ae:d9:30:10:9a:b7:2c:7d:16:7f:54:9a:ba:51:09:
                    2a:95:0d:ba:8c:f6:ac:65:00:5c:a6:d1:60:66:04:
                    9b:45:0a:8f:ec:21:ae:c5:f1:b0:df:2c:c9:cb:fe:
                    bd:6e:9c:77:bb:07:cf:fb:48:73:ab:4d:f6:8d:70:
                    0c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:06:58:8A:2A:47:9D:58:40:1C:27:16:81:08:C7:76:6E:E8:69:CA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8fddd7a8-53e6-4ab8-91b7-6234a033e961.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:9f:d4:88:09:8b:ce:98:96:69:f2:29:6a:c2:ad:9e:92:84:
         37:b5:61:ad:88:11:e3:72:5c:13:40:75:dc:d0:8e:d6:03:d7:
         e2:37:54:17:e7:58:82:f1:6b:d6:72:13:47:43:22:aa:31:2a:
         a5:bb:87:20:ba:09:17:92:61:e0:f7:b2:86:1a:25:92:91:97:
         68:2d:ba:c0:af:ca:f4:f9:dc:e1:a1:d0:0c:d5:ca:bc:69:ba:
         40:50:f4:9f:db:8c:57:97:f4:b6:3d:76:55:88:8b:0c:5a:3b:
         dd:6a:de:06:ef:4e:1a:35:0e:ed:8d:9f:76:23:e3:f3:af:2d:
         6c:61:ab:ae:7c:82:e0:00:44:57:5c:ae:e0:36:54:a1:a1:38:
         eb:a4:e5:02:4e:74:1f:7f:ec:af:8d:c8:be:1b:9c:2f:d6:00:
         ab:57:35:b1:78:8e:92:f8:69:98:30:4d:23:54:78:c2:7a:fc:
         c6:4e:85:cd:a7:f3:d3:45:a9:ac:40:cf:cc:da:de:0e:3c:57:
         70:40:df:81:49:eb:d0:ba:8e:3a:50:29:60:4d:3a:d8:74:bb:
         46:36:9d:63:d0:31:f4:60:2a:4b:f4:6f:d2:c6:27:3e:ec:4f:
         ee:57:f2:7d:74:87:49:89:f4:d4:35:a3:69:0c:99:c3:d4:53:
         de:8a:da:02
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAQ6XhwwhedXMcUjURWdKCJir7DYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI2MDAwMDAwWhcNMjIxMjI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMjAzYTQ4NmZiZjg4YWJhNzBiZDVmMmI4OWIxODBiMTk4
NmI0YjdmYmE1MjUzOTQ2MzZhNTI3NWE0NGNhOGMyOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALUAsi8XtaoNhtoRHVGuNQraAdBbkwPlFgHkBEFmUf3ISclQqAiU
IeYuBOLgoCsAp8Yns6EOiQOM4cL2UDOjFqvh4Vq2+wGZ1FobWhn18aUfNoyvei+z
d48U2tHUOTrEMtUnlWQhckODxPJqLi6O7LgyuFPK8X3LPhXgX5w3veDJM/iasDdX
hynEs/r4F3416Y6WrE75iqk37y4lpGKIMUoh4VvwAcdhHW1ZCQqMHieNNGr76KY6
ph25k2R/zGciaZC2rtkwEJq3LH0Wf1SaulEJKpUNuoz2rGUAXKbRYGYEm0UKj+wh
rsXxsN8sycv+vW6cd7sHz/tIc6tN9o1wDN8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQcBliKKkedWEAcJxaBCMd2buhpyjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGZkZGQ3YTgtNTNlNi00YWI4LTkxYjctNjIzNGEwMzNlOTYxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAASf1IgJi86Ylmny
KWrCrZ6ShDe1Ya2IEeNyXBNAddzQjtYD1+I3VBfnWILxa9ZyE0dDIqoxKqW7hyC6
CReSYeD3soYaJZKRl2gtusCvyvT53OGh0AzVyrxpukBQ9J/bjFeX9LY9dlWIiwxa
O91q3gbvTho1Du2Nn3Yj4/OvLWxhq658guAARFdcruA2VKGhOOuk5QJOdB9/7K+N
yL4bnC/WAKtXNbF4jpL4aZgwTSNUeMJ6/MZOhc2n89NFqaxAz8za3g48V3BA34FJ
69C6jjpQKWBNOth0u0Y2nWPQMfRgKkv0b9LGJz7sT+5X8n10h0mJ9NQ1o2kMmcPU
U96K2gI=
-----END CERTIFICATE-----