Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/920b8fa5-8e44-47e8-9c5c-b10047ee5c03.roa
File:                     920b8fa5-8e44-47e8-9c5c-b10047ee5c03.roa (raw, json)
Hash identifier:          Cu7awpiaXUF7tI9nIIwDpksWIraLPv61B9U5CgrxoBU=
Subject key identifier:   E4:0F:F3:43:62:9D:12:34:9B:DA:6C:19:8D:92:98:E9:93:A8:15:DC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5F3F584B8024E031CA85BD9A49441D46520BD6DB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/920b8fa5-8e44-47e8-9c5c-b10047ee5c03.roa
Signing time:             Sat 07 Jan 2023 00:00:00 +0000
ROA not before:           Sat 07 Jan 2023 00:00:00 +0000
ROA not after:            Tue 10 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:3f:58:4b:80:24:e0:31:ca:85:bd:9a:49:44:1d:46:52:0b:d6:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan  7 00:00:00 2023 GMT
            Not After : Jan 10 23:59:59 2023 GMT
        Subject: serialNumber=6e625e68a1a00828c51411d14b58a117b33fd801024e801e8a3738de5d61056c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bb:1f:ab:f5:71:df:43:6a:72:f5:45:98:af:
                    78:52:b9:66:90:4f:0e:65:9e:b8:85:b5:73:30:c3:
                    2e:75:44:c5:f7:21:c0:ff:c4:d3:7c:f9:3c:1b:83:
                    ed:ab:4e:ff:bc:17:79:de:29:53:55:ab:07:2a:c3:
                    0c:4c:7e:50:b7:be:d6:fc:0c:5a:ad:f7:94:37:2a:
                    24:e3:a3:43:9c:04:29:11:90:0f:48:37:fc:11:b3:
                    9c:83:e3:d4:cb:c9:31:69:ad:97:b9:b0:04:ff:4b:
                    49:30:40:47:d6:02:01:7a:92:a3:99:6a:61:92:54:
                    ac:59:56:a4:e1:d7:31:d3:75:03:91:74:14:63:32:
                    8b:db:4b:e6:99:e1:b5:74:6f:78:80:dc:dd:af:e6:
                    73:f4:be:72:19:c6:12:57:d4:74:d2:f9:16:df:ee:
                    b9:e6:4d:c5:42:4e:ba:9c:ed:75:e0:d6:7c:77:6c:
                    1d:df:9e:22:49:62:4e:91:09:76:71:d2:59:4b:35:
                    88:9d:05:54:5c:61:40:ba:44:91:11:3e:0d:81:3f:
                    a9:4d:b4:c8:f6:96:a3:c5:54:c8:6c:75:a3:ff:45:
                    99:eb:dd:79:fc:93:c7:dc:36:12:e6:37:09:cc:b7:
                    e8:04:69:a2:a4:c2:fc:c4:cb:49:bd:46:60:4e:f5:
                    9b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:0F:F3:43:62:9D:12:34:9B:DA:6C:19:8D:92:98:E9:93:A8:15:DC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/920b8fa5-8e44-47e8-9c5c-b10047ee5c03.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:03:36:8f:97:ce:24:be:be:c5:e7:a1:5b:cd:97:88:6f:98:
         4e:df:96:10:73:d6:55:12:af:0f:39:b6:7e:df:c8:95:94:75:
         bf:e7:da:e2:1d:ef:91:ed:10:8f:26:63:8c:60:eb:18:bc:68:
         6c:38:d3:f5:19:eb:c8:d0:34:0f:55:12:ca:c5:ae:5b:f8:fe:
         06:2a:5e:b5:21:09:57:c0:43:3c:0e:ef:70:99:10:d0:dd:6a:
         3f:b1:de:7c:e4:9b:30:df:8e:a6:56:5f:49:45:1a:aa:bb:30:
         7f:7b:52:de:cf:47:ad:aa:3b:50:20:f6:8f:3d:62:a4:33:28:
         d1:43:a5:dd:85:1b:b7:9b:c5:8e:42:87:99:8b:c0:fb:fa:0f:
         77:8a:2d:17:0b:41:b5:4c:a7:b8:a2:fb:ec:1d:8f:78:5a:d0:
         19:b4:51:03:d4:32:ca:bd:ca:b0:e3:2f:a0:4f:39:4b:7a:6e:
         26:92:5f:1c:02:15:67:f7:f2:f9:09:67:d1:0d:31:ca:6e:f7:
         f4:f5:f8:e1:c9:2b:fd:2b:07:98:07:85:2e:18:d1:05:94:d3:
         ac:b9:37:f4:76:2f:3a:7d:75:f5:16:40:b8:76:a9:ec:ef:6a:
         6b:41:14:dc:14:ea:1d:ae:19:75:fd:ce:a1:4d:91:54:55:01:
         16:22:f9:10
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUXz9YS4Ak4DHKhb2aSUQdRlIL1tswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTA3MDAwMDAwWhcNMjMwMTEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANmU2MjVlNjhhMWEwMDgyOGM1MTQxMWQxNGI1OGExMTdi
MzNmZDgwMTAyNGU4MDFlOGEzNzM4ZGU1ZDYxMDU2YzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMO7H6v1cd9DanL1RZiveFK5ZpBPDmWeuIW1czDDLnVExfchwP/E
03z5PBuD7atO/7wXed4pU1WrByrDDEx+ULe+1vwMWq33lDcqJOOjQ5wEKRGQD0g3
/BGznIPj1MvJMWmtl7mwBP9LSTBAR9YCAXqSo5lqYZJUrFlWpOHXMdN1A5F0FGMy
i9tL5pnhtXRveIDc3a/mc/S+chnGElfUdNL5Ft/uueZNxUJOupztdeDWfHdsHd+e
IkliTpEJdnHSWUs1iJ0FVFxhQLpEkRE+DYE/qU20yPaWo8VUyGx1o/9FmevdefyT
x9w2EuY3Ccy36ARpoqTC/MTLSb1GYE71m/kCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTkD/NDYp0SNJvabBmNkpjpk6gV3DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTIwYjhmYTUtOGU0NC00N2U4LTljNWMtYjEwMDQ3ZWU1YzAzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIsDNo+XziS+vsXn
oVvNl4hvmE7flhBz1lUSrw85tn7fyJWUdb/n2uId75HtEI8mY4xg6xi8aGw40/UZ
68jQNA9VEsrFrlv4/gYqXrUhCVfAQzwO73CZENDdaj+x3nzkmzDfjqZWX0lFGqq7
MH97Ut7PR62qO1Ag9o89YqQzKNFDpd2FG7ebxY5Ch5mLwPv6D3eKLRcLQbVMp7ii
++wdj3ha0Bm0UQPUMsq9yrDjL6BPOUt6biaSXxwCFWf38vkJZ9ENMcpu9/T1+OHJ
K/0rB5gHhS4Y0QWU06y5N/R2Lzp9dfUWQLh2qezvamtBFNwU6h2uGXX9zqFNkVRV
ARYi+RA=
-----END CERTIFICATE-----