Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9ec32523-412f-4406-aac6-926cf6a81457.roa
File:                     9ec32523-412f-4406-aac6-926cf6a81457.roa (raw, json)
Hash identifier:          pdK1tiUb98bu0E20hlIFeLDGNbasvndPKdq00gsuGzc=
Subject key identifier:   72:D1:71:E5:9C:0D:6A:CC:8F:85:4F:05:2B:45:21:A7:6D:43:67:26
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1305E84C3407ADA31A7A5AB14A07A5FA56DE199D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9ec32523-412f-4406-aac6-926cf6a81457.roa
Signing time:             Sun 24 Jul 2022 00:00:00 +0000
ROA not before:           Sun 24 Jul 2022 00:00:00 +0000
ROA not after:            Wed 27 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:05:e8:4c:34:07:ad:a3:1a:7a:5a:b1:4a:07:a5:fa:56:de:19:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 24 00:00:00 2022 GMT
            Not After : Jul 27 23:59:59 2022 GMT
        Subject: serialNumber=efe3b5e75a0a941a7f8fd582cbfec186bae41cf24a672a374a472cdc5ec771c4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fd:ef:d4:ce:ff:f1:99:69:57:32:d3:0a:bc:
                    e5:37:36:ac:0b:6d:b1:6f:27:ea:a4:7c:0b:5f:62:
                    2e:95:0e:97:52:6c:bf:43:80:f8:87:cf:2e:64:7b:
                    90:13:b1:1e:1c:76:b1:b9:2a:21:c2:5b:94:ef:40:
                    36:cb:9f:e8:6f:a4:7d:cd:b0:d8:4b:98:2c:34:ca:
                    0a:4d:75:48:dc:3b:aa:29:ee:c7:91:d8:b2:5e:c2:
                    9d:3c:6b:1d:cd:a5:d5:3f:96:47:70:f0:6d:16:a5:
                    e8:79:a1:ae:6a:03:b2:40:7a:c9:2b:60:27:6b:86:
                    7d:79:20:ed:58:3c:d6:72:33:1e:bc:b2:a0:05:6e:
                    86:b0:df:cf:bd:d9:5b:c4:24:a5:85:f2:14:88:61:
                    46:73:cc:97:37:7d:cb:f6:2b:22:53:72:37:ff:ec:
                    4d:f5:8f:69:20:c6:ba:6d:f2:46:13:f4:57:53:80:
                    d2:1d:35:75:05:d9:16:7c:7e:58:97:83:a5:e5:78:
                    d5:0d:d0:d1:35:70:e6:16:1d:50:17:57:6f:5d:ec:
                    36:f4:53:9c:dd:01:5f:de:f2:81:10:f8:3e:80:64:
                    a7:0a:b2:77:b5:20:72:46:8c:c3:dc:d9:5c:f5:3b:
                    9a:35:96:9a:6c:ba:47:f7:54:dc:ab:10:e0:be:a1:
                    4e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:D1:71:E5:9C:0D:6A:CC:8F:85:4F:05:2B:45:21:A7:6D:43:67:26
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9ec32523-412f-4406-aac6-926cf6a81457.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:8e:7b:b7:5b:e5:f4:4f:47:6f:30:fb:bf:20:cc:42:24:7a:
         9b:69:fa:23:dc:97:5a:93:e2:6a:27:3c:44:c9:25:33:f6:dd:
         30:dc:c0:97:18:be:7c:c2:05:a0:b8:c2:00:df:47:9f:81:2d:
         fa:b4:49:e9:66:be:ec:46:33:60:76:80:91:a9:7f:09:1d:60:
         97:7f:0c:fe:1a:de:7c:3a:5c:79:24:22:c7:8a:ae:87:a8:2d:
         55:ff:ba:a7:25:d6:8e:ac:b3:89:12:1e:f0:75:aa:54:87:99:
         32:04:9a:29:6e:bd:60:d5:4f:fd:c9:40:f8:82:c0:21:48:cc:
         f1:51:b7:4f:9e:7e:d8:97:56:49:8e:ae:8a:56:28:b6:b0:b2:
         a8:87:34:44:f9:a0:63:e2:04:38:7d:96:00:64:dc:08:15:1d:
         48:b3:4e:50:ac:7d:45:67:44:ac:e8:7d:29:b8:a1:f1:91:09:
         dd:ce:6e:dd:4c:af:05:84:96:a6:04:7f:43:98:41:c9:4c:d6:
         db:c6:d5:d4:16:e5:cb:e0:a5:2a:0e:a1:32:cb:4d:91:0d:d6:
         59:b0:1c:9d:31:16:d9:c9:0a:ce:6d:e0:03:6b:ac:44:40:f4:
         d9:71:ac:a7:99:1c:75:8c:96:04:df:f4:1a:0a:95:da:bc:01:
         c8:70:c3:54
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEwXoTDQHraMaelqxSgel+lbeGZ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzI0MDAwMDAwWhcNMjIwNzI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZWZlM2I1ZTc1YTBhOTQxYTdmOGZkNTgyY2JmZWMxODZi
YWU0MWNmMjRhNjcyYTM3NGE0NzJjZGM1ZWM3NzFjNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALT979TO//GZaVcy0wq85Tc2rAttsW8n6qR8C19iLpUOl1Jsv0OA
+IfPLmR7kBOxHhx2sbkqIcJblO9ANsuf6G+kfc2w2EuYLDTKCk11SNw7qinux5HY
sl7CnTxrHc2l1T+WR3DwbRal6HmhrmoDskB6yStgJ2uGfXkg7Vg81nIzHryyoAVu
hrDfz73ZW8QkpYXyFIhhRnPMlzd9y/YrIlNyN//sTfWPaSDGum3yRhP0V1OA0h01
dQXZFnx+WJeDpeV41Q3Q0TVw5hYdUBdXb13sNvRTnN0BX97ygRD4PoBkpwqyd7Ug
ckaMw9zZXPU7mjWWmmy6R/dU3KsQ4L6hTgECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRy0XHlnA1qzI+FTwUrRSGnbUNnJjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOWVjMzI1MjMtNDEyZi00NDA2LWFhYzYtOTI2Y2Y2YTgxNDU3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMCOe7db5fRPR28w
+78gzEIkeptp+iPcl1qT4monPETJJTP23TDcwJcYvnzCBaC4wgDfR5+BLfq0Selm
vuxGM2B2gJGpfwkdYJd/DP4a3nw6XHkkIseKroeoLVX/uqcl1o6ss4kSHvB1qlSH
mTIEmiluvWDVT/3JQPiCwCFIzPFRt0+eftiXVkmOropWKLawsqiHNET5oGPiBDh9
lgBk3AgVHUizTlCsfUVnRKzofSm4ofGRCd3Obt1MrwWElqYEf0OYQclM1tvG1dQW
5cvgpSoOoTLLTZEN1lmwHJ0xFtnJCs5t4ANrrERA9NlxrKeZHHWMlgTf9BoKldq8
Achww1Q=
-----END CERTIFICATE-----