Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9f3d091c-8d68-4a68-9da6-5b4d88a2ba91.roa
File:                     9f3d091c-8d68-4a68-9da6-5b4d88a2ba91.roa (raw, json)
Hash identifier:          JkzLpRNStu0tNJsa8fUefftxn0RXRFzRWtAPzmwZyvs=
Subject key identifier:   BD:A1:E9:4A:93:7B:1D:A8:B5:CE:3F:3C:30:45:9A:CB:86:57:D7:5F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0370397E67CFF2BE01061DA672840EB1F17E30F5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9f3d091c-8d68-4a68-9da6-5b4d88a2ba91.roa
Signing time:             Mon 15 Aug 2022 00:00:00 +0000
ROA not before:           Mon 15 Aug 2022 00:00:00 +0000
ROA not after:            Thu 18 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:70:39:7e:67:cf:f2:be:01:06:1d:a6:72:84:0e:b1:f1:7e:30:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 15 00:00:00 2022 GMT
            Not After : Aug 18 23:59:59 2022 GMT
        Subject: serialNumber=5888831d66614d68cf634e611c5271c036016b691ba75afee98d870a03269866, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e5:ce:bc:16:da:fa:cd:c7:3b:76:32:0d:d4:
                    b2:e3:34:47:b5:43:84:3a:d4:88:3c:42:83:7c:11:
                    42:86:4d:c9:5b:ff:3b:43:d2:81:a8:6d:74:b2:ee:
                    20:e4:9b:f2:86:61:50:7e:e0:cc:fd:e7:4e:4a:51:
                    62:ed:bc:04:f5:27:33:e5:e9:bf:46:b3:03:c4:5b:
                    e8:bc:99:6f:f1:eb:c3:f7:0c:a0:5b:34:6c:ca:65:
                    3a:ec:59:7b:ac:e7:a9:9d:09:5d:b5:b3:ab:9b:57:
                    d9:41:1f:3f:ba:a8:01:5b:e7:69:5b:8b:56:e6:2c:
                    0b:bf:5e:3b:34:58:1d:37:98:60:bd:08:b6:ab:ef:
                    01:ff:23:fe:ae:7e:c3:24:4d:bf:aa:00:35:89:da:
                    9b:33:89:6c:75:79:4b:cc:a3:27:b2:a0:3e:1a:c6:
                    16:d7:15:2e:52:45:5a:87:39:52:d9:e1:bd:16:57:
                    d8:8f:f2:bc:9d:63:68:59:ad:f1:7e:dd:7b:d9:1d:
                    0f:ba:15:bb:ef:9b:92:4d:98:e8:fa:5f:6e:bd:e4:
                    ec:31:2f:aa:90:37:14:ba:dd:4d:08:51:98:54:ca:
                    60:34:ff:4c:14:a5:f3:58:b4:35:67:72:db:94:64:
                    38:41:c3:0f:e0:bb:7c:57:e8:ef:ff:87:45:b4:c0:
                    b8:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:A1:E9:4A:93:7B:1D:A8:B5:CE:3F:3C:30:45:9A:CB:86:57:D7:5F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9f3d091c-8d68-4a68-9da6-5b4d88a2ba91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:35:1c:aa:11:aa:26:b7:fc:c4:b5:ab:63:a4:34:60:7e:b9:
         06:38:95:b7:c4:69:ed:a3:f2:9a:f5:82:c1:ab:7d:00:0b:fc:
         1d:e8:41:fb:f5:39:7f:60:a1:e5:a0:38:3c:db:6f:ad:cf:67:
         c6:2c:06:09:16:59:5a:07:bf:f6:0d:73:cd:52:33:dd:9a:d2:
         78:bb:9f:b0:0c:28:dc:76:a1:06:3f:8d:dc:53:3c:7e:85:11:
         d8:b0:b7:6c:db:cf:a6:13:3d:c5:df:8f:75:5d:2c:29:06:7b:
         88:0d:4e:14:ee:92:6c:d0:da:1e:d9:e2:68:87:8a:b5:17:36:
         4a:22:05:8c:5c:a0:6f:8e:e8:29:55:51:b0:ae:d6:9b:81:c5:
         eb:7b:a6:86:cd:9b:a5:ce:99:da:43:67:ad:d0:08:40:fb:46:
         a7:ec:4e:e9:cd:4c:c9:5a:78:a0:95:70:a0:0c:62:60:ee:4e:
         a3:73:17:1f:d2:68:6f:b4:df:e8:0d:e4:ed:90:47:38:81:19:
         ea:c3:d1:ce:39:80:c8:03:a9:57:c9:ff:f8:d3:ba:f9:fe:fd:
         26:bc:58:a4:7c:3f:7a:e6:cf:a6:dc:67:65:ba:60:86:81:78:
         a5:de:72:96:84:f2:d0:58:b3:d3:3f:6c:2b:d7:d5:f1:af:13:
         c9:5e:fb:ee
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUA3A5fmfP8r4BBh2mcoQOsfF+MPUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODE1MDAwMDAwWhcNMjIwODE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTg4ODgzMWQ2NjYxNGQ2OGNmNjM0ZTYxMWM1MjcxYzAz
NjAxNmI2OTFiYTc1YWZlZTk4ZDg3MGEwMzI2OTg2NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALLlzrwW2vrNxzt2Mg3UsuM0R7VDhDrUiDxCg3wRQoZNyVv/O0PS
gahtdLLuIOSb8oZhUH7gzP3nTkpRYu28BPUnM+Xpv0azA8Rb6LyZb/Hrw/cMoFs0
bMplOuxZe6znqZ0JXbWzq5tX2UEfP7qoAVvnaVuLVuYsC79eOzRYHTeYYL0Itqvv
Af8j/q5+wyRNv6oANYnamzOJbHV5S8yjJ7KgPhrGFtcVLlJFWoc5UtnhvRZX2I/y
vJ1jaFmt8X7de9kdD7oVu++bkk2Y6Ppfbr3k7DEvqpA3FLrdTQhRmFTKYDT/TBSl
81i0NWdy25RkOEHDD+C7fFfo7/+HRbTAuHUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS9oelKk3sdqLXOPzwwRZrLhlfXXzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOWYzZDA5MWMtOGQ2OC00YTY4LTlkYTYtNWI0ZDg4YTJiYTkxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGA1HKoRqia3/MS1
q2OkNGB+uQY4lbfEae2j8pr1gsGrfQAL/B3oQfv1OX9goeWgODzbb63PZ8YsBgkW
WVoHv/YNc81SM92a0ni7n7AMKNx2oQY/jdxTPH6FEdiwt2zbz6YTPcXfj3VdLCkG
e4gNThTukmzQ2h7Z4miHirUXNkoiBYxcoG+O6ClVUbCu1puBxet7pobNm6XOmdpD
Z63QCED7RqfsTunNTMlaeKCVcKAMYmDuTqNzFx/SaG+03+gN5O2QRziBGerD0c45
gMgDqVfJ//jTuvn+/Sa8WKR8P3rmz6bcZ2W6YIaBeKXecpaE8tBYs9M/bCvX1fGv
E8le++4=
-----END CERTIFICATE-----