Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4361fb3-3754-4151-a7ed-4f613c69efab.roa
File:                     a4361fb3-3754-4151-a7ed-4f613c69efab.roa (raw, json)
Hash identifier:          fo+a475jdiX0LECSyFMZ1O35CqZ2suMt3Ps3tAT5SLs=
Subject key identifier:   BF:59:4C:B2:4A:F4:A0:E3:04:A0:CE:70:D8:FC:A7:C4:8F:9A:C8:45
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0AD5505096F41635650FC602004E878A42298837
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4361fb3-3754-4151-a7ed-4f613c69efab.roa
Signing time:             Mon 04 Jul 2022 00:00:00 +0000
ROA not before:           Mon 04 Jul 2022 00:00:00 +0000
ROA not after:            Thu 07 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:d5:50:50:96:f4:16:35:65:0f:c6:02:00:4e:87:8a:42:29:88:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul  4 00:00:00 2022 GMT
            Not After : Jul  7 23:59:59 2022 GMT
        Subject: serialNumber=5c718e5421f631850698d74f629c789046b7a59f8bfb795c46ef650a5e0fc073, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a3:b4:be:d0:5d:ec:69:7d:cf:1f:27:94:b1:
                    49:b8:4a:d8:3c:cd:64:f1:08:1f:a3:64:ee:a1:23:
                    00:d9:aa:ce:fc:9a:e9:7b:4f:85:c0:93:a2:53:94:
                    8c:64:91:94:02:29:aa:97:ce:a0:98:d5:0d:4c:42:
                    bc:47:06:82:46:c2:52:75:da:03:c2:02:fa:67:31:
                    6a:53:79:ac:27:75:20:4d:b0:cb:d5:31:bb:26:05:
                    43:31:91:2e:92:03:98:58:d7:72:cf:04:b0:33:7a:
                    b2:60:32:2f:c1:37:da:63:60:90:a3:e3:d1:d2:ff:
                    66:ca:11:fc:e2:1a:91:d4:b5:c6:6a:2f:c6:f5:5e:
                    a7:3b:7e:67:76:68:33:c8:f4:1e:c7:74:a1:0d:56:
                    fa:82:9c:bc:ad:f6:92:da:e6:66:71:38:f3:8c:09:
                    88:60:5a:81:7f:bb:e8:06:0d:40:e4:44:70:38:ea:
                    c9:11:88:e3:91:76:0d:1f:4e:f2:3c:83:0b:52:1a:
                    67:db:af:1e:e2:2f:71:5f:0b:c0:2e:d6:09:ae:59:
                    d0:23:d2:b0:c9:41:aa:0c:fb:a3:4d:00:67:20:06:
                    5c:76:9d:4e:e3:8d:48:f9:59:35:cb:e4:00:4e:bb:
                    aa:fb:45:27:0f:17:26:5d:00:2d:30:ee:68:81:82:
                    ef:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:59:4C:B2:4A:F4:A0:E3:04:A0:CE:70:D8:FC:A7:C4:8F:9A:C8:45
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4361fb3-3754-4151-a7ed-4f613c69efab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:f0:21:d5:e6:0d:d0:d2:f2:05:52:f3:b9:63:ae:b8:58:ef:
         ed:7e:c8:5a:46:21:41:f0:89:e4:c3:aa:b2:f8:7d:71:03:b3:
         62:73:78:7a:c3:61:95:16:1a:04:4e:20:58:ba:0d:1d:31:c7:
         c3:b9:c6:30:c7:73:d1:be:e3:ab:a7:08:5c:ae:c7:ba:23:9f:
         ee:ef:9d:76:fb:e3:77:40:71:c8:90:e5:11:e4:bc:dc:db:73:
         33:97:94:3b:38:fc:dd:13:62:d5:c1:49:66:af:33:21:4a:08:
         5c:e7:d1:2c:26:b0:20:63:84:b6:e3:d9:a4:bc:bb:fb:46:44:
         48:2c:cf:2e:8f:e4:d3:d6:02:bb:f0:37:2a:98:0d:ad:03:5d:
         4e:94:82:1f:d4:51:9f:b9:13:14:8f:11:0b:ae:22:f7:5b:ec:
         2e:8c:ee:bc:02:a2:d3:2e:18:90:f5:2f:18:45:66:5b:6c:1d:
         df:5a:61:b7:e2:e7:59:65:92:5b:62:74:49:ee:86:6e:c4:21:
         cb:e6:19:99:e5:48:04:94:7f:f6:45:fb:51:5b:ca:a0:95:2b:
         04:29:e3:f7:f9:38:b0:a2:01:5a:e2:dd:f7:87:0b:85:ac:b2:
         70:f0:26:85:1a:72:69:89:e4:75:b3:39:65:f6:1e:6a:9d:e4:
         39:b6:ed:cb
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCtVQUJb0FjVlD8YCAE6HikIpiDcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzA0MDAwMDAwWhcNMjIwNzA3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANWM3MThlNTQyMWY2MzE4NTA2OThkNzRmNjI5Yzc4OTA0
NmI3YTU5ZjhiZmI3OTVjNDZlZjY1MGE1ZTBmYzA3MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKajtL7QXexpfc8fJ5SxSbhK2DzNZPEIH6Nk7qEjANmqzvya6XtP
hcCTolOUjGSRlAIpqpfOoJjVDUxCvEcGgkbCUnXaA8IC+mcxalN5rCd1IE2wy9Ux
uyYFQzGRLpIDmFjXcs8EsDN6smAyL8E32mNgkKPj0dL/ZsoR/OIakdS1xmovxvVe
pzt+Z3ZoM8j0Hsd0oQ1W+oKcvK32ktrmZnE484wJiGBagX+76AYNQOREcDjqyRGI
45F2DR9O8jyDC1IaZ9uvHuIvcV8LwC7WCa5Z0CPSsMlBqgz7o00AZyAGXHadTuON
SPlZNcvkAE67qvtFJw8XJl0ALTDuaIGC7zsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS/WUyySvSg4wSgznDY/KfEj5rIRTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTQzNjFmYjMtMzc1NC00MTUxLWE3ZWQtNGY2MTNjNjllZmFiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACjwIdXmDdDS8gVS
87ljrrhY7+1+yFpGIUHwieTDqrL4fXEDs2JzeHrDYZUWGgROIFi6DR0xx8O5xjDH
c9G+46unCFyux7ojn+7vnXb743dAcciQ5RHkvNzbczOXlDs4/N0TYtXBSWavMyFK
CFzn0SwmsCBjhLbj2aS8u/tGREgszy6P5NPWArvwNyqYDa0DXU6Ugh/UUZ+5ExSP
EQuuIvdb7C6M7rwCotMuGJD1LxhFZltsHd9aYbfi51llkltidEnuhm7EIcvmGZnl
SASUf/ZF+1FbyqCVKwQp4/f5OLCiAVri3feHC4WssnDwJoUacmmJ5HWzOWX2Hmqd
5Dm27cs=
-----END CERTIFICATE-----