Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a467cc79-9502-4ef9-8c45-7abbecf43286.roa
File:                     a467cc79-9502-4ef9-8c45-7abbecf43286.roa (raw, json)
Hash identifier:          PhNER7FMinb9pt5/zqRNmmBLaUJy9Gn15/X+7VPScu0=
Subject key identifier:   03:E8:CF:F9:50:95:10:F4:07:F9:22:BD:D8:C2:19:69:0A:34:0D:92
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4C19C871117B9989C1AC40436F9836F67D481B2B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a467cc79-9502-4ef9-8c45-7abbecf43286.roa
Signing time:             Fri 23 Sep 2022 00:00:00 +0000
ROA not before:           Fri 23 Sep 2022 00:00:00 +0000
ROA not after:            Mon 26 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:19:c8:71:11:7b:99:89:c1:ac:40:43:6f:98:36:f6:7d:48:1b:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 23 00:00:00 2022 GMT
            Not After : Sep 26 23:59:59 2022 GMT
        Subject: serialNumber=0f52ffea4857baae855604f6a400eda196f956fa75163e5f5b24f310d2639643, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:9a:a7:e1:a5:60:8f:02:5c:5d:a0:7b:d3:04:
                    14:40:4c:2e:86:7b:8b:8c:f2:3d:f5:fa:e7:d7:ef:
                    a5:46:d7:6f:34:5d:d2:8b:04:7f:67:1d:4c:ad:92:
                    49:80:2d:8e:19:0a:5d:f2:8e:bb:94:d1:27:ca:66:
                    29:b7:30:52:46:08:13:9a:28:8b:10:13:6e:0c:d0:
                    98:b5:cc:99:da:38:10:67:9b:7a:2f:f4:28:3a:2d:
                    d2:90:c1:68:61:a0:6f:d3:fa:42:20:1b:d5:fb:b6:
                    7c:f5:9d:c3:94:ad:a8:d1:6e:a7:b2:6a:df:b4:74:
                    45:6d:75:9e:80:b3:75:eb:14:41:99:0e:d7:09:08:
                    21:86:d1:74:9c:6a:ca:d5:6e:1d:23:7c:23:74:8b:
                    4d:24:6b:12:9c:98:9e:c9:54:d5:83:88:51:a4:d8:
                    df:df:87:13:f1:0e:11:99:57:09:78:77:c3:12:16:
                    af:85:4c:80:5e:08:34:d0:88:fc:ab:4d:14:8e:69:
                    6a:ec:77:02:be:41:25:35:d9:70:3b:87:25:81:e0:
                    31:f6:92:29:38:f4:1e:58:78:16:98:11:68:4d:9c:
                    7e:28:75:3f:96:fa:04:f5:74:84:62:71:61:0a:2b:
                    d3:fc:1a:9d:8f:de:eb:48:86:dc:f3:0d:a0:ee:2a:
                    80:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E8:CF:F9:50:95:10:F4:07:F9:22:BD:D8:C2:19:69:0A:34:0D:92
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a467cc79-9502-4ef9-8c45-7abbecf43286.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:50:8b:8f:d0:b8:de:13:f9:40:1c:5d:2a:23:f5:a3:6e:6e:
         38:2f:88:bb:ef:d8:c3:5c:23:88:41:15:fe:56:40:85:50:dc:
         3f:5a:b5:8b:b8:e4:9f:cf:7f:a3:b9:ac:bc:2d:c9:c4:0e:8f:
         94:87:e7:c8:59:c3:87:6d:5c:82:03:69:43:15:bb:de:e9:59:
         a7:be:bf:c7:b9:2d:df:29:57:12:34:6e:7b:7d:3a:d0:a3:e0:
         d4:5c:12:c5:97:ee:e2:2c:e1:52:b2:f9:d9:1a:e5:1a:ce:f6:
         1f:a0:ca:86:85:5a:b5:68:62:74:22:08:a3:b4:6a:00:bb:1d:
         b1:07:3c:ea:7d:65:22:54:ae:c8:33:1d:57:f1:89:a6:65:55:
         c1:47:6c:3e:3d:54:be:99:b4:c6:1e:57:31:46:1e:f3:2c:4f:
         38:cc:64:ce:fd:d7:22:ec:82:84:28:b3:2e:ee:ed:ca:6d:70:
         be:e4:1a:d1:76:cf:7d:a7:d3:f9:69:e3:e2:93:ad:9a:45:fe:
         6f:9f:d1:b3:3f:ab:7f:dd:20:04:5d:71:ba:04:42:c5:70:c4:
         ed:4b:83:09:82:ef:df:52:c6:ff:e6:b3:f1:77:4e:bb:92:70:
         7d:cb:6b:ce:90:20:e0:f0:c6:c6:b3:16:5b:a6:8c:9d:b2:90:
         27:4a:e4:c2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTBnIcRF7mYnBrEBDb5g29n1IGyswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTIzMDAwMDAwWhcNMjIwOTI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGY1MmZmZWE0ODU3YmFhZTg1NTYwNGY2YTQwMGVkYTE5
NmY5NTZmYTc1MTYzZTVmNWIyNGYzMTBkMjYzOTY0MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN2ap+GlYI8CXF2ge9MEFEBMLoZ7i4zyPfX659fvpUbXbzRd0osE
f2cdTK2SSYAtjhkKXfKOu5TRJ8pmKbcwUkYIE5ooixATbgzQmLXMmdo4EGebei/0
KDot0pDBaGGgb9P6QiAb1fu2fPWdw5StqNFup7Jq37R0RW11noCzdesUQZkO1wkI
IYbRdJxqytVuHSN8I3SLTSRrEpyYnslU1YOIUaTY39+HE/EOEZlXCXh3wxIWr4VM
gF4INNCI/KtNFI5paux3Ar5BJTXZcDuHJYHgMfaSKTj0Hlh4FpgRaE2cfih1P5b6
BPV0hGJxYQor0/wanY/e60iG3PMNoO4qgFkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQD6M/5UJUQ9Af5Ir3YwhlpCjQNkjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTQ2N2NjNzktOTUwMi00ZWY5LThjNDUtN2FiYmVjZjQzMjg2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIdQi4/QuN4T+UAc
XSoj9aNubjgviLvv2MNcI4hBFf5WQIVQ3D9atYu45J/Pf6O5rLwtycQOj5SH58hZ
w4dtXIIDaUMVu97pWae+v8e5Ld8pVxI0bnt9OtCj4NRcEsWX7uIs4VKy+dka5RrO
9h+gyoaFWrVoYnQiCKO0agC7HbEHPOp9ZSJUrsgzHVfxiaZlVcFHbD49VL6ZtMYe
VzFGHvMsTzjMZM791yLsgoQosy7u7cptcL7kGtF2z32n0/lp4+KTrZpF/m+f0bM/
q3/dIARdcboEQsVwxO1LgwmC799Sxv/ms/F3TruScH3La86QIODwxsazFlumjJ2y
kCdK5MI=
-----END CERTIFICATE-----