Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ae37d9d5-1fe2-4fb3-a93c-ccf8483c0af3.roa
File:                     ae37d9d5-1fe2-4fb3-a93c-ccf8483c0af3.roa (raw, json)
Hash identifier:          il2kHdToNccNV14BU2mihGQvZzYscNw5ytqBq7++ApE=
Subject key identifier:   7B:C4:D8:3C:E2:91:65:93:05:2B:DB:F2:60:B1:CB:3D:7A:F8:CE:D4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       253EA4F1AF75E182FEF417BB59C9E639F05752CC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ae37d9d5-1fe2-4fb3-a93c-ccf8483c0af3.roa
Signing time:             Tue 27 Dec 2022 00:00:00 +0000
ROA not before:           Tue 27 Dec 2022 00:00:00 +0000
ROA not after:            Fri 30 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:3e:a4:f1:af:75:e1:82:fe:f4:17:bb:59:c9:e6:39:f0:57:52:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 27 00:00:00 2022 GMT
            Not After : Dec 30 23:59:59 2022 GMT
        Subject: serialNumber=f663b29ee1f704408738ad0ed5a904f4d54cce8753a2d954afa7f2a458115aba, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7c:e9:17:91:ca:f7:f3:69:38:bf:8b:f1:ba:
                    bc:ca:f3:e9:26:f9:ef:3c:b5:90:35:72:75:a9:e2:
                    29:02:f2:1c:b2:ff:ba:0a:8f:e8:34:8c:19:31:7a:
                    93:ec:5c:92:da:55:6e:0b:12:a6:43:d4:f0:ff:e7:
                    6d:f7:44:4c:82:08:63:3b:29:0b:bd:f7:a8:00:3d:
                    89:88:77:40:da:ba:18:14:d4:45:a4:f6:a4:07:d2:
                    e2:c4:50:4b:61:4e:73:26:9c:cd:32:9b:8f:53:d6:
                    fb:84:41:48:c4:96:63:a9:b3:cf:7b:0e:d6:61:d8:
                    35:65:d5:bd:e4:3b:be:fa:49:7c:7b:9c:54:48:f2:
                    15:f6:94:84:9e:27:82:67:88:c8:73:be:a7:f4:11:
                    44:b2:16:29:0e:5a:8f:f8:0c:e7:5b:dd:23:cc:54:
                    f6:3e:56:85:7a:18:73:8f:29:e4:e6:11:18:2f:db:
                    a2:2b:82:b5:4d:98:18:6f:70:d4:a7:60:db:6c:9d:
                    b4:fc:8f:bd:ae:18:78:16:4b:68:61:4a:7b:bb:6f:
                    a1:37:4d:62:b7:7b:6b:df:8b:1a:70:0d:fa:bf:3e:
                    85:06:5e:ce:b4:6a:a7:ec:f4:19:c7:a0:22:fb:47:
                    f5:7f:e6:31:ce:06:3d:25:5e:80:b0:e5:16:82:41:
                    7c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:C4:D8:3C:E2:91:65:93:05:2B:DB:F2:60:B1:CB:3D:7A:F8:CE:D4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ae37d9d5-1fe2-4fb3-a93c-ccf8483c0af3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:25:f7:85:9a:d2:66:e0:5e:97:58:d4:9a:1b:73:8f:f6:fd:
         cb:7e:d4:bf:91:96:12:6f:c6:aa:f8:c6:cf:f6:ba:71:5a:93:
         60:3d:61:fa:cc:33:57:6d:a3:1a:90:7e:69:a0:e8:c8:99:55:
         e4:47:e7:72:e8:44:d8:26:ba:49:30:b0:12:c5:4a:cd:aa:e3:
         c7:a2:e1:eb:6a:bf:43:76:0f:a6:f8:37:2c:97:7c:95:e6:cd:
         33:7d:ab:b2:a5:d5:aa:d0:ba:0f:37:08:01:e3:4c:e2:bd:0c:
         cc:e1:20:39:86:a4:0c:db:e4:34:18:00:fd:3d:49:1e:3b:76:
         a6:03:92:08:da:ee:4a:99:63:79:ab:12:a7:20:6f:e9:ac:93:
         52:83:1a:3e:cf:14:02:67:08:13:71:ac:bc:b8:f9:df:43:63:
         7d:84:af:77:cf:1d:83:43:f3:91:75:4c:09:85:2c:34:35:e2:
         e7:bf:41:ef:c0:08:cc:79:fa:e5:c4:36:23:5f:14:df:99:fb:
         78:45:ec:30:37:b4:ea:1d:5e:bb:6b:c4:59:6a:cb:1e:88:8e:
         cd:7a:52:53:28:5c:87:f3:cf:ee:76:9f:fa:78:35:3b:26:78:
         87:36:31:23:42:67:49:25:cb:ec:58:85:e7:25:1c:d4:6e:7f:
         73:c6:8c:b1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJT6k8a914YL+9Be7WcnmOfBXUswwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI3MDAwMDAwWhcNMjIxMjMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjY2M2IyOWVlMWY3MDQ0MDg3MzhhZDBlZDVhOTA0ZjRk
NTRjY2U4NzUzYTJkOTU0YWZhN2YyYTQ1ODExNWFiYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJR86ReRyvfzaTi/i/G6vMrz6Sb57zy1kDVydaniKQLyHLL/ugqP
6DSMGTF6k+xcktpVbgsSpkPU8P/nbfdETIIIYzspC733qAA9iYh3QNq6GBTURaT2
pAfS4sRQS2FOcyaczTKbj1PW+4RBSMSWY6mzz3sO1mHYNWXVveQ7vvpJfHucVEjy
FfaUhJ4ngmeIyHO+p/QRRLIWKQ5aj/gM51vdI8xU9j5WhXoYc48p5OYRGC/boiuC
tU2YGG9w1Kdg22ydtPyPva4YeBZLaGFKe7tvoTdNYrd7a9+LGnAN+r8+hQZezrRq
p+z0GcegIvtH9X/mMc4GPSVegLDlFoJBfM8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR7xNg84pFlkwUr2/Jgscs9evjO1DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWUzN2Q5ZDUtMWZlMi00ZmIzLWE5M2MtY2NmODQ4M2MwYWYzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFol94Wa0mbgXpdY
1Jobc4/2/ct+1L+RlhJvxqr4xs/2unFak2A9YfrMM1dtoxqQfmmg6MiZVeRH53Lo
RNgmukkwsBLFSs2q48ei4etqv0N2D6b4NyyXfJXmzTN9q7Kl1arQug83CAHjTOK9
DMzhIDmGpAzb5DQYAP09SR47dqYDkgja7kqZY3mrEqcgb+msk1KDGj7PFAJnCBNx
rLy4+d9DY32Er3fPHYND85F1TAmFLDQ14ue/Qe/ACMx5+uXENiNfFN+Z+3hF7DA3
tOodXrtrxFlqyx6Ijs16UlMoXIfzz+52n/p4NTsmeIc2MSNCZ0kly+xYheclHNRu
f3PGjLE=
-----END CERTIFICATE-----