Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/afa3545a-c1e4-49d3-930a-dfe2abc83732.roa
File:                     afa3545a-c1e4-49d3-930a-dfe2abc83732.roa (raw, json)
Hash identifier:          mxBPM3YuuVa0EXugfNdjHac/C3hpoT/xw3FxOW8kccs=
Subject key identifier:   EE:08:6B:92:B0:6B:3F:60:A4:98:72:16:05:01:83:51:6E:44:A3:E4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6BE61674B7FA2AED3626736504544617BBADE48D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/afa3545a-c1e4-49d3-930a-dfe2abc83732.roa
Signing time:             Tue 13 Sep 2022 00:00:00 +0000
ROA not before:           Tue 13 Sep 2022 00:00:00 +0000
ROA not after:            Fri 16 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:e6:16:74:b7:fa:2a:ed:36:26:73:65:04:54:46:17:bb:ad:e4:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 13 00:00:00 2022 GMT
            Not After : Sep 16 23:59:59 2022 GMT
        Subject: serialNumber=9f0fef821831f8a6a5481981b40491692cb3b3ccecd1047a2ef4012343ee8c61, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:17:1a:54:ea:ce:24:0f:5e:31:22:0c:de:5b:
                    3e:7e:9f:49:52:c6:cc:5d:c9:76:ef:ee:0a:65:87:
                    ba:5e:b4:8d:8b:46:da:22:4c:23:ac:ab:7a:f8:0b:
                    63:b3:a6:98:01:af:a3:20:8d:21:64:0a:17:71:c5:
                    ca:15:99:c3:94:c1:87:9f:ca:7d:41:82:75:ca:01:
                    7a:1d:41:df:6e:d6:f8:15:d6:d1:76:a7:4e:d2:07:
                    1c:0f:8e:44:ee:76:67:ca:e4:a0:40:a2:d6:23:dd:
                    a6:02:5a:88:c6:b2:d6:31:ec:42:d7:ae:a9:37:c7:
                    80:ff:08:33:82:f9:74:3e:81:5f:21:82:b8:df:ab:
                    2c:67:cb:fb:ae:d6:6a:41:83:b2:03:cc:2c:35:5d:
                    b2:53:a9:0b:7d:3a:ea:a6:d9:40:bd:05:dd:dc:7c:
                    d2:e1:af:df:1b:de:0b:c2:11:96:ba:ee:4f:8e:0e:
                    aa:9d:08:65:38:04:91:12:f9:1f:0a:d6:ed:fe:04:
                    e1:97:63:0e:df:ca:25:29:bc:da:fe:82:e4:9a:11:
                    9b:9c:2e:b9:d1:69:b9:ef:ac:55:6b:4e:49:85:25:
                    3d:c2:2e:c0:5e:6a:cc:f3:6c:b5:93:c7:e7:24:75:
                    7e:12:a8:bc:dd:12:bc:ba:80:3c:66:4b:60:23:59:
                    d0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:08:6B:92:B0:6B:3F:60:A4:98:72:16:05:01:83:51:6E:44:A3:E4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/afa3545a-c1e4-49d3-930a-dfe2abc83732.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:a2:6c:9f:12:0e:d1:0e:0e:21:e7:24:bb:e4:b6:fa:e6:cc:
         50:a8:4c:18:0a:ac:4a:44:5b:f1:f5:31:b7:10:d1:e9:39:d8:
         82:40:6e:fd:29:38:09:3b:a7:0f:c3:a5:b9:83:69:a2:1c:cd:
         03:db:48:b7:81:03:0d:62:20:20:34:88:a7:3f:4c:46:37:b6:
         f9:42:fe:99:0b:d1:dd:c5:ef:4c:aa:97:5d:7c:9e:72:e6:33:
         db:96:43:12:64:46:33:30:6b:04:1d:ed:b1:d2:1f:60:43:ae:
         a7:87:1c:73:ef:77:04:fc:4f:51:b9:ec:88:2f:74:24:43:c1:
         a3:2d:ef:a4:be:de:de:2f:44:59:c6:b4:52:b8:33:db:9f:8b:
         1b:c0:6c:3e:18:93:94:67:37:e3:00:09:aa:e7:b7:93:31:1c:
         a4:66:9f:be:bc:70:28:e5:86:c5:2a:3c:51:d7:9b:41:1d:d5:
         75:66:19:c6:bb:4c:0e:b5:fd:8b:49:44:87:be:0a:d7:d0:7d:
         43:c1:ef:c5:7a:bf:d4:c5:69:c4:a6:11:e3:97:69:d6:5c:a4:
         7f:0e:af:b5:ec:b7:a9:84:4f:6f:d5:81:ff:b8:30:6f:c4:0c:
         9d:14:02:a2:3d:e9:35:cd:c3:34:65:6d:0a:77:33:9b:76:6a:
         80:f7:a2:14
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUa+YWdLf6Ku02JnNlBFRGF7ut5I0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTEzMDAwMDAwWhcNMjIwOTE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOWYwZmVmODIxODMxZjhhNmE1NDgxOTgxYjQwNDkxNjky
Y2IzYjNjY2VjZDEwNDdhMmVmNDAxMjM0M2VlOGM2MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKoXGlTqziQPXjEiDN5bPn6fSVLGzF3Jdu/uCmWHul60jYtG2iJM
I6yrevgLY7OmmAGvoyCNIWQKF3HFyhWZw5TBh5/KfUGCdcoBeh1B327W+BXW0Xan
TtIHHA+ORO52Z8rkoECi1iPdpgJaiMay1jHsQteuqTfHgP8IM4L5dD6BXyGCuN+r
LGfL+67WakGDsgPMLDVdslOpC3066qbZQL0F3dx80uGv3xveC8IRlrruT44Oqp0I
ZTgEkRL5HwrW7f4E4ZdjDt/KJSm82v6C5JoRm5wuudFpue+sVWtOSYUlPcIuwF5q
zPNstZPH5yR1fhKovN0SvLqAPGZLYCNZ0J0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTuCGuSsGs/YKSYchYFAYNRbkSj5DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWZhMzU0NWEtYzFlNC00OWQzLTkzMGEtZGZlMmFiYzgzNzMyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFyibJ8SDtEODiHn
JLvktvrmzFCoTBgKrEpEW/H1MbcQ0ek52IJAbv0pOAk7pw/DpbmDaaIczQPbSLeB
Aw1iICA0iKc/TEY3tvlC/pkL0d3F70yql118nnLmM9uWQxJkRjMwawQd7bHSH2BD
rqeHHHPvdwT8T1G57IgvdCRDwaMt76S+3t4vRFnGtFK4M9ufixvAbD4Yk5RnN+MA
Carnt5MxHKRmn768cCjlhsUqPFHXm0Ed1XVmGca7TA61/YtJRIe+CtfQfUPB78V6
v9TFacSmEeOXadZcpH8Or7Xst6mET2/Vgf+4MG/EDJ0UAqI96TXNwzRlbQp3M5t2
aoD3ohQ=
-----END CERTIFICATE-----