Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/afa3d29a-0fd5-4774-9e33-f043a82afd18.roa
File:                     afa3d29a-0fd5-4774-9e33-f043a82afd18.roa (raw, json)
Hash identifier:          vMub5SmSSjMbEGRXEYSDTNjqH8DZ9v+oHhRVyPtAN10=
Subject key identifier:   4F:7C:A4:1C:B2:E0:D4:2E:D0:28:6D:37:76:4D:1B:E7:93:8F:58:2A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       63AD575825613021FD2405DE9ED8F09866F97B7E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/afa3d29a-0fd5-4774-9e33-f043a82afd18.roa
Signing time:             Thu 12 Jan 2023 00:00:00 +0000
ROA not before:           Thu 12 Jan 2023 00:00:00 +0000
ROA not after:            Sun 15 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:ad:57:58:25:61:30:21:fd:24:05:de:9e:d8:f0:98:66:f9:7b:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 12 00:00:00 2023 GMT
            Not After : Jan 15 23:59:59 2023 GMT
        Subject: serialNumber=c8b4b395abbfae44254da941130ba0ede39776e34229ec81d6623d42e039ee1b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:2c:4e:5e:dd:ff:c2:61:be:83:cb:6e:e4:e8:
                    cf:34:0b:2c:04:0e:07:cf:dd:6c:dd:5c:c1:3f:69:
                    08:fe:5d:9d:dd:d3:c4:2e:d8:df:b9:ec:b4:61:e6:
                    86:ad:9e:ce:ad:d4:cb:3f:39:31:fd:6e:c7:c6:7b:
                    ee:8d:27:de:ce:48:70:d0:7b:2d:58:54:56:b9:a8:
                    2a:ab:24:32:26:24:36:59:c8:a3:c2:55:8a:be:00:
                    b0:f3:d8:c5:d6:a3:5b:11:9f:69:f5:98:1f:ee:7e:
                    f8:86:77:4d:b5:30:30:aa:6f:17:ba:c0:82:6b:74:
                    40:76:59:11:aa:c4:48:6e:25:94:51:93:fb:70:06:
                    a1:93:87:f8:fc:de:08:ae:6e:35:39:f4:3b:34:23:
                    a3:62:74:50:a8:17:8a:e1:03:74:99:08:87:43:e1:
                    51:56:dc:4c:32:30:3e:93:c3:85:bd:85:9e:4c:0b:
                    38:91:91:d2:a8:9f:ec:d2:c0:fb:3d:0a:9d:6d:35:
                    d4:ee:cb:cc:5f:a0:25:5c:9c:df:44:1e:0d:55:c5:
                    09:70:55:8a:05:17:a9:90:39:67:27:ad:2b:ad:95:
                    12:e3:ff:19:5e:4b:97:3a:57:1a:f6:f8:5e:28:d0:
                    21:66:61:8d:51:c7:0e:c1:11:13:cd:8b:ae:42:06:
                    58:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:7C:A4:1C:B2:E0:D4:2E:D0:28:6D:37:76:4D:1B:E7:93:8F:58:2A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/afa3d29a-0fd5-4774-9e33-f043a82afd18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:5b:98:91:a1:48:d4:6e:c1:95:d7:5d:52:d2:4a:8b:cc:71:
         39:af:ce:a1:0d:ec:17:69:76:0e:2e:2a:23:8b:b2:01:9b:38:
         07:12:57:56:0d:25:af:93:95:96:8f:20:48:eb:e3:1d:7d:fa:
         20:b4:3f:de:84:0a:99:cc:e8:99:c3:12:86:ff:97:21:d0:fc:
         5f:ea:ba:45:a6:0e:6f:c4:d7:03:b8:25:5e:cd:78:9a:3f:d5:
         6c:75:82:00:d7:f6:b8:6c:a0:19:ca:93:bb:00:5e:91:02:b7:
         58:a0:ed:8a:bd:a5:f9:32:6c:ed:dc:1a:08:4a:d9:e4:fa:e0:
         ab:c6:f1:a0:e0:bb:90:52:b6:f5:3e:63:48:1a:80:2f:99:54:
         69:47:8a:61:ae:ad:6a:70:55:65:94:9f:9b:0f:9d:c3:1d:84:
         c6:df:fe:6d:df:b0:2f:ed:e0:67:f7:92:e2:de:5a:d3:33:2b:
         bc:bc:5a:bf:2f:a0:11:04:8f:47:d7:eb:57:77:7a:b5:88:04:
         2e:33:91:b0:a2:b4:a7:7f:79:2b:59:8f:1f:d3:9b:fb:e0:3d:
         c7:52:fd:3e:7f:dc:70:69:1c:fe:ac:a8:49:7a:48:e7:53:f9:
         dd:ad:c5:6c:59:32:26:4b:51:5d:31:a4:d8:86:66:b6:60:0a:
         fe:75:10:6c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUY61XWCVhMCH9JAXentjwmGb5e34wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTEyMDAwMDAwWhcNMjMwMTE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzhiNGIzOTVhYmJmYWU0NDI1NGRhOTQxMTMwYmEwZWRl
Mzk3NzZlMzQyMjllYzgxZDY2MjNkNDJlMDM5ZWUxYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPQsTl7d/8JhvoPLbuTozzQLLAQOB8/dbN1cwT9pCP5dnd3TxC7Y
37nstGHmhq2ezq3Uyz85Mf1ux8Z77o0n3s5IcNB7LVhUVrmoKqskMiYkNlnIo8JV
ir4AsPPYxdajWxGfafWYH+5++IZ3TbUwMKpvF7rAgmt0QHZZEarESG4llFGT+3AG
oZOH+PzeCK5uNTn0OzQjo2J0UKgXiuEDdJkIh0PhUVbcTDIwPpPDhb2FnkwLOJGR
0qif7NLA+z0KnW011O7LzF+gJVyc30QeDVXFCXBVigUXqZA5ZyetK62VEuP/GV5L
lzpXGvb4XijQIWZhjVHHDsERE82LrkIGWOkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRPfKQcsuDULtAobTd2TRvnk49YKjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWZhM2QyOWEtMGZkNS00Nzc0LTllMzMtZjA0M2E4MmFmZDE4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFdbmJGhSNRuwZXX
XVLSSovMcTmvzqEN7Bdpdg4uKiOLsgGbOAcSV1YNJa+TlZaPIEjr4x19+iC0P96E
CpnM6JnDEob/lyHQ/F/qukWmDm/E1wO4JV7NeJo/1Wx1ggDX9rhsoBnKk7sAXpEC
t1ig7Yq9pfkybO3cGghK2eT64KvG8aDgu5BStvU+Y0gagC+ZVGlHimGurWpwVWWU
n5sPncMdhMbf/m3fsC/t4Gf3kuLeWtMzK7y8Wr8voBEEj0fX61d3erWIBC4zkbCi
tKd/eStZjx/Tm/vgPcdS/T5/3HBpHP6sqEl6SOdT+d2txWxZMiZLUV0xpNiGZrZg
Cv51EGw=
-----END CERTIFICATE-----