Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b2755e5d-167e-40a6-8a29-44f57e5f9cd0.roa
File:                     b2755e5d-167e-40a6-8a29-44f57e5f9cd0.roa (raw, json)
Hash identifier:          ssVWN203kU4yMzfEPSW3nG+hyaAFqxnx7D2rwAIVpx4=
Subject key identifier:   30:99:8E:8A:DA:57:C4:CE:03:5B:35:DC:9D:BF:94:6C:F8:8E:12:AD
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0CBE269937FBDC57F8E99C0990F7A947D3782A48
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b2755e5d-167e-40a6-8a29-44f57e5f9cd0.roa
Signing time:             Fri 14 Oct 2022 00:00:00 +0000
ROA not before:           Fri 14 Oct 2022 00:00:00 +0000
ROA not after:            Mon 17 Oct 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:be:26:99:37:fb:dc:57:f8:e9:9c:09:90:f7:a9:47:d3:78:2a:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Oct 14 00:00:00 2022 GMT
            Not After : Oct 17 23:59:59 2022 GMT
        Subject: serialNumber=309a2709f6feb09d76bcc4f7f00fc40613078edc1dc569e12bf781456dd20a09, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:83:bf:b0:3e:f0:29:83:da:7b:1e:10:f5:de:
                    b4:1d:78:36:79:20:66:d2:4b:81:a7:b2:6b:57:a1:
                    ac:16:8b:20:fc:17:ff:8e:df:07:94:89:bf:74:24:
                    b6:52:48:b8:96:dd:ac:38:fd:7a:05:9c:a2:98:f1:
                    2a:a4:b0:6f:b3:2f:06:8e:7c:d7:d5:c9:94:47:02:
                    15:02:70:6d:5d:1b:a0:bb:cb:85:22:19:55:d3:0b:
                    07:e2:78:af:7f:98:b7:14:c5:b4:3d:b5:a3:32:da:
                    30:7d:e5:80:e7:57:55:a0:28:f9:db:3d:24:33:71:
                    48:e7:ed:3b:5f:ac:ab:dc:1c:94:3d:3f:5c:4c:9a:
                    ef:3c:21:8f:eb:39:f7:6e:5e:c9:7a:82:02:16:b9:
                    b8:e9:c2:45:f1:33:4e:c0:72:c1:5c:fb:96:ba:00:
                    54:b6:60:21:53:86:c3:0f:9f:9c:25:65:dd:97:f0:
                    84:67:50:d2:25:fa:a5:01:bb:fd:d9:0d:ac:fc:4e:
                    81:af:99:76:5b:02:9e:ae:d6:15:94:f5:7e:e2:04:
                    64:9e:54:8a:b6:de:81:cb:b9:73:11:35:95:23:7b:
                    26:d6:f5:65:9e:b1:e9:c6:66:3b:49:54:c2:09:88:
                    d2:12:1c:d5:23:39:3b:fb:e6:6a:26:a0:e9:64:39:
                    f4:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:99:8E:8A:DA:57:C4:CE:03:5B:35:DC:9D:BF:94:6C:F8:8E:12:AD
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b2755e5d-167e-40a6-8a29-44f57e5f9cd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:eb:76:51:87:2b:59:93:e8:e2:f2:15:aa:8e:02:f0:c2:cc:
         db:90:c3:c2:2f:d4:d9:95:08:13:df:bc:e3:86:69:5d:ef:01:
         50:b0:5e:39:0f:08:9f:25:3a:0a:18:5b:ed:09:52:7f:65:42:
         c4:c6:41:f9:94:e2:80:ec:63:6d:c6:9c:67:73:3c:d1:9a:e4:
         15:c0:6d:82:c9:56:ff:29:96:6c:16:29:90:c8:3a:de:39:f8:
         d8:7e:41:a6:05:ca:7d:ca:2e:fb:46:1d:54:0f:51:76:ad:b3:
         db:f9:dc:79:54:2b:c9:e1:3c:3e:3d:45:9c:f9:c2:98:2c:61:
         98:32:67:20:0c:9a:39:28:19:20:92:21:1e:07:dd:86:d1:96:
         b6:47:44:55:93:f8:4e:74:56:9c:ba:c8:78:56:31:5b:06:a9:
         d1:ae:8d:51:5c:f7:aa:6e:4d:46:f7:bb:eb:ba:75:be:24:f1:
         e8:08:eb:01:12:f0:ea:d6:ca:aa:57:26:2c:8f:7c:d1:48:2e:
         4f:8d:c3:fd:4d:be:49:f8:c9:8c:bb:d4:3a:00:77:90:a9:62:
         20:b9:d5:c5:be:e5:2c:c6:50:00:ba:79:8d:c5:6d:9c:e7:ea:
         e0:a2:ff:37:fe:16:a1:73:68:a2:c8:9c:a0:04:42:0b:79:2a:
         fc:dd:5b:fb
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDL4mmTf73Ff46ZwJkPepR9N4KkgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMDE0MDAwMDAwWhcNMjIxMDE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzA5YTI3MDlmNmZlYjA5ZDc2YmNjNGY3ZjAwZmM0MDYx
MzA3OGVkYzFkYzU2OWUxMmJmNzgxNDU2ZGQyMGEwOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALCDv7A+8CmD2nseEPXetB14NnkgZtJLgaeya1ehrBaLIPwX/47f
B5SJv3QktlJIuJbdrDj9egWcopjxKqSwb7MvBo5819XJlEcCFQJwbV0boLvLhSIZ
VdMLB+J4r3+YtxTFtD21ozLaMH3lgOdXVaAo+ds9JDNxSOftO1+sq9wclD0/XEya
7zwhj+s5925eyXqCAha5uOnCRfEzTsBywVz7lroAVLZgIVOGww+fnCVl3ZfwhGdQ
0iX6pQG7/dkNrPxOga+ZdlsCnq7WFZT1fuIEZJ5Uirbegcu5cxE1lSN7Jtb1ZZ6x
6cZmO0lUwgmI0hIc1SM5O/vmaiag6WQ59FECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQwmY6K2lfEzgNbNdydv5Rs+I4SrTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjI3NTVlNWQtMTY3ZS00MGE2LThhMjktNDRmNTdlNWY5Y2QwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAvrdlGHK1mT6OLy
FaqOAvDCzNuQw8Iv1NmVCBPfvOOGaV3vAVCwXjkPCJ8lOgoYW+0JUn9lQsTGQfmU
4oDsY23GnGdzPNGa5BXAbYLJVv8plmwWKZDIOt45+Nh+QaYFyn3KLvtGHVQPUXat
s9v53HlUK8nhPD49RZz5wpgsYZgyZyAMmjkoGSCSIR4H3YbRlrZHRFWT+E50Vpy6
yHhWMVsGqdGujVFc96puTUb3u+u6db4k8egI6wES8OrWyqpXJiyPfNFILk+Nw/1N
vkn4yYy71DoAd5CpYiC51cW+5SzGUAC6eY3FbZzn6uCi/zf+FqFzaKLInKAEQgt5
KvzdW/s=
-----END CERTIFICATE-----