Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b4b37273-1ad4-48a8-adc4-49bdf4db4808.roa
File:                     b4b37273-1ad4-48a8-adc4-49bdf4db4808.roa (raw, json)
Hash identifier:          ah1s5NfEOf5TWnil0kPNSEIPsBZBss0ZzoDgG/vlMqA=
Subject key identifier:   9C:CD:77:A4:6C:C0:11:DC:67:67:6C:8B:B8:62:A5:74:D0:20:D2:E1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       35EF2961484312CA284E7D070C127410DFB58F4D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b4b37273-1ad4-48a8-adc4-49bdf4db4808.roa
Signing time:             Tue 13 Dec 2022 00:00:00 +0000
ROA not before:           Tue 13 Dec 2022 00:00:00 +0000
ROA not after:            Fri 16 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:ef:29:61:48:43:12:ca:28:4e:7d:07:0c:12:74:10:df:b5:8f:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 13 00:00:00 2022 GMT
            Not After : Dec 16 23:59:59 2022 GMT
        Subject: serialNumber=a373632efe4c80bba2d9591bf11a240154576c3b767c9291b400857d8d29f91f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:86:d4:96:d1:68:4b:57:fc:b3:64:eb:bc:bb:
                    89:b8:32:99:23:f6:dc:f4:d3:13:29:b8:3d:77:35:
                    9f:ac:4f:dc:63:28:c4:ea:3a:8e:7e:fb:c0:f3:e3:
                    3e:3d:ea:b6:5a:4a:74:6f:21:d9:6b:ab:fc:0a:57:
                    51:39:d7:9e:1e:fe:d3:e8:bf:d2:8c:70:99:df:fc:
                    af:c8:2a:b5:fc:f8:b7:b4:61:61:62:8b:2a:d1:4a:
                    0a:40:a9:a8:77:0f:bb:3f:b8:2b:2c:40:e9:01:98:
                    bb:3d:77:8b:a6:4d:00:95:9a:10:70:d1:9c:8b:0b:
                    3e:cf:41:28:8a:94:0a:23:6e:71:9a:c4:e9:16:ce:
                    9a:1f:7d:23:10:b9:a1:51:30:47:6e:6f:5e:1c:79:
                    df:41:49:0d:e2:4b:62:5e:98:40:c3:77:91:ee:00:
                    f6:1f:7d:cd:b4:f8:7f:1e:37:54:d7:21:61:28:6d:
                    23:dc:7b:34:05:77:5b:89:5b:b4:45:79:6b:5e:c7:
                    72:73:b0:49:2f:50:a5:2c:58:93:9c:34:cf:91:2c:
                    e0:14:08:a6:f2:c1:fe:16:13:22:0f:9f:30:59:60:
                    9b:cb:8b:f3:8b:7b:df:4c:22:83:89:4e:97:28:71:
                    6b:bb:d5:15:cc:5a:69:f9:31:3b:d5:a2:22:ab:98:
                    ad:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:CD:77:A4:6C:C0:11:DC:67:67:6C:8B:B8:62:A5:74:D0:20:D2:E1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b4b37273-1ad4-48a8-adc4-49bdf4db4808.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:d4:fb:f6:29:f5:3f:4e:d1:c3:c1:6e:07:18:38:7c:31:8e:
         f0:c2:ba:50:1d:27:aa:e6:85:12:fc:e1:fc:30:ec:43:96:b1:
         1f:af:c1:a8:3b:bf:ff:4b:52:6a:0e:9e:85:61:5c:0e:98:2d:
         6e:12:39:1e:00:9d:96:e6:63:aa:03:32:f0:45:27:e5:84:aa:
         d3:9e:44:67:af:a2:e5:1a:47:cf:0f:71:9b:07:0a:a4:63:93:
         cd:53:72:74:71:9e:1b:ff:ef:ca:07:ea:09:ff:14:f9:2d:2f:
         23:a5:78:97:5b:07:00:66:ad:74:c3:ee:99:5f:97:c7:74:23:
         5a:12:a4:72:7e:23:df:3c:0a:7b:fa:16:6b:c6:29:4f:87:ce:
         e7:30:7d:0b:66:cc:dc:94:c8:48:15:0c:04:e4:72:51:1c:ab:
         f4:ff:1a:59:58:e1:75:8b:f2:1e:77:77:7e:d1:74:83:c5:57:
         5e:68:35:1e:f7:5d:02:2e:a9:a6:01:83:61:d8:4e:bc:23:e1:
         be:77:cb:f6:8f:a9:44:c8:c0:b1:d7:1c:5f:a9:bf:a2:62:36:
         a8:a3:0c:46:04:5e:26:14:41:88:43:2d:d0:ef:ac:e0:b6:4e:
         13:22:59:be:35:9f:28:97:dd:95:c0:f3:9c:1e:1b:e6:3d:b2:
         38:f0:17:61
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNe8pYUhDEsooTn0HDBJ0EN+1j00wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjEzMDAwMDAwWhcNMjIxMjE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTM3MzYzMmVmZTRjODBiYmEyZDk1OTFiZjExYTI0MDE1
NDU3NmMzYjc2N2M5MjkxYjQwMDg1N2Q4ZDI5ZjkxZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANqG1JbRaEtX/LNk67y7ibgymSP23PTTEym4PXc1n6xP3GMoxOo6
jn77wPPjPj3qtlpKdG8h2Wur/ApXUTnXnh7+0+i/0oxwmd/8r8gqtfz4t7RhYWKL
KtFKCkCpqHcPuz+4KyxA6QGYuz13i6ZNAJWaEHDRnIsLPs9BKIqUCiNucZrE6RbO
mh99IxC5oVEwR25vXhx530FJDeJLYl6YQMN3ke4A9h99zbT4fx43VNchYShtI9x7
NAV3W4lbtEV5a17HcnOwSS9QpSxYk5w0z5Es4BQIpvLB/hYTIg+fMFlgm8uL84t7
30wig4lOlyhxa7vVFcxaafkxO9WiIquYrTcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSczXekbMAR3GdnbIu4YqV00CDS4TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjRiMzcyNzMtMWFkNC00OGE4LWFkYzQtNDliZGY0ZGI0ODA4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACvU+/Yp9T9O0cPB
bgcYOHwxjvDCulAdJ6rmhRL84fww7EOWsR+vwag7v/9LUmoOnoVhXA6YLW4SOR4A
nZbmY6oDMvBFJ+WEqtOeRGevouUaR88PcZsHCqRjk81TcnRxnhv/78oH6gn/FPkt
LyOleJdbBwBmrXTD7plfl8d0I1oSpHJ+I988Cnv6FmvGKU+HzucwfQtmzNyUyEgV
DATkclEcq/T/GllY4XWL8h53d37RdIPFV15oNR73XQIuqaYBg2HYTrwj4b53y/aP
qUTIwLHXHF+pv6JiNqijDEYEXiYUQYhDLdDvrOC2ThMiWb41nyiX3ZXA85weG+Y9
sjjwF2E=
-----END CERTIFICATE-----