Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b6436750-dd13-4827-92c2-57107be5329d.roa
File:                     b6436750-dd13-4827-92c2-57107be5329d.roa (raw, json)
Hash identifier:          98rkboV0NtYawhmrqaGQDHVyJo5PeFaaOpNMfm8prUI=
Subject key identifier:   F0:9E:56:26:71:1D:0B:81:D5:3B:18:A0:3A:D1:E4:34:2D:C1:DE:EC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5BCEAC9A30C912EBC8A8DF2CFCBCDA3852907938
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b6436750-dd13-4827-92c2-57107be5329d.roa
Signing time:             Sat 08 Oct 2022 00:00:00 +0000
ROA not before:           Sat 08 Oct 2022 00:00:00 +0000
ROA not after:            Tue 11 Oct 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:ce:ac:9a:30:c9:12:eb:c8:a8:df:2c:fc:bc:da:38:52:90:79:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Oct  8 00:00:00 2022 GMT
            Not After : Oct 11 23:59:59 2022 GMT
        Subject: serialNumber=2db4fbaa5f75608f70b1cb0e724569d19f9d1e057d6b1aeed14a2ceb45d19477, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:31:dd:3a:49:6d:a3:2c:b9:7a:37:9f:d6:aa:
                    00:ce:02:c4:a8:da:6b:db:b2:7b:98:42:ba:2b:11:
                    cb:75:a2:82:11:cd:30:e3:a9:48:11:c6:10:7a:0c:
                    82:18:f3:da:81:52:50:d6:4e:db:25:2f:70:a7:28:
                    35:e0:64:ce:7b:88:f4:91:cc:44:b1:91:a4:3f:a0:
                    9f:24:e8:7f:f1:9d:6a:47:ee:fb:cb:8b:9d:fb:bf:
                    5c:fe:48:97:33:14:dc:9f:cb:4a:2f:be:42:dd:a9:
                    70:15:98:80:89:46:bd:7c:a4:01:98:68:45:ac:99:
                    13:8b:5c:e5:29:21:1b:a9:6a:44:f4:ba:a2:55:50:
                    ad:05:05:9d:a5:84:c4:56:32:cc:a3:24:6d:39:11:
                    8a:7d:09:32:05:65:2b:04:a0:6a:36:29:83:00:8b:
                    93:6f:d6:c7:cc:95:30:ad:94:c9:77:47:19:02:b0:
                    c6:6b:32:f5:05:a8:54:7e:bf:b5:a2:6c:12:18:af:
                    a3:0c:0b:1c:5f:ca:21:df:05:39:94:7c:7d:41:79:
                    84:44:ca:13:e2:13:e8:cc:b0:ad:71:ac:ea:2e:f2:
                    59:5e:9c:09:65:be:c8:ea:10:e2:d3:ab:63:1f:d8:
                    69:14:6a:a6:dc:f0:57:2f:bf:eb:c8:a6:ea:02:56:
                    f2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:9E:56:26:71:1D:0B:81:D5:3B:18:A0:3A:D1:E4:34:2D:C1:DE:EC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b6436750-dd13-4827-92c2-57107be5329d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:3a:78:ad:7e:f2:d0:ab:65:dd:44:3d:b9:63:d2:9e:d4:73:
         f5:47:f5:21:d1:50:8f:1d:04:b5:7d:0c:7b:f0:5e:4e:64:57:
         6e:31:9d:9b:c2:5b:f5:14:99:a4:00:b2:f2:88:14:7f:50:cc:
         fc:20:d9:4d:3a:96:b3:d3:02:86:d6:75:88:62:f4:7b:62:93:
         21:f0:e0:2a:08:7c:c2:ff:f4:42:20:c4:90:62:45:69:52:14:
         49:d5:cb:84:29:51:83:1e:ec:97:0d:4a:de:00:f5:15:cb:07:
         0a:52:a4:06:79:82:56:a0:16:6a:5a:70:e3:0d:eb:93:4f:fc:
         e6:56:b6:ee:80:99:5d:51:41:d1:71:39:4d:ab:e0:2a:b6:6a:
         25:e6:6d:9d:61:f4:50:b9:ed:c8:31:92:70:7d:53:40:11:75:
         61:2b:69:a9:67:c0:94:d4:75:1f:4f:50:02:22:01:69:ce:09:
         92:f7:04:0e:6c:7d:55:4a:43:dd:ca:76:d3:40:a4:43:2e:b3:
         29:73:89:0e:8b:ff:9e:04:db:b9:53:2a:7e:23:fd:bd:15:7e:
         6f:5d:4b:ee:99:71:16:60:af:d7:c4:0c:78:11:33:1b:55:85:
         7f:85:ad:c5:e8:f9:a0:bd:37:3c:65:be:c1:9b:26:d3:85:18:
         34:60:a9:aa
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUW86smjDJEuvIqN8s/LzaOFKQeTgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMDA4MDAwMDAwWhcNMjIxMDExMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmRiNGZiYWE1Zjc1NjA4ZjcwYjFjYjBlNzI0NTY5ZDE5
ZjlkMWUwNTdkNmIxYWVlZDE0YTJjZWI0NWQxOTQ3NzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ4x3TpJbaMsuXo3n9aqAM4CxKjaa9uye5hCuisRy3WighHNMOOp
SBHGEHoMghjz2oFSUNZO2yUvcKcoNeBkznuI9JHMRLGRpD+gnyTof/Gdakfu+8uL
nfu/XP5IlzMU3J/LSi++Qt2pcBWYgIlGvXykAZhoRayZE4tc5SkhG6lqRPS6olVQ
rQUFnaWExFYyzKMkbTkRin0JMgVlKwSgajYpgwCLk2/Wx8yVMK2UyXdHGQKwxmsy
9QWoVH6/taJsEhivowwLHF/KId8FOZR8fUF5hETKE+IT6MywrXGs6i7yWV6cCWW+
yOoQ4tOrYx/YaRRqptzwVy+/68im6gJW8lcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTwnlYmcR0LgdU7GKA60eQ0LcHe7DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjY0MzY3NTAtZGQxMy00ODI3LTkyYzItNTcxMDdiZTUzMjlkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACI6eK1+8tCrZd1E
Pblj0p7Uc/VH9SHRUI8dBLV9DHvwXk5kV24xnZvCW/UUmaQAsvKIFH9QzPwg2U06
lrPTAobWdYhi9HtikyHw4CoIfML/9EIgxJBiRWlSFEnVy4QpUYMe7JcNSt4A9RXL
BwpSpAZ5glagFmpacOMN65NP/OZWtu6AmV1RQdFxOU2r4Cq2aiXmbZ1h9FC57cgx
knB9U0ARdWEraalnwJTUdR9PUAIiAWnOCZL3BA5sfVVKQ93KdtNApEMusylziQ6L
/54E27lTKn4j/b0Vfm9dS+6ZcRZgr9fEDHgRMxtVhX+FrcXo+aC9NzxlvsGbJtOF
GDRgqao=
-----END CERTIFICATE-----