Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/be98d0b3-e325-4048-85fc-24dbedf401c8.roa
File:                     be98d0b3-e325-4048-85fc-24dbedf401c8.roa (raw, json)
Hash identifier:          CtT/LtvtJNRXHLjn+XDRDm8kLKrVEopEB1klW51f0cc=
Subject key identifier:   7D:60:4D:7D:9B:B6:CF:DA:50:8C:E1:AF:32:12:30:DB:B1:90:01:23
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5E678A2BD7D69BF50067A943D2A9727093E3F02E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/be98d0b3-e325-4048-85fc-24dbedf401c8.roa
Signing time:             Wed 23 Nov 2022 00:00:00 +0000
ROA not before:           Wed 23 Nov 2022 00:00:00 +0000
ROA not after:            Sat 26 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:67:8a:2b:d7:d6:9b:f5:00:67:a9:43:d2:a9:72:70:93:e3:f0:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov 23 00:00:00 2022 GMT
            Not After : Nov 26 23:59:59 2022 GMT
        Subject: serialNumber=ba9e399b58a5fa69333296746a211a48177a7362df6da7342e18fca8fc100db6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:67:03:61:80:52:ba:dc:29:88:fe:7c:45:f9:
                    4e:5c:e4:23:d9:b2:db:d3:99:fc:ba:cc:90:c8:35:
                    0b:e8:51:0d:c8:d4:9f:99:60:32:b0:7a:ab:70:10:
                    f0:37:d3:8a:c7:c7:16:b1:62:45:1a:51:ec:1f:d3:
                    b9:f3:21:d2:36:ab:3e:0d:ee:04:29:bb:44:a2:12:
                    4e:39:82:c0:c9:23:ae:c2:f1:30:70:70:22:f1:4d:
                    4e:06:dc:50:f6:3f:22:b8:f3:33:05:1c:ac:50:6f:
                    56:19:c2:aa:8c:a5:17:9f:d4:b1:31:b9:79:ec:4b:
                    f5:d0:06:3a:60:f9:6b:62:7c:bd:28:f3:70:c5:fe:
                    e9:01:a8:ad:28:b4:4a:1b:95:35:8b:77:f7:48:f3:
                    f4:59:30:2f:df:83:e3:e5:c9:fd:99:01:2d:a8:ce:
                    2d:d4:71:66:ef:59:b9:a4:b4:16:66:69:45:65:0c:
                    69:1b:1a:3d:75:76:0c:bd:3b:dd:07:62:cc:3c:37:
                    2a:a3:6c:80:06:b8:0b:d1:4c:1b:ec:a4:38:f8:6a:
                    b1:06:f2:de:68:d4:04:bf:dc:b9:86:ec:e7:6a:07:
                    4d:42:db:b2:01:a3:13:30:7c:e5:e2:76:b7:02:0c:
                    9c:8e:af:13:fc:05:a0:80:2b:fb:83:e8:e9:c7:ef:
                    21:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:60:4D:7D:9B:B6:CF:DA:50:8C:E1:AF:32:12:30:DB:B1:90:01:23
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/be98d0b3-e325-4048-85fc-24dbedf401c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:24:48:e1:3d:1a:c8:d0:86:14:ac:67:c8:39:be:2e:75:e1:
         08:45:3b:05:2d:2a:24:dd:78:71:d8:11:32:be:1f:73:a0:ac:
         d7:2e:2c:42:e1:0b:e3:6f:63:00:e7:f8:43:f9:00:45:7b:7b:
         58:13:ee:8c:61:13:59:22:f5:3b:16:bc:ab:2b:ee:04:0c:a9:
         e4:6e:dc:d4:fd:86:21:b5:8e:f4:5d:6f:1c:f8:64:fc:87:60:
         eb:76:1e:00:b2:65:f6:be:f4:a2:f1:4a:e0:7c:8d:b2:41:48:
         b5:7e:ce:d4:31:18:e8:c3:ad:99:cf:fd:25:3d:1e:b1:e8:e3:
         43:00:1b:72:b3:ed:ff:67:7b:a6:91:e3:4d:6a:59:cf:f0:4a:
         8d:6a:49:05:cf:fb:f8:ab:53:15:15:03:4b:91:7a:a8:09:ee:
         80:39:a2:49:6c:9d:ad:42:7d:cf:63:05:3d:31:89:80:f3:b5:
         90:c7:f9:05:e8:8b:b4:d0:d4:42:d3:40:28:db:c1:d1:1c:0c:
         36:d1:9d:7a:06:c1:e9:d5:4a:b3:97:75:da:1f:32:16:c2:3c:
         96:ea:d7:b3:1c:fb:f6:95:9e:2b:67:7d:5a:c3:7f:40:7d:67:
         18:a8:95:23:04:2a:85:c1:ac:43:a0:3a:af:59:c4:43:eb:91:
         a2:c5:07:a4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUXmeKK9fWm/UAZ6lD0qlycJPj8C4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTIzMDAwMDAwWhcNMjIxMTI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmE5ZTM5OWI1OGE1ZmE2OTMzMzI5Njc0NmEyMTFhNDgx
NzdhNzM2MmRmNmRhNzM0MmUxOGZjYThmYzEwMGRiNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL5nA2GAUrrcKYj+fEX5TlzkI9my29OZ/LrMkMg1C+hRDcjUn5lg
MrB6q3AQ8DfTisfHFrFiRRpR7B/TufMh0jarPg3uBCm7RKISTjmCwMkjrsLxMHBw
IvFNTgbcUPY/IrjzMwUcrFBvVhnCqoylF5/UsTG5eexL9dAGOmD5a2J8vSjzcMX+
6QGorSi0ShuVNYt390jz9FkwL9+D4+XJ/ZkBLajOLdRxZu9ZuaS0FmZpRWUMaRsa
PXV2DL073QdizDw3KqNsgAa4C9FMG+ykOPhqsQby3mjUBL/cuYbs52oHTULbsgGj
EzB85eJ2twIMnI6vE/wFoIAr+4Po6cfvIYsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR9YE19m7bP2lCM4a8yEjDbsZABIzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmU5OGQwYjMtZTMyNS00MDQ4LTg1ZmMtMjRkYmVkZjQwMWM4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALUkSOE9GsjQhhSs
Z8g5vi514QhFOwUtKiTdeHHYETK+H3OgrNcuLELhC+NvYwDn+EP5AEV7e1gT7oxh
E1ki9TsWvKsr7gQMqeRu3NT9hiG1jvRdbxz4ZPyHYOt2HgCyZfa+9KLxSuB8jbJB
SLV+ztQxGOjDrZnP/SU9HrHo40MAG3Kz7f9ne6aR401qWc/wSo1qSQXP+/irUxUV
A0uReqgJ7oA5oklsna1Cfc9jBT0xiYDztZDH+QXoi7TQ1ELTQCjbwdEcDDbRnXoG
wenVSrOXddofMhbCPJbq17Mc+/aVnitnfVrDf0B9ZxiolSMEKoXBrEOgOq9ZxEPr
kaLFB6Q=
-----END CERTIFICATE-----