Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c14647b3-5812-4fed-a1e5-6d7cc2c89dd2.roa
File:                     c14647b3-5812-4fed-a1e5-6d7cc2c89dd2.roa (raw, json)
Hash identifier:          CizBwptMdGkKeAHpehv3wIVsN9i4UItSW8S/8pKSZoE=
Subject key identifier:   D3:41:C7:9A:EF:D5:51:A7:8E:B2:0B:49:07:00:5B:25:13:6B:F8:0E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       710322D50978E6296C0DCCCD444E385BE1FAB360
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c14647b3-5812-4fed-a1e5-6d7cc2c89dd2.roa
Signing time:             Thu 29 Dec 2022 00:00:00 +0000
ROA not before:           Thu 29 Dec 2022 00:00:00 +0000
ROA not after:            Sun 01 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:03:22:d5:09:78:e6:29:6c:0d:cc:cd:44:4e:38:5b:e1:fa:b3:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 29 00:00:00 2022 GMT
            Not After : Jan  1 23:59:59 2023 GMT
        Subject: serialNumber=f15244c08664c4292d6cece25346b9e2ecd686c63f1acae52b5e1247a704aa0e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:65:90:5f:b4:76:13:6b:c7:c6:c6:38:db:80:
                    9d:a3:34:1c:4f:8f:43:69:db:14:e2:38:b3:e3:ab:
                    0f:50:d7:97:70:13:2e:c6:f5:ba:3e:83:7d:94:33:
                    10:c5:de:83:42:65:25:36:40:cc:c3:52:61:36:1c:
                    48:f1:1e:b0:78:53:5e:28:3f:4d:f5:67:e9:52:ed:
                    b5:af:22:02:bf:3d:ad:f3:4a:9a:29:99:60:0f:82:
                    20:e7:1a:6c:dd:4d:68:a1:41:63:86:ef:51:69:2c:
                    30:59:46:e2:df:38:03:73:9a:5d:04:28:51:d3:b8:
                    7f:6e:77:e8:25:a6:ef:7c:4b:3a:32:96:b7:07:24:
                    d9:54:3d:a1:56:21:5b:23:9b:c8:b0:53:38:f4:00:
                    c4:2e:81:d3:f1:93:1e:3d:f7:4f:11:16:fd:ec:60:
                    b6:02:2f:a2:1e:7b:26:cd:01:f6:e7:41:d4:cd:e6:
                    9d:19:35:bc:2d:aa:ce:5e:a1:db:e2:f4:92:d8:9c:
                    5f:56:4f:18:d9:5f:7e:ac:29:2f:67:66:d2:9e:e8:
                    47:b6:d3:3d:87:39:0b:fc:15:b3:05:4c:5b:0b:ba:
                    08:39:ec:ba:e9:3b:81:3f:21:41:af:b0:5a:c1:67:
                    d8:eb:f1:37:db:67:63:63:5a:c2:2a:5c:b6:f7:a1:
                    df:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:41:C7:9A:EF:D5:51:A7:8E:B2:0B:49:07:00:5B:25:13:6B:F8:0E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c14647b3-5812-4fed-a1e5-6d7cc2c89dd2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:38:5a:38:2d:df:70:21:bd:1d:e5:28:f1:c1:29:f2:90:ff:
         19:0f:4c:4a:c8:f2:dc:53:70:01:c7:7e:99:e2:65:e8:cb:47:
         a1:fd:30:15:d0:7b:42:ab:7b:d8:76:6a:f4:3a:e7:b0:8d:0b:
         21:57:83:5e:86:d0:f1:be:36:96:39:6b:45:b0:40:0a:64:da:
         99:1c:7e:58:d2:37:8d:c3:ed:55:29:42:ef:12:bc:ba:b2:a1:
         87:7c:03:bb:fb:d4:b2:94:de:fe:f5:31:5f:d9:cd:ec:de:8d:
         50:68:f1:a6:7f:6e:fa:f2:26:1a:12:0d:4e:3e:88:3f:06:1b:
         9a:2c:75:5f:22:bf:10:94:2d:ba:4b:42:08:1a:65:9c:89:af:
         0c:db:7c:a5:81:e6:32:89:4f:b0:0b:24:35:fc:79:06:95:fc:
         cc:5f:46:04:c1:30:8d:d3:22:9a:e9:1d:19:34:04:24:cd:02:
         98:20:1d:c0:ff:86:25:06:3b:b3:5b:48:9c:3f:f9:a4:c6:fc:
         ba:87:00:66:75:c0:c4:58:c7:7a:4a:9c:65:fa:c4:b3:1e:51:
         b1:28:2e:aa:2f:8e:4e:7d:17:30:5e:5d:98:d6:1a:f0:a3:bf:
         7b:2d:07:ec:4d:03:1e:c4:f2:a4:4c:fe:b6:16:8a:e5:87:34:
         61:c5:99:df
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcQMi1Ql45ilsDczNRE44W+H6s2AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI5MDAwMDAwWhcNMjMwMTAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjE1MjQ0YzA4NjY0YzQyOTJkNmNlY2UyNTM0NmI5ZTJl
Y2Q2ODZjNjNmMWFjYWU1MmI1ZTEyNDdhNzA0YWEwZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPNlkF+0dhNrx8bGONuAnaM0HE+PQ2nbFOI4s+OrD1DXl3ATLsb1
uj6DfZQzEMXeg0JlJTZAzMNSYTYcSPEesHhTXig/TfVn6VLtta8iAr89rfNKmimZ
YA+CIOcabN1NaKFBY4bvUWksMFlG4t84A3OaXQQoUdO4f2536CWm73xLOjKWtwck
2VQ9oVYhWyObyLBTOPQAxC6B0/GTHj33TxEW/exgtgIvoh57Js0B9udB1M3mnRk1
vC2qzl6h2+L0kticX1ZPGNlffqwpL2dm0p7oR7bTPYc5C/wVswVMWwu6CDnsuuk7
gT8hQa+wWsFn2OvxN9tnY2Nawipctveh39cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTTQcea79VRp46yC0kHAFslE2v4DjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzE0NjQ3YjMtNTgxMi00ZmVkLWExZTUtNmQ3Y2MyYzg5ZGQyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABM4Wjgt33AhvR3l
KPHBKfKQ/xkPTErI8txTcAHHfpniZejLR6H9MBXQe0Kre9h2avQ657CNCyFXg16G
0PG+NpY5a0WwQApk2pkcfljSN43D7VUpQu8SvLqyoYd8A7v71LKU3v71MV/Zzeze
jVBo8aZ/bvryJhoSDU4+iD8GG5osdV8ivxCULbpLQggaZZyJrwzbfKWB5jKJT7AL
JDX8eQaV/MxfRgTBMI3TIprpHRk0BCTNApggHcD/hiUGO7NbSJw/+aTG/LqHAGZ1
wMRYx3pKnGX6xLMeUbEoLqovjk59FzBeXZjWGvCjv3stB+xNAx7E8qRM/rYWiuWH
NGHFmd8=
-----END CERTIFICATE-----