Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c23407e7-1099-41bd-be82-ede69f3c2b79.roa
File:                     c23407e7-1099-41bd-be82-ede69f3c2b79.roa (raw, json)
Hash identifier:          BNwCq9KR98SmTu5fDf5ssfgumgG6X8I/KCpWlch+BQk=
Subject key identifier:   19:25:81:9A:76:1C:4F:CB:1B:05:5C:84:55:4B:08:F6:A1:0C:B7:C8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       21393B41CD36D4F524224B76912CC03DC6E5A57F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c23407e7-1099-41bd-be82-ede69f3c2b79.roa
Signing time:             Tue 26 Jul 2022 00:00:00 +0000
ROA not before:           Tue 26 Jul 2022 00:00:00 +0000
ROA not after:            Fri 29 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:39:3b:41:cd:36:d4:f5:24:22:4b:76:91:2c:c0:3d:c6:e5:a5:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 26 00:00:00 2022 GMT
            Not After : Jul 29 23:59:59 2022 GMT
        Subject: serialNumber=b2e4b82a1c967c32ce4d0f06e3976312682bbe35957f7dc80a64396bd940b8a7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:eb:84:fa:f3:b8:8e:d2:d8:c5:bc:5e:da:05:
                    22:87:92:37:3d:72:f0:7a:52:84:1d:ae:29:c2:5a:
                    80:6c:56:88:e9:ab:99:00:3b:21:02:1e:f3:db:da:
                    cf:f3:ac:13:5b:e8:68:26:27:94:11:24:66:b9:6d:
                    6d:09:f0:b0:6f:d3:6b:72:83:5b:bf:bc:33:3a:e2:
                    7b:73:d7:dd:12:f5:69:d5:63:37:83:44:39:7b:51:
                    f3:7d:51:75:26:c4:39:99:36:de:4b:ea:40:f7:33:
                    e7:56:6e:9a:32:88:d6:0d:d4:3f:74:14:fe:b1:b6:
                    24:9f:43:8f:4f:7a:81:27:a5:ea:d4:c7:0d:1a:f1:
                    39:4c:ac:f9:c8:de:0c:a3:db:58:35:27:02:15:d1:
                    3a:1f:94:07:e9:4e:f4:42:40:8f:c0:a5:50:ec:71:
                    82:e4:c0:87:ca:fb:3c:bb:f2:5f:3e:4e:18:a8:1a:
                    69:4b:69:7b:82:53:34:3c:24:12:4c:a4:a1:67:dc:
                    f9:77:6f:e7:96:7f:50:e5:fa:f8:af:e9:1a:da:52:
                    67:57:fd:9d:98:4a:7b:c1:17:4f:5f:0b:71:5c:4c:
                    80:69:d0:95:27:b8:80:54:30:8e:ef:33:65:d8:21:
                    7e:75:11:7e:b5:ed:74:3d:f4:81:e4:a0:a6:9b:61:
                    91:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:25:81:9A:76:1C:4F:CB:1B:05:5C:84:55:4B:08:F6:A1:0C:B7:C8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c23407e7-1099-41bd-be82-ede69f3c2b79.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:f8:9d:13:2d:41:e2:51:6f:16:75:82:89:0d:52:b7:03:1d:
         f5:40:db:4f:a4:a5:4d:c0:20:eb:5c:72:06:43:37:d8:bc:64:
         d3:3c:1a:dc:c0:a6:03:87:b7:3b:34:ab:05:a1:b0:d5:86:5f:
         ff:3a:79:01:4a:08:1b:43:b3:b5:e8:0b:48:8a:b7:79:d4:fe:
         0b:01:6b:74:1b:01:7f:d9:dc:8a:1a:d4:6a:7c:00:1f:58:fd:
         6b:f3:01:da:ae:db:e1:bd:2f:38:d7:15:9d:e4:e2:f1:32:ed:
         18:48:d5:63:fe:f1:1d:e3:4a:92:16:5c:88:04:99:77:9c:2b:
         d9:d0:bd:dd:2d:4b:78:fa:43:9f:58:0f:15:5d:90:72:83:52:
         83:98:61:17:45:76:6f:88:22:08:0b:81:4f:4a:62:a7:2e:25:
         2b:a8:a0:9d:ff:31:84:e6:53:73:e9:91:09:bd:d3:54:e2:60:
         4a:3b:2f:b8:12:69:21:05:8b:9b:7b:4d:f9:1e:91:fa:37:63:
         27:4e:fd:3a:53:c1:7b:24:3a:96:0a:03:60:4e:1c:aa:ff:f4:
         a5:32:0e:e8:11:32:ac:d2:b2:a9:9e:a6:9d:d1:27:d2:79:ad:
         d2:55:53:b6:0b:a7:bd:43:86:ac:8e:ac:b5:b0:c2:ee:05:3d:
         09:15:e5:52
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUITk7Qc021PUkIkt2kSzAPcblpX8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzI2MDAwMDAwWhcNMjIwNzI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjJlNGI4MmExYzk2N2MzMmNlNGQwZjA2ZTM5NzYzMTI2
ODJiYmUzNTk1N2Y3ZGM4MGE2NDM5NmJkOTQwYjhhNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALXrhPrzuI7S2MW8XtoFIoeSNz1y8HpShB2uKcJagGxWiOmrmQA7
IQIe89vaz/OsE1voaCYnlBEkZrltbQnwsG/Ta3KDW7+8Mzrie3PX3RL1adVjN4NE
OXtR831RdSbEOZk23kvqQPcz51ZumjKI1g3UP3QU/rG2JJ9Dj096gSel6tTHDRrx
OUys+cjeDKPbWDUnAhXROh+UB+lO9EJAj8ClUOxxguTAh8r7PLvyXz5OGKgaaUtp
e4JTNDwkEkykoWfc+Xdv55Z/UOX6+K/pGtpSZ1f9nZhKe8EXT18LcVxMgGnQlSe4
gFQwju8zZdghfnURfrXtdD30geSgppthkYUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQZJYGadhxPyxsFXIRVSwj2oQy3yDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzIzNDA3ZTctMTA5OS00MWJkLWJlODItZWRlNjlmM2MyYjc5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMn4nRMtQeJRbxZ1
gokNUrcDHfVA20+kpU3AIOtccgZDN9i8ZNM8GtzApgOHtzs0qwWhsNWGX/86eQFK
CBtDs7XoC0iKt3nU/gsBa3QbAX/Z3Ioa1Gp8AB9Y/WvzAdqu2+G9LzjXFZ3k4vEy
7RhI1WP+8R3jSpIWXIgEmXecK9nQvd0tS3j6Q59YDxVdkHKDUoOYYRdFdm+IIggL
gU9KYqcuJSuooJ3/MYTmU3PpkQm901TiYEo7L7gSaSEFi5t7Tfkekfo3YydO/TpT
wXskOpYKA2BOHKr/9KUyDugRMqzSsqmepp3RJ9J5rdJVU7YLp71DhqyOrLWwwu4F
PQkV5VI=
-----END CERTIFICATE-----