Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c6d71ecf-e912-4d2f-a9d8-01abd7000f34.roa
File:                     c6d71ecf-e912-4d2f-a9d8-01abd7000f34.roa (raw, json)
Hash identifier:          9WADOvuF+P5/OLyER+G0WoHDR/ilMyDr7ORLaD9NjmI=
Subject key identifier:   54:41:B0:90:24:87:10:C7:02:AE:80:94:CF:B7:4D:DF:43:E2:5B:8C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       770D3DB3D24B77E4EF344076ADD8FB611FEFD9A7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c6d71ecf-e912-4d2f-a9d8-01abd7000f34.roa
Signing time:             Sun 15 Jan 2023 00:00:00 +0000
ROA not before:           Sun 15 Jan 2023 00:00:00 +0000
ROA not after:            Wed 18 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:0d:3d:b3:d2:4b:77:e4:ef:34:40:76:ad:d8:fb:61:1f:ef:d9:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 15 00:00:00 2023 GMT
            Not After : Jan 18 23:59:59 2023 GMT
        Subject: serialNumber=9fa89b6e5b4c2802b71692383ce99d8490aec53c2404b393945fa6613c4aa42e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:40:4f:a3:89:3c:5b:b7:f2:5f:cd:76:a6:4e:
                    09:cc:d6:98:44:bf:73:f5:7a:ea:72:cd:ff:fd:c6:
                    66:9c:96:a5:b8:53:07:0f:51:c7:bc:1b:c0:c8:77:
                    1d:34:1f:e2:25:ee:de:ae:b2:1c:f1:c6:58:47:03:
                    6c:3a:d9:96:11:e1:e4:e9:cd:ec:c0:2d:11:46:d7:
                    fb:79:ae:84:98:1f:d9:46:f1:01:06:91:e2:81:27:
                    17:c3:c0:6e:43:b5:78:e4:2e:fe:db:be:c1:94:11:
                    64:3d:db:80:f0:cc:7f:75:bc:87:a7:fe:b0:27:da:
                    25:e8:b9:10:66:1b:b8:a0:4a:d3:ec:db:39:c9:51:
                    01:fb:4f:09:a2:b5:f3:3c:d7:94:bf:a7:96:03:c7:
                    ab:5c:2c:13:0e:8c:40:db:e4:d0:90:38:55:b5:31:
                    1d:c4:48:f9:85:5b:a0:90:7e:bc:17:d7:39:47:e3:
                    dd:5f:07:fd:b8:17:09:9e:d1:d4:4f:c3:9f:a4:9f:
                    f9:68:ba:8b:4c:93:3a:b8:94:f1:b7:a4:12:4c:ca:
                    c3:4c:d2:86:e0:56:c7:63:b5:b9:33:27:59:f3:dd:
                    3e:e3:f7:bb:87:37:31:48:fd:a6:24:81:8d:8e:9d:
                    30:3f:11:1a:bd:fe:7f:f5:18:65:25:52:1f:78:46:
                    47:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:41:B0:90:24:87:10:C7:02:AE:80:94:CF:B7:4D:DF:43:E2:5B:8C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c6d71ecf-e912-4d2f-a9d8-01abd7000f34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:1d:ed:e9:7e:66:5a:95:c9:86:8b:5f:6d:cf:38:12:b2:c8:
         a2:e2:40:a1:91:c5:36:08:f6:01:03:c9:d2:29:b3:87:7e:64:
         54:b4:e1:8e:32:be:9b:e1:3d:f1:be:09:c7:e6:57:cf:08:45:
         fa:04:e6:36:0e:cf:c6:12:8a:99:37:da:19:e3:a8:4a:9d:30:
         e2:af:5e:aa:bf:10:37:a3:be:6c:af:4a:a3:74:c8:02:aa:ec:
         a3:81:91:5e:05:d9:1a:8d:a5:e0:f5:7b:44:e1:1f:15:18:31:
         e7:f3:5d:ce:ad:67:79:c6:47:ce:bd:3d:b6:3e:c0:49:f7:ac:
         75:ee:f5:d6:d0:61:00:1a:67:b5:da:f8:f9:fd:fd:eb:e4:0c:
         d3:66:de:ec:e8:f1:9e:90:bc:7d:07:82:9d:c0:86:9d:9e:0e:
         0e:31:09:f9:3d:41:9b:43:de:ea:67:43:12:b9:32:28:4b:b8:
         95:7e:69:30:70:b4:e0:33:48:ba:fb:fa:39:84:13:4c:45:68:
         f6:b2:cf:46:20:3a:bc:d8:4a:a5:f3:d2:22:5f:c6:17:9a:41:
         0a:b8:70:03:84:6e:43:0a:91:fd:df:e2:f8:95:f3:f9:27:1c:
         fe:cb:b8:4f:f1:69:22:3c:3c:0e:3a:f6:fc:55:a2:ac:3f:7d:
         66:02:4f:7a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdw09s9JLd+TvNEB2rdj7YR/v2acwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTE1MDAwMDAwWhcNMjMwMTE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOWZhODliNmU1YjRjMjgwMmI3MTY5MjM4M2NlOTlkODQ5
MGFlYzUzYzI0MDRiMzkzOTQ1ZmE2NjEzYzRhYTQyZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIRAT6OJPFu38l/NdqZOCczWmES/c/V66nLN//3GZpyWpbhTBw9R
x7wbwMh3HTQf4iXu3q6yHPHGWEcDbDrZlhHh5OnN7MAtEUbX+3muhJgf2UbxAQaR
4oEnF8PAbkO1eOQu/tu+wZQRZD3bgPDMf3W8h6f+sCfaJei5EGYbuKBK0+zbOclR
AftPCaK18zzXlL+nlgPHq1wsEw6MQNvk0JA4VbUxHcRI+YVboJB+vBfXOUfj3V8H
/bgXCZ7R1E/Dn6Sf+Wi6i0yTOriU8bekEkzKw0zShuBWx2O1uTMnWfPdPuP3u4c3
MUj9piSBjY6dMD8RGr3+f/UYZSVSH3hGR/cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRUQbCQJIcQxwKugJTPt03fQ+JbjDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzZkNzFlY2YtZTkxMi00ZDJmLWE5ZDgtMDFhYmQ3MDAwZjM0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADId7el+ZlqVyYaL
X23POBKyyKLiQKGRxTYI9gEDydIps4d+ZFS04Y4yvpvhPfG+CcfmV88IRfoE5jYO
z8YSipk32hnjqEqdMOKvXqq/EDejvmyvSqN0yAKq7KOBkV4F2RqNpeD1e0ThHxUY
MefzXc6tZ3nGR869PbY+wEn3rHXu9dbQYQAaZ7Xa+Pn9/evkDNNm3uzo8Z6QvH0H
gp3Ahp2eDg4xCfk9QZtD3upnQxK5MihLuJV+aTBwtOAzSLr7+jmEE0xFaPayz0Yg
OrzYSqXz0iJfxheaQQq4cAOEbkMKkf3f4viV8/knHP7LuE/xaSI8PA469vxVoqw/
fWYCT3o=
-----END CERTIFICATE-----