Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cb03f12d-0c2f-4250-9a2b-cdef99c8754f.roa
File:                     cb03f12d-0c2f-4250-9a2b-cdef99c8754f.roa (raw, json)
Hash identifier:          EQJLRqaPo8D93Ezy7Ry3fmuiAlvh63UDP6+y9i3DNHM=
Subject key identifier:   F3:10:AF:29:DE:F1:9E:4D:0C:07:51:1F:B9:F9:79:53:36:23:BD:FD
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       424DA7BF647CEDB2952506F2D9707B1E561F0051
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cb03f12d-0c2f-4250-9a2b-cdef99c8754f.roa
Signing time:             Wed 16 Nov 2022 00:00:00 +0000
ROA not before:           Wed 16 Nov 2022 00:00:00 +0000
ROA not after:            Sat 19 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:4d:a7:bf:64:7c:ed:b2:95:25:06:f2:d9:70:7b:1e:56:1f:00:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov 16 00:00:00 2022 GMT
            Not After : Nov 19 23:59:59 2022 GMT
        Subject: serialNumber=4e29fa193a8dcc77bc20e7250597281f872a89b831cac73588faf0bdd7c747cd, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f4:1b:ba:c7:d4:f4:72:dc:91:e1:2d:6b:da:
                    ef:09:ef:55:7d:7e:78:b0:df:67:e2:42:8f:03:0f:
                    f3:ca:d5:69:d3:fd:ec:6e:4b:e8:b5:45:4a:2f:de:
                    fe:22:d5:5f:9c:df:d5:c0:61:60:48:e3:a3:a0:41:
                    29:2c:65:8d:57:b1:24:66:f1:fb:b4:e0:8c:20:de:
                    5b:9b:09:eb:c8:65:50:d4:c7:12:6a:8f:e2:b7:be:
                    47:53:65:d9:72:a1:e5:4d:bd:43:6b:66:3b:ed:88:
                    48:79:7b:03:7b:91:63:91:87:45:4e:d3:8b:6a:2a:
                    8d:6d:9c:b7:fe:a6:5b:25:e3:c3:4a:32:6a:23:c3:
                    37:fe:a7:51:66:99:3d:7a:66:65:98:92:d6:96:36:
                    ed:6b:16:f1:19:87:3a:06:60:27:f2:ad:7d:28:c3:
                    6e:e6:52:d1:78:31:61:a7:f4:21:f3:d2:61:8c:bc:
                    d0:25:69:ac:a7:7b:73:ef:95:e6:6b:2e:6e:1d:23:
                    91:05:a3:98:0b:fd:73:b4:1f:c0:09:de:b0:de:f7:
                    09:08:f4:34:e0:c5:0a:ee:60:7c:5c:81:81:94:83:
                    db:86:e3:5c:d5:2e:26:60:fc:e8:55:1d:7a:0c:a3:
                    7c:13:0a:3e:42:47:f3:ce:8a:68:a6:16:0f:83:eb:
                    ba:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:10:AF:29:DE:F1:9E:4D:0C:07:51:1F:B9:F9:79:53:36:23:BD:FD
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cb03f12d-0c2f-4250-9a2b-cdef99c8754f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ba:f6:36:ae:fa:74:54:2b:45:d2:f3:f2:fd:6f:c2:49:bf:
         de:2b:73:3c:16:7c:56:30:b7:a5:77:be:15:81:a3:66:4c:1a:
         de:8a:6c:f1:f5:b2:23:2a:75:d9:d3:bf:51:f0:9b:a8:c5:e2:
         8f:12:4f:0b:fd:f9:af:fa:0e:46:7e:81:93:01:85:46:fd:5a:
         ca:10:ec:7a:2f:07:c0:fc:83:8e:44:32:87:f8:3c:2f:a7:68:
         51:dc:c4:1e:bb:d7:a9:c7:7f:05:04:cd:69:ae:3e:40:14:d8:
         91:4f:69:58:e7:22:63:a8:a8:78:da:e7:67:12:bf:a2:1e:1d:
         cd:ba:a4:87:76:ef:94:ae:8b:82:d7:47:d8:76:d5:43:9c:20:
         b3:d6:ad:f8:90:4c:75:bd:85:71:c8:82:02:0b:d3:1f:57:af:
         8d:33:2b:f3:56:31:09:e4:d3:ab:a3:9e:04:2c:dd:5f:b1:18:
         3f:40:a8:ee:da:02:9f:35:c7:d6:06:c2:ca:49:3c:37:11:46:
         2f:23:ca:4d:c6:91:78:55:3e:b2:48:38:51:2a:a6:96:51:9a:
         79:70:1c:3e:ca:9a:f7:4c:13:9c:a9:53:34:96:16:97:e9:cf:
         cf:ca:92:0c:b4:47:dd:85:de:df:d1:7e:8a:67:7e:7e:d2:9b:
         4a:bd:b4:22
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQk2nv2R87bKVJQby2XB7HlYfAFEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTE2MDAwMDAwWhcNMjIxMTE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNANGUyOWZhMTkzYThkY2M3N2JjMjBlNzI1MDU5NzI4MWY4
NzJhODliODMxY2FjNzM1ODhmYWYwYmRkN2M3NDdjZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALD0G7rH1PRy3JHhLWva7wnvVX1+eLDfZ+JCjwMP88rVadP97G5L
6LVFSi/e/iLVX5zf1cBhYEjjo6BBKSxljVexJGbx+7TgjCDeW5sJ68hlUNTHEmqP
4re+R1Nl2XKh5U29Q2tmO+2ISHl7A3uRY5GHRU7Ti2oqjW2ct/6mWyXjw0oyaiPD
N/6nUWaZPXpmZZiS1pY27WsW8RmHOgZgJ/KtfSjDbuZS0XgxYaf0IfPSYYy80CVp
rKd7c++V5msubh0jkQWjmAv9c7QfwAnesN73CQj0NODFCu5gfFyBgZSD24bjXNUu
JmD86FUdegyjfBMKPkJH886KaKYWD4Prur0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTzEK8p3vGeTQwHUR+5+XlTNiO9/TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2IwM2YxMmQtMGMyZi00MjUwLTlhMmItY2RlZjk5Yzg3NTRmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAq69jau+nRUK0XS
8/L9b8JJv94rczwWfFYwt6V3vhWBo2ZMGt6KbPH1siMqddnTv1Hwm6jF4o8STwv9
+a/6DkZ+gZMBhUb9WsoQ7HovB8D8g45EMof4PC+naFHcxB6716nHfwUEzWmuPkAU
2JFPaVjnImOoqHja52cSv6IeHc26pId275Sui4LXR9h21UOcILPWrfiQTHW9hXHI
ggIL0x9Xr40zK/NWMQnk06ujngQs3V+xGD9AqO7aAp81x9YGwspJPDcRRi8jyk3G
kXhVPrJIOFEqppZRmnlwHD7KmvdME5ypUzSWFpfpz8/Kkgy0R92F3t/Rfopnfn7S
m0q9tCI=
-----END CERTIFICATE-----