Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cbef2864-ca4b-496b-9edb-831bf1de29a6.roa
File:                     cbef2864-ca4b-496b-9edb-831bf1de29a6.roa (raw, json)
Hash identifier:          vafGlYxKU/R0H+YoX2s+xgSx2evnwA7QrGcl6oKGLtc=
Subject key identifier:   9F:76:CE:09:37:6C:30:F5:83:B1:43:31:2F:D8:BC:D0:D4:17:83:B4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       69E0616B919F9D675C406320279B6F457584D66A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cbef2864-ca4b-496b-9edb-831bf1de29a6.roa
Signing time:             Thu 15 Dec 2022 00:00:00 +0000
ROA not before:           Thu 15 Dec 2022 00:00:00 +0000
ROA not after:            Sun 18 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:e0:61:6b:91:9f:9d:67:5c:40:63:20:27:9b:6f:45:75:84:d6:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 15 00:00:00 2022 GMT
            Not After : Dec 18 23:59:59 2022 GMT
        Subject: serialNumber=1211e5b8b05f5637fc9475bc9e0bfd060191aa54e9974ea0503fca4b19cbc20d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e9:c7:c7:28:14:e7:6c:04:71:0a:e0:c7:1a:
                    ed:74:a3:6b:b0:a6:04:bd:83:ae:24:2a:5e:e5:d7:
                    86:73:e9:53:42:4a:d6:a1:6b:42:7c:a5:24:d5:b1:
                    9a:26:3b:1a:09:9d:40:07:f0:7b:9e:4b:3e:31:6f:
                    9a:a5:76:73:23:4b:99:1f:1b:35:30:e1:01:fc:a1:
                    90:5e:f3:67:97:d5:50:52:4a:19:b4:cb:98:f7:46:
                    c6:bb:75:8b:3c:7c:4d:a0:86:f2:b2:23:a6:c1:dd:
                    82:fd:b7:d0:58:dc:90:ac:01:cb:94:8c:79:cf:cc:
                    2c:f8:0c:2d:ce:b5:ea:7b:70:0d:41:4c:8f:8d:99:
                    9d:7e:34:1b:d5:84:55:68:89:24:8e:e8:41:e6:9f:
                    30:f5:84:3b:ab:3e:23:31:64:91:78:80:11:17:17:
                    01:1f:0b:b9:bf:1f:4b:67:28:c4:f3:6e:0d:b8:9f:
                    3f:d7:b7:c4:a0:51:6b:7f:a5:9a:ed:73:2f:a0:83:
                    bb:56:17:d4:00:8a:af:6c:cd:d6:88:29:69:8a:5f:
                    d9:3f:8d:42:73:c1:0d:b3:ae:64:7a:d7:12:56:21:
                    3a:73:af:0f:e6:d0:04:9a:24:27:ef:7b:73:5b:af:
                    b7:29:26:c6:e2:be:e0:9c:53:fa:f9:8f:8f:15:c8:
                    c8:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:76:CE:09:37:6C:30:F5:83:B1:43:31:2F:D8:BC:D0:D4:17:83:B4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cbef2864-ca4b-496b-9edb-831bf1de29a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:8c:71:61:53:bd:c7:61:9b:6d:d2:ad:9f:c1:20:6d:a8:0d:
         81:41:bd:96:6a:5c:ae:8e:2d:13:ae:5c:df:f6:b4:a0:d9:d5:
         1e:b5:32:1e:77:0b:2a:24:52:c6:70:58:f7:1e:9c:4f:ee:52:
         e1:5b:20:5a:6a:e8:90:69:39:24:51:e5:c7:19:c9:bc:11:7e:
         f1:b8:3f:53:e7:e3:41:83:92:47:a7:e0:35:0c:e5:49:0c:bf:
         3b:f1:ad:db:8d:57:4b:af:4b:72:41:81:0a:ae:b5:8c:0c:10:
         24:70:c1:7a:1a:d5:35:49:99:3b:f7:fc:d3:0c:fb:90:7b:08:
         f3:f5:1e:e6:3b:65:37:7b:73:63:67:7c:56:3d:a2:9a:af:b4:
         22:80:e6:29:69:25:a3:e6:81:3d:be:a3:e2:66:c8:70:f0:e9:
         b9:88:bb:93:6e:bb:d1:18:64:8e:35:eb:69:dd:9c:8d:6b:2a:
         17:53:70:29:c6:07:e5:13:80:1b:b5:10:07:b9:87:da:e4:ab:
         e6:2d:7f:c6:59:82:3b:fe:f3:d0:f1:44:ba:b8:ba:25:91:b4:
         a4:82:97:7e:1e:9b:bd:ab:bd:6a:1a:22:c0:55:cb:af:7e:8e:
         3a:4c:83:07:61:aa:64:b7:41:50:07:fa:94:31:5c:6c:fb:4b:
         b1:8f:99:7c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUaeBha5GfnWdcQGMgJ5tvRXWE1mowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE1MDAwMDAwWhcNMjIxMjE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTIxMWU1YjhiMDVmNTYzN2ZjOTQ3NWJjOWUwYmZkMDYw
MTkxYWE1NGU5OTc0ZWEwNTAzZmNhNGIxOWNiYzIwZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALHpx8coFOdsBHEK4Mca7XSja7CmBL2DriQqXuXXhnPpU0JK1qFr
QnylJNWxmiY7GgmdQAfwe55LPjFvmqV2cyNLmR8bNTDhAfyhkF7zZ5fVUFJKGbTL
mPdGxrt1izx8TaCG8rIjpsHdgv230FjckKwBy5SMec/MLPgMLc616ntwDUFMj42Z
nX40G9WEVWiJJI7oQeafMPWEO6s+IzFkkXiAERcXAR8Lub8fS2coxPNuDbifP9e3
xKBRa3+lmu1zL6CDu1YX1ACKr2zN1ogpaYpf2T+NQnPBDbOuZHrXElYhOnOvD+bQ
BJokJ+97c1uvtykmxuK+4JxT+vmPjxXIyCsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSfds4JN2ww9YOxQzEv2LzQ1BeDtDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2JlZjI4NjQtY2E0Yi00OTZiLTllZGItODMxYmYxZGUyOWE2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAISMcWFTvcdhm23S
rZ/BIG2oDYFBvZZqXK6OLROuXN/2tKDZ1R61Mh53CyokUsZwWPcenE/uUuFbIFpq
6JBpOSRR5ccZybwRfvG4P1Pn40GDkken4DUM5UkMvzvxrduNV0uvS3JBgQqutYwM
ECRwwXoa1TVJmTv3/NMM+5B7CPP1HuY7ZTd7c2NnfFY9opqvtCKA5ilpJaPmgT2+
o+JmyHDw6bmIu5Nuu9EYZI4162ndnI1rKhdTcCnGB+UTgBu1EAe5h9rkq+Ytf8ZZ
gjv+89DxRLq4uiWRtKSCl34em72rvWoaIsBVy69+jjpMgwdhqmS3QVAH+pQxXGz7
S7GPmXw=
-----END CERTIFICATE-----