Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ccd93b62-59e7-4a65-8a17-464804293689.roa
File:                     ccd93b62-59e7-4a65-8a17-464804293689.roa (raw, json)
Hash identifier:          6rJ/dneL3UUkMHBw9iLbVB1NaD3JY0MxOIwfIWKEUBI=
Subject key identifier:   4D:CE:24:93:03:17:2D:A0:DF:A0:C2:EC:7D:49:AA:EC:DA:69:2B:34
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       768C34516D93BD5DBCE72B965CD20DFE9CEC2FFA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ccd93b62-59e7-4a65-8a17-464804293689.roa
Signing time:             Wed 16 Nov 2022 00:00:00 +0000
ROA not before:           Wed 16 Nov 2022 00:00:00 +0000
ROA not after:            Sat 19 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:8c:34:51:6d:93:bd:5d:bc:e7:2b:96:5c:d2:0d:fe:9c:ec:2f:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov 16 00:00:00 2022 GMT
            Not After : Nov 19 23:59:59 2022 GMT
        Subject: serialNumber=0dad88e6df5d297c19655c6fcc4e9939bc8c81c816e68492dc7c14f54ade7c53, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5a:ce:4d:05:03:45:40:61:aa:7c:60:d5:74:
                    f2:85:f2:43:b1:18:39:c9:d4:97:4a:83:3b:ce:b2:
                    d2:7a:f7:d8:70:4c:f8:e8:a8:52:26:26:a3:4e:3d:
                    f4:1e:8a:95:f6:2e:c4:8b:89:1f:b3:47:35:13:53:
                    e6:ea:c0:44:e3:ff:e1:6e:36:5a:74:b1:4b:70:fc:
                    10:bd:97:ca:54:09:db:5d:dd:9b:d9:67:52:ee:b2:
                    32:eb:f6:c5:94:e9:60:66:cf:62:57:64:d8:70:b3:
                    88:53:1a:a4:af:4e:09:e8:14:4f:8c:a4:6f:98:4c:
                    60:d1:58:0d:24:76:06:c8:9f:5c:92:d1:18:f8:0c:
                    d9:68:dd:a0:16:da:5a:20:9a:f6:a0:2a:26:47:27:
                    78:35:36:b9:89:77:2a:18:db:f5:d5:b2:46:59:96:
                    b7:c9:bd:87:19:0d:ca:f4:a8:17:8a:21:bd:31:6c:
                    88:06:ac:3f:fd:7b:63:63:08:43:48:58:0e:7d:1a:
                    b0:24:8a:10:5e:4e:33:ba:0d:5e:d3:11:ab:a3:4b:
                    fc:85:3a:92:55:b6:d0:a3:b8:3e:09:fa:9d:33:c1:
                    3d:b3:60:d3:28:ae:ba:55:54:2a:14:61:17:ae:0c:
                    b8:da:2d:bc:45:bf:f4:80:5f:d3:2f:3e:ed:c2:b8:
                    2f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:CE:24:93:03:17:2D:A0:DF:A0:C2:EC:7D:49:AA:EC:DA:69:2B:34
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ccd93b62-59e7-4a65-8a17-464804293689.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:9f:a8:b9:a8:d7:7d:c5:ec:c3:80:f9:f9:30:6b:18:ac:90:
         f7:d4:12:76:13:8d:18:59:ff:7f:cd:cc:8e:fe:f3:34:58:80:
         72:8e:d4:44:ae:da:94:f3:68:94:a2:79:0d:1b:eb:29:38:37:
         53:83:3a:07:46:b2:08:99:75:76:34:c3:58:02:dd:19:9a:18:
         0d:45:be:32:3f:1b:ba:e6:c7:75:5d:76:db:a8:d7:52:d4:38:
         ed:89:f0:44:13:a3:24:cf:fc:e7:50:57:c3:13:b3:41:a0:df:
         68:4d:c7:a6:41:a3:67:fc:6d:07:d8:37:f5:ec:42:58:0b:1a:
         66:ae:6f:5e:38:fe:98:f0:9e:68:93:ab:1e:1c:ad:b6:04:3d:
         dd:d1:2a:fb:62:f1:fa:b0:b4:72:a6:28:04:c5:93:42:1d:28:
         c6:3d:56:6e:01:f7:9b:ff:83:7c:d9:62:6a:b8:ac:9e:67:2b:
         d2:f3:2c:61:cc:22:c4:d6:5d:07:21:30:49:f8:c0:c3:ec:11:
         89:b2:6a:22:d0:2b:9e:78:d9:a0:be:ee:b3:74:ba:30:c9:ce:
         3d:03:33:8c:8d:c4:a2:12:ce:f1:69:81:7f:68:bb:c8:4f:eb:
         ce:9b:b1:bd:8c:5d:20:c4:fd:64:4e:b1:4f:d7:da:84:75:b4:
         8f:a3:c9:c4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdow0UW2TvV285yuWXNIN/pzsL/owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTE2MDAwMDAwWhcNMjIxMTE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGRhZDg4ZTZkZjVkMjk3YzE5NjU1YzZmY2M0ZTk5Mzli
YzhjODFjODE2ZTY4NDkyZGM3YzE0ZjU0YWRlN2M1MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM1azk0FA0VAYap8YNV08oXyQ7EYOcnUl0qDO86y0nr32HBM+Oio
UiYmo0499B6KlfYuxIuJH7NHNRNT5urAROP/4W42WnSxS3D8EL2XylQJ213dm9ln
Uu6yMuv2xZTpYGbPYldk2HCziFMapK9OCegUT4ykb5hMYNFYDSR2BsifXJLRGPgM
2WjdoBbaWiCa9qAqJkcneDU2uYl3Khjb9dWyRlmWt8m9hxkNyvSoF4ohvTFsiAas
P/17Y2MIQ0hYDn0asCSKEF5OM7oNXtMRq6NL/IU6klW20KO4Pgn6nTPBPbNg0yiu
ulVUKhRhF64MuNotvEW/9IBf0y8+7cK4L60CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRNziSTAxctoN+gwux9Sars2mkrNDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2NkOTNiNjItNTllNy00YTY1LThhMTctNDY0ODA0MjkzNjg5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC6fqLmo133F7MOA
+fkwaxiskPfUEnYTjRhZ/3/NzI7+8zRYgHKO1ESu2pTzaJSieQ0b6yk4N1ODOgdG
sgiZdXY0w1gC3RmaGA1FvjI/G7rmx3Vddtuo11LUOO2J8EQToyTP/OdQV8MTs0Gg
32hNx6ZBo2f8bQfYN/XsQlgLGmaub144/pjwnmiTqx4crbYEPd3RKvti8fqwtHKm
KATFk0IdKMY9Vm4B95v/g3zZYmq4rJ5nK9LzLGHMIsTWXQchMEn4wMPsEYmyaiLQ
K5542aC+7rN0ujDJzj0DM4yNxKISzvFpgX9ou8hP686bsb2MXSDE/WROsU/X2oR1
tI+jycQ=
-----END CERTIFICATE-----