Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cf8a9a01-b3da-4c93-8e8e-4de3368c4388.roa
File:                     cf8a9a01-b3da-4c93-8e8e-4de3368c4388.roa (raw, json)
Hash identifier:          f4SJ3cSB7N640TVXUSv9qQKm2wx0rIVNyjmys5+GxL8=
Subject key identifier:   F1:C3:DA:F2:24:DB:A0:03:1A:67:BD:9C:97:4F:A0:F1:B4:BC:79:48
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       262725A202E72C660746786007EC91364C6C6910
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cf8a9a01-b3da-4c93-8e8e-4de3368c4388.roa
Signing time:             Mon 05 Dec 2022 00:00:00 +0000
ROA not before:           Mon 05 Dec 2022 00:00:00 +0000
ROA not after:            Thu 08 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:27:25:a2:02:e7:2c:66:07:46:78:60:07:ec:91:36:4c:6c:69:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  5 00:00:00 2022 GMT
            Not After : Dec  8 23:59:59 2022 GMT
        Subject: serialNumber=d722d4a82b0f76e8b793a6b5ac4044e7c4261a04f202cbc2b777051d74138a40, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3b:a1:51:25:93:50:38:fb:8b:27:25:6f:76:
                    a6:01:1e:fa:9c:22:12:90:90:93:f5:db:90:94:b1:
                    af:8f:47:47:dc:1d:5f:d7:d6:b0:dd:01:ec:d6:e4:
                    05:ca:bb:f6:19:d4:39:64:fd:7d:80:36:0a:8a:28:
                    c6:62:a6:7b:b6:5a:9d:0f:f5:91:ee:87:2a:9f:d2:
                    3c:93:45:ec:7d:62:65:80:6e:07:20:84:33:b9:0b:
                    4e:03:a8:01:b1:3f:37:f1:f4:79:7b:66:22:2f:83:
                    e0:21:12:2b:73:5f:d1:24:e3:6d:17:41:65:71:61:
                    45:70:85:d0:2a:60:6d:8f:d6:d9:0d:3c:99:5c:8b:
                    e6:3b:03:77:04:62:ce:0f:f9:68:3d:06:19:84:53:
                    7f:2e:1a:cb:25:27:df:a8:5d:1b:97:e6:95:ca:9e:
                    35:29:f5:77:65:d6:e2:e3:f0:15:57:fe:2e:2b:ad:
                    31:b4:7f:62:bc:c3:55:22:8d:cd:1e:27:27:c5:05:
                    43:f1:6e:8a:a0:8f:6b:74:5f:61:b4:b5:4b:cd:02:
                    c4:29:22:fe:b1:44:85:ac:ef:40:8f:d5:5b:c5:43:
                    eb:11:2b:98:9a:d1:e9:d9:d6:34:a7:db:32:97:35:
                    d2:73:97:ce:72:26:1e:17:f6:30:5f:69:08:a7:cc:
                    3a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:C3:DA:F2:24:DB:A0:03:1A:67:BD:9C:97:4F:A0:F1:B4:BC:79:48
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cf8a9a01-b3da-4c93-8e8e-4de3368c4388.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:01:ca:d1:28:40:5f:64:c1:7a:16:80:09:65:63:27:05:61:
         29:d1:5d:23:41:99:e8:9a:85:82:de:51:e9:ec:a9:4a:c0:1e:
         ed:72:37:9e:6b:f6:aa:ff:39:90:3f:b4:1a:f5:27:78:0a:2e:
         e9:16:45:c2:4d:4f:04:9e:43:f5:0f:2f:4f:07:5b:c8:66:cd:
         eb:04:48:91:49:a4:79:97:52:d5:fa:67:6a:85:50:04:f7:c8:
         76:e8:ef:8d:be:8e:28:a3:39:3c:93:6e:d6:fa:a6:33:fb:d2:
         90:f9:5a:c3:fa:2a:d2:f2:cc:37:0a:c1:66:66:e7:62:a8:97:
         11:2e:6d:50:65:9d:42:11:a9:14:81:36:f0:f6:9f:37:66:08:
         11:bb:38:18:ed:d8:b0:d0:d9:fb:5a:a4:2f:ac:45:30:bd:40:
         97:7e:17:a8:d1:f0:63:32:26:ac:4c:40:69:17:98:90:e1:28:
         90:19:ca:51:fc:26:25:f0:e4:0f:39:3d:26:9f:0d:03:a4:7b:
         9f:ce:c9:6a:ca:11:8e:b1:d2:c4:d4:48:58:0a:f3:30:2b:51:
         2c:21:af:e3:26:09:40:e1:39:cf:2f:ac:9e:04:42:d9:32:76:
         a2:04:cd:46:3d:7a:af:73:7a:bb:4a:96:65:6f:fc:12:2d:ce:
         35:12:dc:f3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJiclogLnLGYHRnhgB+yRNkxsaRAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjA1MDAwMDAwWhcNMjIxMjA4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDcyMmQ0YTgyYjBmNzZlOGI3OTNhNmI1YWM0MDQ0ZTdj
NDI2MWEwNGYyMDJjYmMyYjc3NzA1MWQ3NDEzOGE0MDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ47oVElk1A4+4snJW92pgEe+pwiEpCQk/XbkJSxr49HR9wdX9fW
sN0B7NbkBcq79hnUOWT9fYA2CoooxmKme7ZanQ/1ke6HKp/SPJNF7H1iZYBuByCE
M7kLTgOoAbE/N/H0eXtmIi+D4CESK3Nf0STjbRdBZXFhRXCF0CpgbY/W2Q08mVyL
5jsDdwRizg/5aD0GGYRTfy4ayyUn36hdG5fmlcqeNSn1d2XW4uPwFVf+LiutMbR/
YrzDVSKNzR4nJ8UFQ/FuiqCPa3RfYbS1S80CxCki/rFEhazvQI/VW8VD6xErmJrR
6dnWNKfbMpc10nOXznImHhf2MF9pCKfMOrcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTxw9ryJNugAxpnvZyXT6DxtLx5SDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2Y4YTlhMDEtYjNkYS00YzkzLThlOGUtNGRlMzM2OGM0Mzg4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABgBytEoQF9kwXoW
gAllYycFYSnRXSNBmeiahYLeUensqUrAHu1yN55r9qr/OZA/tBr1J3gKLukWRcJN
TwSeQ/UPL08HW8hmzesESJFJpHmXUtX6Z2qFUAT3yHbo742+jiijOTyTbtb6pjP7
0pD5WsP6KtLyzDcKwWZm52KolxEubVBlnUIRqRSBNvD2nzdmCBG7OBjt2LDQ2fta
pC+sRTC9QJd+F6jR8GMyJqxMQGkXmJDhKJAZylH8JiXw5A85PSafDQOke5/OyWrK
EY6x0sTUSFgK8zArUSwhr+MmCUDhOc8vrJ4EQtkydqIEzUY9eq9zertKlmVv/BIt
zjUS3PM=
-----END CERTIFICATE-----