Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d39ee802-629d-4d86-a2e8-9727846a4bd4.roa
File:                     d39ee802-629d-4d86-a2e8-9727846a4bd4.roa (raw, json)
Hash identifier:          lzBnWAjwgQQfQN9BLCsdGnfOEds2hTlCHMADr6+9kwE=
Subject key identifier:   54:C2:F1:C8:96:A1:B5:DD:44:F3:C4:78:97:6C:99:F2:CD:F9:68:D8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       78199A3C5B6D6A086423B52D30F7C1BD4FC81CBF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d39ee802-629d-4d86-a2e8-9727846a4bd4.roa
Signing time:             Thu 01 Dec 2022 00:00:00 +0000
ROA not before:           Thu 01 Dec 2022 00:00:00 +0000
ROA not after:            Sun 04 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:19:9a:3c:5b:6d:6a:08:64:23:b5:2d:30:f7:c1:bd:4f:c8:1c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec  1 00:00:00 2022 GMT
            Not After : Dec  4 23:59:59 2022 GMT
        Subject: serialNumber=80a397265f4747a588ffd5c90b235902d044d009c49648cf274aa24066f1c757, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:95:36:83:18:1f:1c:5a:66:c5:d5:ea:e0:41:
                    ea:ce:0c:88:9b:cb:0d:87:f3:66:e9:be:72:2e:16:
                    23:b8:6d:e8:32:fa:d9:5d:04:e1:16:bc:50:da:64:
                    51:44:bd:9a:2a:a2:02:8a:3d:cc:2c:57:53:8f:62:
                    7c:26:b0:ad:88:5f:d6:8b:95:c5:29:ce:bd:bc:c3:
                    e5:16:6b:14:6f:ca:5f:44:38:00:2e:d7:08:45:b3:
                    09:7c:25:d0:45:b7:71:72:1a:c1:bb:66:e2:25:21:
                    e3:d9:82:22:ef:8d:49:bc:e1:a3:83:73:7c:f9:80:
                    af:b0:cf:a9:15:f8:31:17:0b:de:eb:37:af:03:94:
                    29:30:ae:9a:26:95:f2:b6:eb:32:28:ed:9b:e4:dd:
                    93:b9:cd:17:c8:f3:da:2e:d2:84:04:6a:21:f4:6c:
                    bf:f4:04:33:f7:a4:a0:35:f3:0e:a4:c5:13:1d:3b:
                    6c:39:29:21:09:f3:79:2c:0d:8c:9e:7e:8a:d7:e6:
                    fc:29:a4:74:a9:ba:af:7b:ca:57:20:2c:d5:7f:17:
                    2b:3f:15:54:b1:29:68:6a:58:51:f1:4e:13:92:19:
                    b2:17:fe:18:1e:35:ff:5e:cb:67:86:9d:51:3a:a7:
                    7f:d2:9d:97:da:34:5d:9c:ea:70:7b:4f:2e:c9:1e:
                    40:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:C2:F1:C8:96:A1:B5:DD:44:F3:C4:78:97:6C:99:F2:CD:F9:68:D8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d39ee802-629d-4d86-a2e8-9727846a4bd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:99:a1:6f:15:96:eb:9f:cd:c1:d0:10:ec:d0:0d:31:c9:ff:
         1d:ea:0e:d6:3b:53:4b:6a:02:88:fc:aa:4e:8b:f7:d7:4b:05:
         97:9e:9c:10:a0:7d:02:78:8c:91:c3:b7:b9:8c:ec:91:77:4a:
         39:d5:55:c9:29:f9:bf:7b:50:48:cd:da:16:42:02:d1:71:53:
         f3:c7:62:6b:09:44:5d:df:70:21:ea:0a:db:39:75:17:23:f9:
         0d:b6:08:85:0a:fb:50:2e:a7:79:27:75:70:be:ce:14:95:bb:
         74:3f:53:a4:db:04:53:68:be:c9:22:35:59:d4:4f:5d:e3:3b:
         32:74:5b:d0:53:b6:7e:80:17:d4:24:db:8a:97:de:f8:76:03:
         21:3b:38:cf:9b:9a:17:4d:a9:10:0c:d4:8f:15:09:d0:5f:86:
         fd:27:a5:b6:3f:b5:3c:4c:4d:3d:9c:ec:5b:d4:76:84:1a:e1:
         95:b2:e1:e1:5f:e7:4a:53:9f:e9:36:63:93:dc:9f:08:c4:1e:
         bd:0c:48:09:2f:73:7f:33:15:55:51:c4:82:66:1e:1b:43:aa:
         33:e9:43:93:90:ab:12:7d:ce:1d:13:a6:ce:2c:4b:54:0b:27:
         f4:39:44:45:f6:29:6a:3f:47:96:54:43:74:fa:2b:45:a2:4f:
         0f:10:a2:61
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUeBmaPFttaghkI7UtMPfBvU/IHL8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjAxMDAwMDAwWhcNMjIxMjA0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODBhMzk3MjY1ZjQ3NDdhNTg4ZmZkNWM5MGIyMzU5MDJk
MDQ0ZDAwOWM0OTY0OGNmMjc0YWEyNDA2NmYxYzc1NzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALuVNoMYHxxaZsXV6uBB6s4MiJvLDYfzZum+ci4WI7ht6DL62V0E
4Ra8UNpkUUS9miqiAoo9zCxXU49ifCawrYhf1ouVxSnOvbzD5RZrFG/KX0Q4AC7X
CEWzCXwl0EW3cXIawbtm4iUh49mCIu+NSbzho4NzfPmAr7DPqRX4MRcL3us3rwOU
KTCumiaV8rbrMijtm+Tdk7nNF8jz2i7ShARqIfRsv/QEM/ekoDXzDqTFEx07bDkp
IQnzeSwNjJ5+itfm/CmkdKm6r3vKVyAs1X8XKz8VVLEpaGpYUfFOE5IZshf+GB41
/17LZ4adUTqnf9Kdl9o0XZzqcHtPLskeQG8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRUwvHIlqG13UTzxHiXbJnyzflo2DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDM5ZWU4MDItNjI5ZC00ZDg2LWEyZTgtOTcyNzg0NmE0YmQ0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALeZoW8VluufzcHQ
EOzQDTHJ/x3qDtY7U0tqAoj8qk6L99dLBZeenBCgfQJ4jJHDt7mM7JF3SjnVVckp
+b97UEjN2hZCAtFxU/PHYmsJRF3fcCHqCts5dRcj+Q22CIUK+1Aup3kndXC+zhSV
u3Q/U6TbBFNovskiNVnUT13jOzJ0W9BTtn6AF9Qk24qX3vh2AyE7OM+bmhdNqRAM
1I8VCdBfhv0npbY/tTxMTT2c7FvUdoQa4ZWy4eFf50pTn+k2Y5PcnwjEHr0MSAkv
c38zFVVRxIJmHhtDqjPpQ5OQqxJ9zh0Tps4sS1QLJ/Q5REX2KWo/R5ZUQ3T6K0Wi
Tw8QomE=
-----END CERTIFICATE-----