Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d956634c-7b29-4ba4-bbcf-f3925932d199.roa
File:                     d956634c-7b29-4ba4-bbcf-f3925932d199.roa (raw, json)
Hash identifier:          GIt4KC/kjN/M+bmfN4SofvGikkcc7Lzr8x8rT1fI/w4=
Subject key identifier:   DD:0E:FE:63:F2:DB:43:D8:32:8C:E4:33:B8:FE:35:24:64:DB:0C:3F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1D4BA48441CBA4DCCDB736BE8D0FDFAE9F5DB934
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d956634c-7b29-4ba4-bbcf-f3925932d199.roa
Signing time:             Wed 21 Sep 2022 00:00:00 +0000
ROA not before:           Wed 21 Sep 2022 00:00:00 +0000
ROA not after:            Sat 24 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:4b:a4:84:41:cb:a4:dc:cd:b7:36:be:8d:0f:df:ae:9f:5d:b9:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 21 00:00:00 2022 GMT
            Not After : Sep 24 23:59:59 2022 GMT
        Subject: serialNumber=d679468ba87e683a0a8641cf22d4de9e918176bda2e35d096b198a62826f95ed, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:19:48:92:34:82:31:5c:d5:c7:fd:4c:8b:e5:
                    b5:5a:54:55:2e:dc:99:d1:68:ab:fb:6b:89:fc:a8:
                    cd:43:e8:e7:ea:8c:a8:d1:d7:d8:fb:08:f6:5e:08:
                    eb:89:ed:28:3f:cf:c7:68:17:68:6d:22:a3:f4:1f:
                    1c:1e:85:d4:17:0e:d5:ec:c5:e1:d1:b8:9b:c0:df:
                    54:8e:e4:2c:ec:7d:14:d1:49:55:0c:f4:1d:89:7a:
                    96:90:91:c4:a5:19:a2:f8:30:a5:f4:dd:29:4c:9e:
                    7c:2f:a6:97:52:c6:f8:52:1e:d5:6d:8c:9e:16:16:
                    38:e8:4d:14:0e:43:4e:74:d7:bf:bc:d1:86:00:e0:
                    6f:7b:b9:ce:83:ef:6a:ae:26:b5:a2:40:5e:1f:6b:
                    54:9d:30:9d:96:8e:ef:fc:49:c3:02:bf:5a:92:75:
                    61:66:5d:25:d1:37:43:92:05:45:03:80:a7:83:66:
                    45:bc:33:2d:dd:92:43:4a:b6:c5:a0:e3:ec:f4:86:
                    38:ee:1a:21:0a:55:cc:d1:0d:8e:53:36:e5:b2:5a:
                    29:9f:6d:38:df:7f:65:24:41:c1:5d:87:e3:3d:2a:
                    ea:97:01:44:b1:b9:43:38:2d:db:d3:15:41:83:56:
                    b4:83:14:c6:42:c3:16:58:5a:27:b3:6b:24:43:52:
                    29:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:0E:FE:63:F2:DB:43:D8:32:8C:E4:33:B8:FE:35:24:64:DB:0C:3F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d956634c-7b29-4ba4-bbcf-f3925932d199.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:84:3c:65:90:f2:46:aa:cb:0b:44:8a:09:1f:77:0e:68:49:
         ac:b9:24:af:3e:23:ff:79:47:67:7c:e5:1e:f9:8a:fd:67:26:
         a6:ab:45:47:fe:b1:2d:f3:33:70:e8:c0:15:4e:7e:4e:5c:6b:
         3f:53:39:b3:7f:90:5a:a0:b8:18:e1:a8:6d:db:2b:55:a9:6c:
         e7:90:47:09:f6:a3:98:42:04:93:5e:c9:5c:23:73:1b:2f:53:
         4a:86:8a:87:93:50:30:40:ad:45:47:05:f5:d5:1e:bd:c4:ef:
         35:6f:67:74:cc:53:6e:1a:bf:6a:b8:ba:2c:d5:61:c6:8f:0d:
         3b:fc:6e:26:56:5d:bd:a6:64:ec:b9:ae:ba:8b:35:e1:50:bb:
         4a:57:df:ac:3c:20:a7:a6:59:e6:4e:6a:d1:df:e5:e6:df:4a:
         34:9b:1a:2a:71:9a:c1:dd:95:0a:c8:8a:2f:ed:00:b3:af:48:
         c8:98:7f:0e:46:b3:f7:c3:6e:84:bc:5e:df:69:29:99:71:e4:
         41:9f:f4:75:d1:1c:25:02:e6:1d:a8:0f:61:69:93:6d:ec:a4:
         f8:0a:9f:65:0a:5d:17:8e:a5:54:6c:d4:91:b4:38:3d:9a:23:
         cc:77:48:98:fa:69:0c:28:84:b3:6f:e8:d7:f2:c4:70:9e:8e:
         48:9d:99:3c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHUukhEHLpNzNtza+jQ/frp9duTQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTIxMDAwMDAwWhcNMjIwOTI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDY3OTQ2OGJhODdlNjgzYTBhODY0MWNmMjJkNGRlOWU5
MTgxNzZiZGEyZTM1ZDA5NmIxOThhNjI4MjZmOTVlZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPgZSJI0gjFc1cf9TIvltVpUVS7cmdFoq/trifyozUPo5+qMqNHX
2PsI9l4I64ntKD/Px2gXaG0io/QfHB6F1BcO1ezF4dG4m8DfVI7kLOx9FNFJVQz0
HYl6lpCRxKUZovgwpfTdKUyefC+ml1LG+FIe1W2MnhYWOOhNFA5DTnTXv7zRhgDg
b3u5zoPvaq4mtaJAXh9rVJ0wnZaO7/xJwwK/WpJ1YWZdJdE3Q5IFRQOAp4NmRbwz
Ld2SQ0q2xaDj7PSGOO4aIQpVzNENjlM25bJaKZ9tON9/ZSRBwV2H4z0q6pcBRLG5
Qzgt29MVQYNWtIMUxkLDFlhaJ7NrJENSKTMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTdDv5j8ttD2DKM5DO4/jUkZNsMPzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDk1NjYzNGMtN2IyOS00YmE0LWJiY2YtZjM5MjU5MzJkMTk5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABiEPGWQ8kaqywtE
igkfdw5oSay5JK8+I/95R2d85R75iv1nJqarRUf+sS3zM3DowBVOfk5caz9TObN/
kFqguBjhqG3bK1WpbOeQRwn2o5hCBJNeyVwjcxsvU0qGioeTUDBArUVHBfXVHr3E
7zVvZ3TMU24av2q4uizVYcaPDTv8biZWXb2mZOy5rrqLNeFQu0pX36w8IKemWeZO
atHf5ebfSjSbGipxmsHdlQrIii/tALOvSMiYfw5Gs/fDboS8Xt9pKZlx5EGf9HXR
HCUC5h2oD2Fpk23spPgKn2UKXReOpVRs1JG0OD2aI8x3SJj6aQwohLNv6NfyxHCe
jkidmTw=
-----END CERTIFICATE-----