Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e2cfa291-a12e-4274-ab22-28d994847c80.roa
File:                     e2cfa291-a12e-4274-ab22-28d994847c80.roa (raw, json)
Hash identifier:          6DrzUBcKK8NxWn9ldr88pkHJPc4GTVJM1PHct4u+xMo=
Subject key identifier:   BA:51:CC:48:85:EC:56:92:1E:FC:26:78:50:58:F9:73:2E:70:1C:00
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       77BE0C3BE265DDBA8BDF1C9E9CBA2844C63BEB44
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e2cfa291-a12e-4274-ab22-28d994847c80.roa
Signing time:             Tue 06 Sep 2022 00:00:00 +0000
ROA not before:           Tue 06 Sep 2022 00:00:00 +0000
ROA not after:            Fri 09 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:be:0c:3b:e2:65:dd:ba:8b:df:1c:9e:9c:ba:28:44:c6:3b:eb:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep  6 00:00:00 2022 GMT
            Not After : Sep  9 23:59:59 2022 GMT
        Subject: serialNumber=c1142b9c4da6ed6f31a28cad4a30506ebfbd708995de3f336e0025c52c927de1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b6:38:7f:c8:39:ac:1b:c5:fd:1c:2e:45:e8:
                    7a:54:94:1d:8e:e5:df:81:5c:7f:83:43:c4:f7:87:
                    20:f7:a3:4b:f0:3d:97:e8:2b:96:20:1d:99:a6:24:
                    1a:1e:de:a5:18:b5:f8:0d:88:7a:19:6a:e2:b2:fa:
                    d1:82:7c:08:de:9c:04:20:a8:52:65:01:6b:65:10:
                    6a:7e:ba:b0:70:9b:f1:a8:cb:25:76:d3:ab:17:ee:
                    f0:92:aa:7e:b0:98:e9:0c:2b:7e:c3:51:1f:f6:0f:
                    e4:5e:64:ab:f0:c6:fb:71:ee:63:b4:f3:42:0f:d3:
                    eb:43:6c:0e:28:a2:cb:b7:26:f2:76:c6:b2:ce:87:
                    bd:02:76:fe:b3:80:70:b0:54:db:a8:eb:f7:33:3d:
                    4a:38:f7:43:28:5e:91:65:8a:54:a0:5d:1c:2b:57:
                    98:88:bd:7b:67:f5:15:fe:2c:29:50:29:06:ca:a3:
                    56:a5:cc:f5:28:fa:96:73:a3:1b:a6:c8:81:2c:75:
                    6a:2a:d1:b3:90:97:d7:54:2f:4c:ad:41:87:2e:a2:
                    80:98:d9:f9:ab:b9:0a:5f:ce:5e:80:ba:06:60:8b:
                    e9:45:a0:2a:83:40:5e:f6:98:ef:66:9d:f9:1f:5f:
                    8a:f0:9f:e0:bb:84:0f:ee:8b:f8:de:81:e4:ba:8c:
                    39:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:51:CC:48:85:EC:56:92:1E:FC:26:78:50:58:F9:73:2E:70:1C:00
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e2cfa291-a12e-4274-ab22-28d994847c80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:24:56:da:79:95:44:10:e5:61:84:63:5a:b8:ff:27:1c:63:
         a8:51:12:ee:0c:0e:c7:df:72:56:64:21:53:34:b4:66:7e:90:
         1e:87:2a:23:80:96:17:f0:59:49:41:e7:be:56:d1:f6:86:37:
         63:4d:6b:94:50:57:7e:ed:57:2d:12:df:6f:2b:ce:fb:c6:9b:
         fd:20:82:1a:41:7c:79:5d:bb:af:7f:d1:bf:d4:a5:9f:cb:a6:
         a2:a4:38:bc:1e:81:16:0c:1d:f9:61:81:e3:29:11:18:5f:b4:
         ee:1d:da:02:66:b9:04:37:56:ff:99:eb:b3:0b:cd:6d:4e:6e:
         f7:56:27:4b:47:07:0a:13:af:37:f3:8a:c8:a5:fe:ee:a7:75:
         62:5e:1c:40:36:a3:96:54:d2:10:cb:21:85:8e:d9:4c:fd:5e:
         1a:aa:dd:2e:da:66:28:5e:1c:d2:28:8b:50:8e:78:df:98:b1:
         d9:0a:99:7d:05:15:65:40:ae:64:f8:4c:54:36:4a:f0:33:b6:
         26:b2:85:b0:ae:6d:11:64:84:24:de:5c:3d:00:cb:48:b8:47:
         0a:6b:52:1c:b7:1c:70:1f:b0:d1:40:5d:f4:3b:99:7a:98:e3:
         db:fc:12:59:eb:06:45:df:b2:05:cb:25:28:ec:eb:c0:e1:e9:
         22:b3:4e:b9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUd74MO+Jl3bqL3xyenLooRMY760QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTA2MDAwMDAwWhcNMjIwOTA5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzExNDJiOWM0ZGE2ZWQ2ZjMxYTI4Y2FkNGEzMDUwNmVi
ZmJkNzA4OTk1ZGUzZjMzNmUwMDI1YzUyYzkyN2RlMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALm2OH/IOawbxf0cLkXoelSUHY7l34Fcf4NDxPeHIPejS/A9l+gr
liAdmaYkGh7epRi1+A2Iehlq4rL60YJ8CN6cBCCoUmUBa2UQan66sHCb8ajLJXbT
qxfu8JKqfrCY6QwrfsNRH/YP5F5kq/DG+3HuY7TzQg/T60NsDiiiy7cm8nbGss6H
vQJ2/rOAcLBU26jr9zM9Sjj3QyhekWWKVKBdHCtXmIi9e2f1Ff4sKVApBsqjVqXM
9Sj6lnOjG6bIgSx1airRs5CX11QvTK1Bhy6igJjZ+au5Cl/OXoC6BmCL6UWgKoNA
XvaY72ad+R9fivCf4LuED+6L+N6B5LqMOekCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS6UcxIhexWkh78JnhQWPlzLnAcADAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTJjZmEyOTEtYTEyZS00Mjc0LWFiMjItMjhkOTk0ODQ3YzgwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMckVtp5lUQQ5WGE
Y1q4/yccY6hREu4MDsffclZkIVM0tGZ+kB6HKiOAlhfwWUlB575W0faGN2NNa5RQ
V37tVy0S328rzvvGm/0gghpBfHldu69/0b/UpZ/LpqKkOLwegRYMHflhgeMpERhf
tO4d2gJmuQQ3Vv+Z67MLzW1ObvdWJ0tHBwoTrzfzisil/u6ndWJeHEA2o5ZU0hDL
IYWO2Uz9Xhqq3S7aZiheHNIoi1COeN+YsdkKmX0FFWVArmT4TFQ2SvAztiayhbCu
bRFkhCTeXD0Ay0i4RwprUhy3HHAfsNFAXfQ7mXqY49v8ElnrBkXfsgXLJSjs68Dh
6SKzTrk=
-----END CERTIFICATE-----