Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e314d0bc-c98e-4481-8e16-a378f3cf5e73.roa
File:                     e314d0bc-c98e-4481-8e16-a378f3cf5e73.roa (raw, json)
Hash identifier:          p1/sg7qYPan8BqgplZ81qRHztsWsS5yEIlrB5MjUVNs=
Subject key identifier:   D3:9B:71:48:09:24:C1:75:89:35:B3:59:A6:48:10:6A:C8:A5:02:2E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       441E4BBDD7CE117E243D903CF9FEB8BC10DA73DE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e314d0bc-c98e-4481-8e16-a378f3cf5e73.roa
Signing time:             Fri 16 Dec 2022 00:00:00 +0000
ROA not before:           Fri 16 Dec 2022 00:00:00 +0000
ROA not after:            Mon 19 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:1e:4b:bd:d7:ce:11:7e:24:3d:90:3c:f9:fe:b8:bc:10:da:73:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 16 00:00:00 2022 GMT
            Not After : Dec 19 23:59:59 2022 GMT
        Subject: serialNumber=2651e9db70f8f3b1f0619224421985b0c6b1c3adf6e58e0bf5d47f0f0b8cf62d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1f:a9:31:ca:73:12:d3:62:ea:28:9c:ac:fd:
                    0a:1b:29:b5:9d:83:57:69:43:ff:cf:d0:14:a8:6f:
                    1f:8d:d8:2a:d3:ca:6b:03:7b:0d:0d:64:0f:7e:d6:
                    a4:0b:b7:a0:ad:d0:f8:1c:ab:e1:71:ae:a5:1d:e2:
                    10:8e:ff:0c:1d:7a:f5:ad:bf:dc:94:22:af:b1:54:
                    d5:c4:57:8a:34:0c:e6:76:e2:c1:31:6f:72:87:05:
                    44:c0:1d:aa:71:d6:a5:bd:1c:6e:28:fa:14:a6:bb:
                    c8:68:57:62:42:e4:2f:47:d9:be:78:b5:84:11:55:
                    5f:7e:13:06:dc:47:2a:9c:3d:55:9b:66:c5:5a:47:
                    1c:9e:56:4f:66:09:10:a8:c3:ba:a8:13:8f:22:37:
                    62:96:98:2e:1c:b0:07:0d:0e:27:80:ad:76:21:a4:
                    07:67:82:2b:d9:ed:e4:c4:ea:4f:d8:46:93:c7:e6:
                    d4:f7:27:55:c5:6b:c8:35:31:c8:71:cb:16:fe:5a:
                    59:e6:72:5e:91:a0:9d:a7:79:d7:96:2d:4d:71:73:
                    2f:c6:89:4b:29:7e:01:b3:83:44:8c:26:19:f0:2d:
                    ca:b1:62:2c:47:31:f9:73:d6:31:91:47:e8:fe:cb:
                    26:da:c8:3b:41:b6:c1:bb:51:00:10:30:87:5d:5b:
                    5c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:9B:71:48:09:24:C1:75:89:35:B3:59:A6:48:10:6A:C8:A5:02:2E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e314d0bc-c98e-4481-8e16-a378f3cf5e73.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:bd:83:bf:b5:1f:31:5c:30:e7:9d:53:87:3a:16:b7:21:e5:
         ec:25:29:53:c3:03:ef:79:a8:f6:1c:c1:0a:71:b3:e5:5f:95:
         15:4d:6c:3c:1a:9d:93:6b:d7:38:dc:f9:35:ea:ff:65:b0:c4:
         75:1d:86:70:de:c3:75:28:d7:97:ad:b4:85:52:e4:17:6c:d7:
         dc:4f:18:44:48:22:1a:26:24:48:d1:7a:5f:e1:21:9d:68:25:
         dc:52:3a:95:36:0a:0a:11:b6:10:dc:17:fe:58:ff:6c:6a:7b:
         e3:4a:a3:91:d0:82:06:48:30:2c:1f:39:bc:6e:ba:7a:44:48:
         b3:a9:e8:06:f2:57:36:e3:55:11:12:e4:91:43:f7:f1:5a:81:
         5f:50:0f:4f:e1:fc:45:ef:b1:5f:f1:70:ad:ac:68:31:02:91:
         4a:d9:85:05:0a:3c:8f:75:46:66:35:b6:1c:22:c5:c5:a5:8b:
         0e:8c:3d:b1:c2:d8:4f:6c:10:e6:4e:e1:0a:21:ed:25:9c:79:
         9a:15:cd:fa:50:b2:8d:3e:44:52:86:52:d8:69:15:87:52:a2:
         8a:37:4b:26:99:ce:b2:f4:b7:1f:b3:96:fd:93:03:90:06:09:
         99:85:f7:ee:89:c4:47:33:10:af:41:fa:dc:82:7c:c1:9d:04:
         fa:9f:ba:b8
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURB5LvdfOEX4kPZA8+f64vBDac94wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE2MDAwMDAwWhcNMjIxMjE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMjY1MWU5ZGI3MGY4ZjNiMWYwNjE5MjI0NDIxOTg1YjBj
NmIxYzNhZGY2ZTU4ZTBiZjVkNDdmMGYwYjhjZjYyZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALQfqTHKcxLTYuoonKz9ChsptZ2DV2lD/8/QFKhvH43YKtPKawN7
DQ1kD37WpAu3oK3Q+Byr4XGupR3iEI7/DB169a2/3JQir7FU1cRXijQM5nbiwTFv
cocFRMAdqnHWpb0cbij6FKa7yGhXYkLkL0fZvni1hBFVX34TBtxHKpw9VZtmxVpH
HJ5WT2YJEKjDuqgTjyI3YpaYLhywBw0OJ4CtdiGkB2eCK9nt5MTqT9hGk8fm1Pcn
VcVryDUxyHHLFv5aWeZyXpGgnad515YtTXFzL8aJSyl+AbODRIwmGfAtyrFiLEcx
+XPWMZFH6P7LJtrIO0G2wbtRABAwh11bXNkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTTm3FICSTBdYk1s1mmSBBqyKUCLjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTMxNGQwYmMtYzk4ZS00NDgxLThlMTYtYTM3OGYzY2Y1ZTczLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJy9g7+1HzFcMOed
U4c6Frch5ewlKVPDA+95qPYcwQpxs+VflRVNbDwanZNr1zjc+TXq/2WwxHUdhnDe
w3Uo15ettIVS5Bds19xPGERIIhomJEjRel/hIZ1oJdxSOpU2CgoRthDcF/5Y/2xq
e+NKo5HQggZIMCwfObxuunpESLOp6AbyVzbjVRES5JFD9/FagV9QD0/h/EXvsV/x
cK2saDECkUrZhQUKPI91RmY1thwixcWliw6MPbHC2E9sEOZO4Qoh7SWceZoVzfpQ
so0+RFKGUthpFYdSooo3SyaZzrL0tx+zlv2TA5AGCZmF9+6JxEczEK9B+tyCfMGd
BPqfurg=
-----END CERTIFICATE-----