Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e6f67194-7ded-41c3-8742-9c2204711ce6.roa
File:                     e6f67194-7ded-41c3-8742-9c2204711ce6.roa (raw, json)
Hash identifier:          lVwqkfZ/32EZilTLVnAOCVyCF1ob3opZmUMiJU2TQso=
Subject key identifier:   CB:86:AB:FA:F9:F0:92:4D:D5:86:59:CF:C1:BA:E3:C8:D8:A2:DD:98
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2C5F2005CFFBD1E556279BE843612AD32A1CC88F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e6f67194-7ded-41c3-8742-9c2204711ce6.roa
Signing time:             Mon 14 Nov 2022 00:00:00 +0000
ROA not before:           Mon 14 Nov 2022 00:00:00 +0000
ROA not after:            Thu 17 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:5f:20:05:cf:fb:d1:e5:56:27:9b:e8:43:61:2a:d3:2a:1c:c8:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov 14 00:00:00 2022 GMT
            Not After : Nov 17 23:59:59 2022 GMT
        Subject: serialNumber=f4faf2cb7954ff8c30ae17116bb6a6cdb7747d21047ce60b7f87943b0d8d46c8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:dd:d1:b6:cd:e8:3e:e2:e6:8a:43:bb:0d:84:
                    9d:eb:39:27:bd:b3:9d:c2:5a:32:6b:7f:f3:9c:85:
                    e5:fe:63:82:7f:72:13:0c:13:cc:dd:c1:bb:08:cc:
                    48:18:0a:83:b3:68:b8:b5:a1:7f:7a:d1:c5:5b:39:
                    17:2a:1f:b4:4f:d4:af:d6:18:c6:e3:e1:9f:c1:a1:
                    9e:a2:78:c7:b5:47:91:d7:65:4f:e9:da:42:bf:60:
                    4e:12:cb:20:4f:64:cd:67:9e:f9:c5:4f:0e:63:74:
                    3a:a4:e1:d1:51:12:82:ce:b8:72:28:83:27:f4:82:
                    f0:b8:94:5a:d0:e6:e6:e9:bb:6e:6f:9a:07:64:b0:
                    52:51:38:f7:ef:75:f2:df:55:40:e6:76:9f:8d:16:
                    ae:4e:e0:13:c9:a1:17:54:06:43:61:09:40:76:6c:
                    e0:02:8b:1f:5b:f0:27:de:ce:de:cc:fa:11:fa:88:
                    cd:71:0e:f9:9d:cc:3c:df:db:61:db:5f:fc:f2:7e:
                    99:1c:7d:fa:13:b1:41:25:ff:3d:91:2f:3c:91:b0:
                    3d:28:eb:10:0a:82:88:3f:a4:1a:52:c0:4b:c8:32:
                    73:f9:d2:5b:ce:57:3e:ac:6e:d0:b2:c1:4a:6a:ec:
                    47:f4:de:c0:92:77:65:af:2b:65:7b:2a:fd:a0:57:
                    ca:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:86:AB:FA:F9:F0:92:4D:D5:86:59:CF:C1:BA:E3:C8:D8:A2:DD:98
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e6f67194-7ded-41c3-8742-9c2204711ce6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:61:0b:6b:4f:0f:2e:d2:1a:e1:b6:66:d4:3d:5d:00:f2:98:
         86:18:4b:65:0f:b6:f1:98:03:4b:78:08:a4:04:16:d0:10:82:
         e3:18:f3:e1:57:e4:bb:6a:d9:6b:b9:9c:5b:71:c3:bf:e3:b0:
         0e:18:d1:74:cf:6e:f9:47:5d:26:eb:74:a2:c2:71:cf:a3:66:
         25:f8:38:5a:5d:6b:89:86:f7:84:7c:f0:95:d2:c2:7d:ba:51:
         ed:ee:b5:cd:d4:63:75:01:7f:cf:13:13:be:8d:12:ba:fd:3a:
         d2:1f:34:01:7f:b4:36:67:0b:60:d9:41:82:6a:21:4a:90:70:
         14:87:71:58:e6:80:dc:44:d6:ff:0d:94:8f:06:77:d0:fd:d7:
         b1:e4:a5:e7:de:8f:23:1b:78:8c:50:87:a6:25:20:a6:05:42:
         19:02:7b:8b:88:a4:fb:1f:3e:6e:ee:00:d1:9f:df:aa:9c:bf:
         75:d1:29:13:3c:16:85:75:fc:9d:31:9c:b4:8d:c5:5b:1f:22:
         0f:5b:fc:21:f4:9b:59:ca:08:f6:e2:41:aa:e9:39:fc:da:81:
         33:12:34:f3:dd:af:f1:fa:49:41:e8:c2:7d:44:22:9d:d8:27:
         e1:bb:92:19:c9:f1:4d:dc:4f:74:78:a5:45:7a:99:42:7f:19:
         12:30:c6:55
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULF8gBc/70eVWJ5voQ2Eq0yocyI8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTE0MDAwMDAwWhcNMjIxMTE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjRmYWYyY2I3OTU0ZmY4YzMwYWUxNzExNmJiNmE2Y2Ri
Nzc0N2QyMTA0N2NlNjBiN2Y4Nzk0M2IwZDhkNDZjODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJnd0bbN6D7i5opDuw2Enes5J72zncJaMmt/85yF5f5jgn9yEwwT
zN3BuwjMSBgKg7NouLWhf3rRxVs5FyoftE/Ur9YYxuPhn8GhnqJ4x7VHkddlT+na
Qr9gThLLIE9kzWee+cVPDmN0OqTh0VESgs64ciiDJ/SC8LiUWtDm5um7bm+aB2Sw
UlE49+918t9VQOZ2n40Wrk7gE8mhF1QGQ2EJQHZs4AKLH1vwJ97O3sz6EfqIzXEO
+Z3MPN/bYdtf/PJ+mRx9+hOxQSX/PZEvPJGwPSjrEAqCiD+kGlLAS8gyc/nSW85X
Pqxu0LLBSmrsR/TewJJ3Za8rZXsq/aBXyrcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTLhqv6+fCSTdWGWc/BuuPI2KLdmDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTZmNjcxOTQtN2RlZC00MWMzLTg3NDItOWMyMjA0NzExY2U2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKBhC2tPDy7SGuG2
ZtQ9XQDymIYYS2UPtvGYA0t4CKQEFtAQguMY8+FX5Ltq2Wu5nFtxw7/jsA4Y0XTP
bvlHXSbrdKLCcc+jZiX4OFpda4mG94R88JXSwn26Ue3utc3UY3UBf88TE76NErr9
OtIfNAF/tDZnC2DZQYJqIUqQcBSHcVjmgNxE1v8NlI8Gd9D917HkpefejyMbeIxQ
h6YlIKYFQhkCe4uIpPsfPm7uANGf36qcv3XRKRM8FoV1/J0xnLSNxVsfIg9b/CH0
m1nKCPbiQarpOfzagTMSNPPdr/H6SUHown1EIp3YJ+G7khnJ8U3cT3R4pUV6mUJ/
GRIwxlU=
-----END CERTIFICATE-----