Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e9ab8e99-e056-4b3a-a749-661ab08b0afb.roa
File:                     e9ab8e99-e056-4b3a-a749-661ab08b0afb.roa (raw, json)
Hash identifier:          MLc5MMxX66DQLBc7GRoS6Dq7czdnYVDjvZpJpi3CKu0=
Subject key identifier:   54:7F:32:53:4E:1A:1F:9F:DF:2E:CD:8E:FD:D8:79:42:1E:7F:71:7F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7603926D0D5BBE582F781934689F5A06DF65D260
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e9ab8e99-e056-4b3a-a749-661ab08b0afb.roa
Signing time:             Thu 20 Oct 2022 00:00:00 +0000
ROA not before:           Thu 20 Oct 2022 00:00:00 +0000
ROA not after:            Sun 23 Oct 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:03:92:6d:0d:5b:be:58:2f:78:19:34:68:9f:5a:06:df:65:d2:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Oct 20 00:00:00 2022 GMT
            Not After : Oct 23 23:59:59 2022 GMT
        Subject: serialNumber=9564fd80894b991619ee67ac3d78a6ae65875a0d4a30bcf4b3c62894e5777ee5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f1:e1:67:33:bb:f1:46:e0:fc:82:a3:71:f4:
                    ab:78:55:ff:86:ab:99:33:84:2e:4e:6e:ec:8e:e6:
                    7e:60:ce:09:5b:b2:c5:5d:3d:e4:b9:ff:46:5c:5b:
                    c3:ce:90:1e:92:38:d7:e8:6f:19:9f:d2:00:39:c5:
                    28:91:af:66:3c:63:1d:c5:42:30:70:e0:ea:17:71:
                    88:06:0e:f7:70:b6:9f:6c:98:3c:46:2b:90:cf:5c:
                    5f:ac:a9:36:fd:88:7f:b4:54:67:c3:51:c6:82:7d:
                    2f:5f:2d:3e:45:f3:6f:28:69:3f:31:10:90:a7:cf:
                    2c:40:23:c6:9e:b6:04:0f:b9:3d:06:5f:bc:95:a8:
                    c3:70:fa:09:89:96:a7:46:7d:01:e3:98:17:55:60:
                    00:a2:35:94:57:22:a4:5d:b6:a4:2d:36:67:af:f9:
                    db:a6:28:be:f3:d1:0a:cf:12:91:35:10:d1:54:63:
                    93:48:74:3c:5e:55:5e:55:12:21:86:88:ff:cf:57:
                    85:f2:1b:95:8f:a2:4b:65:50:9b:ef:b3:89:61:a8:
                    e6:12:5f:0e:9a:89:e7:b7:e3:93:ca:22:b4:fd:1b:
                    ad:36:30:4c:04:a5:18:32:15:78:aa:1f:32:ad:2e:
                    57:93:a7:d7:c7:53:35:09:52:eb:1e:5a:3c:49:ef:
                    da:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:7F:32:53:4E:1A:1F:9F:DF:2E:CD:8E:FD:D8:79:42:1E:7F:71:7F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e9ab8e99-e056-4b3a-a749-661ab08b0afb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:79:74:c6:77:0a:e6:a0:0d:9e:2b:41:87:35:8a:b4:85:06:
         5b:49:0e:70:71:86:65:99:e3:78:13:81:33:2a:56:f3:47:30:
         36:36:b2:76:af:ae:f8:7a:42:55:49:2a:d8:38:29:eb:c8:e6:
         05:d6:dc:4d:cf:24:ee:6e:d9:ee:b8:46:6c:2c:88:20:e5:ad:
         86:e3:ae:1c:1e:4d:52:7d:c1:ce:d4:1f:6c:5c:4c:24:dc:ea:
         57:e4:d6:df:a2:e2:fb:aa:12:31:46:9a:f5:9f:14:14:22:b2:
         a4:39:7c:73:1f:03:0d:f4:79:1e:86:61:1a:39:40:1a:dd:46:
         ea:88:a7:d3:5c:9f:06:a8:ce:a8:25:80:81:c8:98:d4:95:df:
         fa:ec:6c:46:b8:ad:73:1f:5e:5d:a2:a3:36:26:87:a3:c3:bd:
         06:ad:fe:98:34:56:a3:68:aa:95:bd:2d:7d:67:41:7f:d8:b7:
         e9:bb:c3:91:20:82:22:f8:41:05:ed:3d:61:ce:2f:d8:dd:07:
         eb:ad:69:ea:99:a9:28:6c:2a:81:fa:54:97:a7:46:7e:f5:ba:
         a0:9e:67:58:50:c8:0b:6c:7c:f9:18:a9:31:04:d1:f8:50:ad:
         83:71:e4:0a:b7:11:48:cf:85:94:e2:cc:fc:68:69:73:15:0c:
         6d:d5:01:e6
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdgOSbQ1bvlgveBk0aJ9aBt9l0mAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMDIwMDAwMDAwWhcNMjIxMDIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTU2NGZkODA4OTRiOTkxNjE5ZWU2N2FjM2Q3OGE2YWU2
NTg3NWEwZDRhMzBiY2Y0YjNjNjI4OTRlNTc3N2VlNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMPx4Wczu/FG4PyCo3H0q3hV/4armTOELk5u7I7mfmDOCVuyxV09
5Ln/Rlxbw86QHpI41+hvGZ/SADnFKJGvZjxjHcVCMHDg6hdxiAYO93C2n2yYPEYr
kM9cX6ypNv2If7RUZ8NRxoJ9L18tPkXzbyhpPzEQkKfPLEAjxp62BA+5PQZfvJWo
w3D6CYmWp0Z9AeOYF1VgAKI1lFcipF22pC02Z6/526YovvPRCs8SkTUQ0VRjk0h0
PF5VXlUSIYaI/89XhfIblY+iS2VQm++ziWGo5hJfDpqJ57fjk8oitP0brTYwTASl
GDIVeKofMq0uV5On18dTNQlS6x5aPEnv2ukCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRUfzJTThofn98uzY792HlCHn9xfzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTlhYjhlOTktZTA1Ni00YjNhLWE3NDktNjYxYWIwOGIwYWZiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHl5dMZ3CuagDZ4r
QYc1irSFBltJDnBxhmWZ43gTgTMqVvNHMDY2snavrvh6QlVJKtg4KevI5gXW3E3P
JO5u2e64RmwsiCDlrYbjrhweTVJ9wc7UH2xcTCTc6lfk1t+i4vuqEjFGmvWfFBQi
sqQ5fHMfAw30eR6GYRo5QBrdRuqIp9NcnwaozqglgIHImNSV3/rsbEa4rXMfXl2i
ozYmh6PDvQat/pg0VqNoqpW9LX1nQX/Yt+m7w5EggiL4QQXtPWHOL9jdB+utaeqZ
qShsKoH6VJenRn71uqCeZ1hQyAtsfPkYqTEE0fhQrYNx5Aq3EUjPhZTizPxoaXMV
DG3VAeY=
-----END CERTIFICATE-----