Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f083ec3c-f859-4854-abfb-c1c68d4c5b91.roa
File:                     f083ec3c-f859-4854-abfb-c1c68d4c5b91.roa (raw, json)
Hash identifier:          ZGOumquWcDH8KknfjvLr53AvzVvwdW5MsC8mIIpTMnQ=
Subject key identifier:   3E:D8:FA:E3:EF:F8:B8:06:55:FC:06:B9:16:C0:F8:88:87:27:5A:4F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6DF281BB87B26749C8A4EF26C36551C8D7EA5A4F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f083ec3c-f859-4854-abfb-c1c68d4c5b91.roa
Signing time:             Fri 26 Aug 2022 00:00:00 +0000
ROA not before:           Fri 26 Aug 2022 00:00:00 +0000
ROA not after:            Mon 29 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:f2:81:bb:87:b2:67:49:c8:a4:ef:26:c3:65:51:c8:d7:ea:5a:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 26 00:00:00 2022 GMT
            Not After : Aug 29 23:59:59 2022 GMT
        Subject: serialNumber=0ee0b316b7e7a21a1345249c7afb356d40be9915b4a2e2c4df2aae02c2110d0d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a6:51:f3:17:21:49:b5:76:2b:23:34:3f:e8:
                    fe:c8:74:a0:74:a2:67:76:7e:ea:b0:a5:62:f5:cb:
                    1a:f6:37:0c:89:08:42:8a:03:a6:da:c3:3c:4b:3b:
                    ec:af:a0:aa:76:5b:b2:24:40:27:27:8b:8f:bb:59:
                    0f:38:da:78:28:03:e8:ce:f0:83:31:69:08:2c:00:
                    7c:8d:b4:26:a7:6d:03:f5:b5:03:fb:df:b6:44:39:
                    1a:2a:3e:d1:73:d1:c5:d5:a2:80:c1:be:dd:3c:bf:
                    69:f8:84:52:0d:64:87:1b:58:b2:b6:a2:d8:52:59:
                    d5:86:0a:95:03:ea:4c:c6:d2:26:67:bf:df:10:ac:
                    45:bf:1b:8c:a9:0d:e8:78:40:0e:59:73:07:c8:20:
                    51:7b:cf:54:7a:4f:da:0b:5d:a0:89:5b:83:68:61:
                    5f:cc:e1:9c:60:8a:a6:e0:29:d9:7f:10:68:f3:a4:
                    20:fe:84:2c:d3:34:8b:e6:77:f1:34:dc:15:65:02:
                    b8:31:43:54:93:30:4b:34:ac:36:3c:1e:e9:4a:59:
                    26:9d:54:27:48:4c:51:2e:c8:ae:0b:2b:9c:f3:56:
                    85:a9:ae:13:5b:95:50:7a:fa:45:50:ce:e0:e1:c4:
                    eb:8b:93:62:fd:24:dc:13:92:c5:6f:97:45:eb:40:
                    b2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D8:FA:E3:EF:F8:B8:06:55:FC:06:B9:16:C0:F8:88:87:27:5A:4F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f083ec3c-f859-4854-abfb-c1c68d4c5b91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:c5:41:f4:8e:6a:2f:54:37:0f:48:c3:d7:21:89:0f:b4:6b:
         55:7d:a5:72:a6:f5:fe:1c:2b:e0:50:81:21:05:3d:9c:48:20:
         31:5d:cc:54:8f:ec:04:17:6b:ff:9e:57:ec:e5:8e:f7:84:e6:
         33:88:7c:74:3f:2d:9d:9d:e9:f7:5f:d2:e6:0e:fc:a3:d6:3b:
         73:4c:55:a4:a7:f3:23:5a:a3:7c:96:37:a6:de:ae:84:f4:fc:
         bb:f4:a4:e9:95:21:50:5a:1c:11:29:13:9a:d5:1d:33:00:4f:
         73:dd:b8:fd:12:0b:3e:43:c9:fb:a4:66:e2:a3:74:b8:24:c4:
         7b:79:b7:ae:3b:35:91:d1:e1:bb:49:8e:c0:f9:c6:44:8b:62:
         89:72:b6:93:97:b5:99:d3:9b:41:84:01:cd:d3:dc:4d:4e:16:
         19:89:64:db:35:f4:bb:56:28:f9:47:82:b1:0e:be:c5:4b:2d:
         8d:b5:58:58:6b:2f:76:e5:cf:cb:10:7a:55:a4:76:df:0b:8d:
         e3:a3:66:c4:72:3c:6c:1f:7f:ad:e6:7f:98:e2:2c:bb:e3:fe:
         e5:65:a4:05:84:f3:f6:43:bd:a3:7b:35:de:69:3d:06:0c:15:
         7f:cc:ce:e8:5f:84:dc:79:6f:e4:c9:b7:29:e9:2f:a2:19:bb:
         cd:33:44:51
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbfKBu4eyZ0nIpO8mw2VRyNfqWk8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODI2MDAwMDAwWhcNMjIwODI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGVlMGIzMTZiN2U3YTIxYTEzNDUyNDljN2FmYjM1NmQ0
MGJlOTkxNWI0YTJlMmM0ZGYyYWFlMDJjMjExMGQwZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKamUfMXIUm1disjND/o/sh0oHSiZ3Z+6rClYvXLGvY3DIkIQooD
ptrDPEs77K+gqnZbsiRAJyeLj7tZDzjaeCgD6M7wgzFpCCwAfI20JqdtA/W1A/vf
tkQ5Gio+0XPRxdWigMG+3Ty/afiEUg1khxtYsrai2FJZ1YYKlQPqTMbSJme/3xCs
Rb8bjKkN6HhADllzB8ggUXvPVHpP2gtdoIlbg2hhX8zhnGCKpuAp2X8QaPOkIP6E
LNM0i+Z38TTcFWUCuDFDVJMwSzSsNjwe6UpZJp1UJ0hMUS7IrgsrnPNWhamuE1uV
UHr6RVDO4OHE64uTYv0k3BOSxW+XRetAsicCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ+2Prj7/i4BlX8BrkWwPiIhydaTzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjA4M2VjM2MtZjg1OS00ODU0LWFiZmItYzFjNjhkNGM1YjkxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKfFQfSOai9UNw9I
w9chiQ+0a1V9pXKm9f4cK+BQgSEFPZxIIDFdzFSP7AQXa/+eV+zljveE5jOIfHQ/
LZ2d6fdf0uYO/KPWO3NMVaSn8yNao3yWN6beroT0/Lv0pOmVIVBaHBEpE5rVHTMA
T3PduP0SCz5DyfukZuKjdLgkxHt5t647NZHR4btJjsD5xkSLYolytpOXtZnTm0GE
Ac3T3E1OFhmJZNs19LtWKPlHgrEOvsVLLY21WFhrL3blz8sQelWkdt8LjeOjZsRy
PGwff63mf5jiLLvj/uVlpAWE8/ZDvaN7Nd5pPQYMFX/MzuhfhNx5b+TJtynpL6IZ
u80zRFE=
-----END CERTIFICATE-----