Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f1a43b99-2783-4f7e-9390-2988862dfac0.roa
File:                     f1a43b99-2783-4f7e-9390-2988862dfac0.roa (raw, json)
Hash identifier:          QuRy0zaakaU5p6a7Zm23CBEM7N2dsuGCrbSfV7LPQCk=
Subject key identifier:   F0:01:4A:73:84:36:46:C3:EE:5A:EF:83:E9:99:8C:9D:55:B9:FF:28
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4EAE659EC57A3C501BE53447A7B35E2BF37C4EBC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f1a43b99-2783-4f7e-9390-2988862dfac0.roa
Signing time:             Fri 25 Nov 2022 00:00:00 +0000
ROA not before:           Fri 25 Nov 2022 00:00:00 +0000
ROA not after:            Mon 28 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ae:65:9e:c5:7a:3c:50:1b:e5:34:47:a7:b3:5e:2b:f3:7c:4e:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov 25 00:00:00 2022 GMT
            Not After : Nov 28 23:59:59 2022 GMT
        Subject: serialNumber=43733adf1dd9ec181fad6ca7ea75cdd5dfb480204574da95421987c5e71e1414, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e9:2a:f2:2e:bf:57:39:8a:e2:12:3c:17:c6:
                    db:f3:e6:80:a2:3c:29:13:bd:22:25:01:64:ff:fa:
                    5f:50:84:44:fc:85:22:98:36:73:63:a3:c9:6c:ea:
                    15:6b:b6:c4:7d:20:fd:ec:08:2f:9c:38:f9:71:8c:
                    f9:3c:21:23:33:4d:f6:26:11:cf:10:e0:dc:ce:5c:
                    3b:08:dd:f1:f9:4a:11:1c:ac:dd:28:f4:1b:aa:f6:
                    dc:a6:37:3a:30:68:5e:63:6a:ba:ce:be:f0:10:d4:
                    db:25:9a:34:b7:4c:3d:15:cb:2e:62:ce:df:ba:0e:
                    05:3b:55:89:31:7e:f5:82:24:65:83:57:0f:00:a4:
                    66:eb:ee:41:1a:9e:a5:c8:33:ba:a2:d9:98:20:98:
                    79:24:09:50:fd:68:ff:3b:2f:49:e1:a9:1a:04:be:
                    1c:4e:71:cc:5a:8b:a9:14:c9:14:84:01:50:a2:d0:
                    da:fe:e1:39:67:70:ba:ac:a6:22:51:1c:ce:13:16:
                    0e:85:45:c0:3e:ac:e3:57:80:02:79:8c:07:bd:8a:
                    77:5e:48:9e:b5:26:f0:77:cc:cb:5c:00:82:08:cc:
                    44:b7:16:da:7b:ca:d3:97:22:19:ea:98:bd:30:52:
                    ed:2a:71:fe:af:45:da:18:10:ee:7f:b5:e1:76:b2:
                    95:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:01:4A:73:84:36:46:C3:EE:5A:EF:83:E9:99:8C:9D:55:B9:FF:28
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f1a43b99-2783-4f7e-9390-2988862dfac0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:84:d7:39:68:37:2e:de:4c:96:02:a3:0d:ca:79:87:88:8a:
         76:5d:54:3c:44:dc:99:5b:f8:41:ba:43:2c:30:2c:fd:fa:0e:
         f2:6d:5d:d2:b4:24:c7:f1:37:d5:aa:f2:40:a6:d1:4f:d9:30:
         d4:c3:0c:e3:3a:ae:e6:3c:60:53:a1:26:72:30:dc:59:4c:e3:
         65:62:45:63:8b:df:86:2a:f6:78:8b:20:20:23:09:7c:10:6b:
         da:3b:22:2d:23:44:6f:98:58:47:b6:f9:57:d0:00:28:dd:14:
         d2:0d:42:b4:44:f4:19:38:4c:97:08:3f:0b:35:a6:a0:60:ba:
         00:0b:a5:b2:e8:0c:c2:b5:ec:2c:3b:da:cb:bd:8e:7a:3c:27:
         6f:62:4b:57:c9:d9:b3:c7:c0:5e:c1:f2:cc:ed:46:97:bc:df:
         14:c2:f5:18:17:ca:28:7f:25:28:a9:b4:17:48:14:28:48:a0:
         32:73:5c:48:a9:0e:69:00:e6:c5:86:9b:0a:8b:a0:72:a8:99:
         07:b6:4c:c0:89:f4:94:6e:18:a2:05:47:32:10:ae:c9:d4:7e:
         1c:fe:6f:07:6e:6d:f6:2f:09:5d:50:2a:29:d5:7b:89:58:d2:
         b8:b6:6f:61:04:90:f2:24:6c:15:bf:90:06:43:6c:14:d8:9b:
         7f:f5:88:27
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTq5lnsV6PFAb5TRHp7NeK/N8TrwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTI1MDAwMDAwWhcNMjIxMTI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDM3MzNhZGYxZGQ5ZWMxODFmYWQ2Y2E3ZWE3NWNkZDVk
ZmI0ODAyMDQ1NzRkYTk1NDIxOTg3YzVlNzFlMTQxNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALvpKvIuv1c5iuISPBfG2/PmgKI8KRO9IiUBZP/6X1CERPyFIpg2
c2OjyWzqFWu2xH0g/ewIL5w4+XGM+TwhIzNN9iYRzxDg3M5cOwjd8flKERys3Sj0
G6r23KY3OjBoXmNqus6+8BDU2yWaNLdMPRXLLmLO37oOBTtViTF+9YIkZYNXDwCk
ZuvuQRqepcgzuqLZmCCYeSQJUP1o/zsvSeGpGgS+HE5xzFqLqRTJFIQBUKLQ2v7h
OWdwuqymIlEczhMWDoVFwD6s41eAAnmMB72Kd15InrUm8HfMy1wAggjMRLcW2nvK
05ciGeqYvTBS7Spx/q9F2hgQ7n+14XaylSECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTwAUpzhDZGw+5a74PpmYydVbn/KDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjFhNDNiOTktMjc4My00ZjdlLTkzOTAtMjk4ODg2MmRmYWMwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACWE1zloNy7eTJYC
ow3KeYeIinZdVDxE3Jlb+EG6QywwLP36DvJtXdK0JMfxN9Wq8kCm0U/ZMNTDDOM6
ruY8YFOhJnIw3FlM42ViRWOL34Yq9niLICAjCXwQa9o7Ii0jRG+YWEe2+VfQACjd
FNINQrRE9Bk4TJcIPws1pqBgugALpbLoDMK17Cw72su9jno8J29iS1fJ2bPHwF7B
8sztRpe83xTC9RgXyih/JSiptBdIFChIoDJzXEipDmkA5sWGmwqLoHKomQe2TMCJ
9JRuGKIFRzIQrsnUfhz+bwdubfYvCV1QKinVe4lY0ri2b2EEkPIkbBW/kAZDbBTY
m3/1iCc=
-----END CERTIFICATE-----