Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f53d7698-3b36-4ec0-ae56-5da2947977db.roa
File:                     f53d7698-3b36-4ec0-ae56-5da2947977db.roa (raw, json)
Hash identifier:          MAUha9mAX2sSmT9DPp8yXxKeO+kvRWjeKmXkZjXKpvc=
Subject key identifier:   53:56:F3:54:1E:D0:88:76:C6:9C:27:54:34:45:26:16:AA:00:58:D9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       18004F18B501860EA44B02E0DB7767CD64288EB1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f53d7698-3b36-4ec0-ae56-5da2947977db.roa
Signing time:             Wed 13 Jul 2022 00:00:00 +0000
ROA not before:           Wed 13 Jul 2022 00:00:00 +0000
ROA not after:            Sat 16 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:00:4f:18:b5:01:86:0e:a4:4b:02:e0:db:77:67:cd:64:28:8e:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 13 00:00:00 2022 GMT
            Not After : Jul 16 23:59:59 2022 GMT
        Subject: serialNumber=db0068cf8fe66f85ed94cc42ecd39066bb782956d84f733be6ea6551a8231a58, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:6d:e4:78:c4:f0:9c:78:a7:e6:18:d7:a9:78:
                    72:f1:98:d5:18:eb:41:58:49:79:64:e7:8b:70:8a:
                    d5:5a:32:db:3f:82:32:00:c0:d8:10:97:f3:d6:9c:
                    b2:fa:7c:ba:6b:c1:7d:e8:a7:92:87:fd:ed:8e:0a:
                    8b:41:df:49:78:da:a6:c0:99:80:0e:7b:84:51:0b:
                    35:12:c8:e9:84:26:31:0b:ed:2e:f9:60:61:a2:b5:
                    cb:4b:56:0c:a3:76:c2:42:2e:59:89:33:ee:30:60:
                    57:7b:ca:d4:53:76:d1:c4:1a:f1:a7:43:92:30:c0:
                    10:28:3c:0f:10:15:96:c4:85:b6:8b:9b:d3:9a:e9:
                    e6:e6:77:0a:83:ba:01:8d:e3:97:f3:e4:67:2f:e8:
                    9e:b7:05:c8:a0:96:07:fd:90:3e:96:03:a6:ab:05:
                    0c:5f:09:08:51:a3:29:52:9f:ce:c2:0e:d5:58:8a:
                    e6:02:29:44:26:57:57:8e:82:66:5f:a2:61:05:d5:
                    38:df:5b:34:da:bd:7c:69:e8:1c:29:0b:1d:03:f0:
                    20:58:61:5a:86:ca:9a:14:db:65:2a:73:05:6b:cc:
                    13:0e:7c:a1:63:de:b5:32:2a:1f:10:fd:72:98:e8:
                    16:97:9e:8a:42:78:51:75:2f:4c:57:ce:98:71:99:
                    46:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:56:F3:54:1E:D0:88:76:C6:9C:27:54:34:45:26:16:AA:00:58:D9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f53d7698-3b36-4ec0-ae56-5da2947977db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:e8:21:82:26:52:28:35:16:1f:5f:f2:d1:76:c4:f2:5b:57:
         d5:8a:44:01:3c:2a:9a:63:48:f2:88:0c:b9:91:0c:af:94:28:
         c8:e8:5e:1b:3a:f5:2b:08:26:8f:a7:b3:4b:05:ba:2e:2b:56:
         4f:78:48:5c:7e:46:19:e2:88:e3:7f:cd:0f:13:cb:5b:94:c0:
         b1:0c:a0:1b:91:d4:64:87:8a:24:90:a0:7a:2b:86:54:e6:db:
         96:88:09:22:64:8f:af:e2:99:f7:7f:05:c9:1d:39:85:ea:7c:
         f1:60:4c:15:d5:12:38:92:53:58:b2:6f:4d:95:1c:64:3f:d5:
         66:ed:96:fb:54:90:60:ba:5f:08:31:84:5c:6f:2a:1e:12:07:
         40:4d:39:18:16:cb:ce:ab:23:52:3c:ed:df:92:8b:36:65:30:
         2d:49:3d:88:36:10:31:d0:39:b2:91:42:89:52:05:c3:7b:d2:
         04:30:41:9c:bf:eb:74:78:55:70:54:63:58:ab:51:6c:b6:a6:
         e1:b5:d3:e8:a2:c3:14:6e:f2:c4:d6:8a:82:8e:dd:20:f6:a0:
         44:ce:8f:01:20:29:de:0d:15:39:9c:ff:28:c5:e7:28:55:9b:
         dc:8a:54:f8:f0:05:0f:81:70:41:21:8f:9f:26:d9:38:20:4c:
         0d:82:0a:1c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGABPGLUBhg6kSwLg23dnzWQojrEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzEzMDAwMDAwWhcNMjIwNzE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGIwMDY4Y2Y4ZmU2NmY4NWVkOTRjYzQyZWNkMzkwNjZi
Yjc4Mjk1NmQ4NGY3MzNiZTZlYTY1NTFhODIzMWE1ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANRt5HjE8Jx4p+YY16l4cvGY1RjrQVhJeWTni3CK1Voy2z+CMgDA
2BCX89acsvp8umvBfeinkof97Y4Ki0HfSXjapsCZgA57hFELNRLI6YQmMQvtLvlg
YaK1y0tWDKN2wkIuWYkz7jBgV3vK1FN20cQa8adDkjDAECg8DxAVlsSFtoub05rp
5uZ3CoO6AY3jl/PkZy/onrcFyKCWB/2QPpYDpqsFDF8JCFGjKVKfzsIO1ViK5gIp
RCZXV46CZl+iYQXVON9bNNq9fGnoHCkLHQPwIFhhWobKmhTbZSpzBWvMEw58oWPe
tTIqHxD9cpjoFpeeikJ4UXUvTFfOmHGZRtsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRTVvNUHtCIdsacJ1Q0RSYWqgBY2TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjUzZDc2OTgtM2IzNi00ZWMwLWFlNTYtNWRhMjk0Nzk3N2RiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALLoIYImUig1Fh9f
8tF2xPJbV9WKRAE8KppjSPKIDLmRDK+UKMjoXhs69SsIJo+ns0sFui4rVk94SFx+
RhniiON/zQ8Ty1uUwLEMoBuR1GSHiiSQoHorhlTm25aICSJkj6/imfd/BckdOYXq
fPFgTBXVEjiSU1iyb02VHGQ/1WbtlvtUkGC6XwgxhFxvKh4SB0BNORgWy86rI1I8
7d+SizZlMC1JPYg2EDHQObKRQolSBcN70gQwQZy/63R4VXBUY1irUWy2puG10+ii
wxRu8sTWioKO3SD2oETOjwEgKd4NFTmc/yjF5yhVm9yKVPjwBQ+BcEEhj58m2Tgg
TA2CChw=
-----END CERTIFICATE-----