Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f600935f-c110-42be-b732-09b89ab89b58.roa
File:                     f600935f-c110-42be-b732-09b89ab89b58.roa (raw, json)
Hash identifier:          WyZrY7QwrNkGfWvcKQZKArZyx5K+kdKjDOXBAq88uiU=
Subject key identifier:   B6:4B:68:97:6F:DD:BA:BA:E6:FC:BD:EB:F3:3A:1F:E8:B3:1B:00:64
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3DBE9F7E4CA6A1583AA7CB89D371AD331E90BC18
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f600935f-c110-42be-b732-09b89ab89b58.roa
Signing time:             Sun 10 Jul 2022 00:00:00 +0000
ROA not before:           Sun 10 Jul 2022 00:00:00 +0000
ROA not after:            Wed 13 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:be:9f:7e:4c:a6:a1:58:3a:a7:cb:89:d3:71:ad:33:1e:90:bc:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 10 00:00:00 2022 GMT
            Not After : Jul 13 23:59:59 2022 GMT
        Subject: serialNumber=5cd4096ab07fd270ee8a489f93ff3859b6fb040da7493b750e03be1169806fdd, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:17:6b:1c:0f:88:b8:23:3d:5e:9e:41:ec:81:
                    a8:aa:9e:50:b3:6a:00:1a:68:0a:12:d0:da:ec:0f:
                    4e:a5:eb:84:8f:5d:32:bd:c2:23:cb:4f:34:78:c9:
                    80:ca:39:da:05:75:a9:d4:7e:64:30:a7:43:be:36:
                    de:f3:d3:ba:ef:cc:13:f2:a1:26:91:88:79:c8:25:
                    11:04:bb:79:46:b3:ac:1c:7b:ab:f7:b1:06:0c:56:
                    67:85:c7:a1:08:97:eb:e3:6c:32:01:9a:a0:ac:1c:
                    d9:e1:e1:aa:03:06:83:2e:3d:dc:8e:af:f7:de:ab:
                    bb:24:0f:7b:3a:b1:d6:78:98:fa:7b:6f:3e:de:00:
                    6a:65:09:38:a5:77:60:09:5b:74:22:cc:8f:f1:69:
                    d5:ec:91:04:7a:3e:8a:96:42:2a:59:90:fa:10:9d:
                    88:4e:17:ab:4e:7a:ad:6b:13:bf:b6:7d:7c:78:97:
                    1a:22:3b:2a:fd:39:ec:82:44:83:18:28:4e:e7:53:
                    70:c0:4a:bb:d6:5b:c0:c8:e8:af:54:e5:92:34:b9:
                    a1:90:78:c2:43:b1:a5:46:3a:22:85:d3:78:b2:3c:
                    05:3d:29:83:84:bf:1d:38:12:f1:c5:93:e7:99:69:
                    5d:09:4d:43:62:aa:0b:6a:33:bb:80:09:6b:89:72:
                    5b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:4B:68:97:6F:DD:BA:BA:E6:FC:BD:EB:F3:3A:1F:E8:B3:1B:00:64
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f600935f-c110-42be-b732-09b89ab89b58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:c1:66:ed:79:ef:bf:62:a4:84:1e:db:b3:63:5c:e9:a7:f1:
         38:8f:50:02:ab:20:69:ad:8c:9d:51:6c:90:45:d9:b9:7a:ab:
         5d:d5:56:70:96:31:7a:6a:36:de:4b:5c:02:3f:c2:27:19:7d:
         e8:ae:3d:81:58:8c:2a:71:ef:d1:43:c4:04:0c:d7:74:fd:e1:
         26:ec:a0:a2:5e:b0:9d:8a:c6:56:1b:d2:23:88:ed:44:06:7f:
         47:ea:01:c1:55:e2:a7:11:5b:62:eb:fa:76:35:05:32:c1:58:
         d9:f6:96:6c:6f:71:54:4a:5c:2a:36:85:4e:76:fa:ff:c8:35:
         41:89:ee:b7:d5:05:23:a9:2e:de:2b:12:c6:1a:d2:cd:da:98:
         3f:34:bd:15:04:8f:7d:03:4f:43:86:c0:d2:c3:81:9a:bd:2f:
         c4:76:d5:e3:a6:2a:13:d8:ea:50:b7:b8:ef:7b:98:cc:fc:70:
         5a:56:0f:ec:d7:3d:fe:fc:57:31:a3:16:a8:10:72:9d:56:1d:
         3e:d2:0c:28:d6:a8:7e:ee:5e:80:30:6f:15:ae:c9:cd:23:6e:
         52:78:20:7f:78:4e:9e:95:4f:5f:bd:4b:11:29:de:7a:36:1e:
         b3:62:1d:32:a5:8e:b9:13:32:6a:dd:cc:0b:17:c7:9f:16:6c:
         57:cd:49:ed
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPb6ffkymoVg6p8uJ03GtMx6QvBgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzEwMDAwMDAwWhcNMjIwNzEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNANWNkNDA5NmFiMDdmZDI3MGVlOGE0ODlmOTNmZjM4NTli
NmZiMDQwZGE3NDkzYjc1MGUwM2JlMTE2OTgwNmZkZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANsXaxwPiLgjPV6eQeyBqKqeULNqABpoChLQ2uwPTqXrhI9dMr3C
I8tPNHjJgMo52gV1qdR+ZDCnQ7423vPTuu/ME/KhJpGIecglEQS7eUazrBx7q/ex
BgxWZ4XHoQiX6+NsMgGaoKwc2eHhqgMGgy493I6v996ruyQPezqx1niY+ntvPt4A
amUJOKV3YAlbdCLMj/Fp1eyRBHo+ipZCKlmQ+hCdiE4Xq056rWsTv7Z9fHiXGiI7
Kv057IJEgxgoTudTcMBKu9ZbwMjor1TlkjS5oZB4wkOxpUY6IoXTeLI8BT0pg4S/
HTgS8cWT55lpXQlNQ2KqC2ozu4AJa4lyW4MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS2S2iXb926uub8vevzOh/osxsAZDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjYwMDkzNWYtYzExMC00MmJlLWI3MzItMDliODlhYjg5YjU4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD/BZu15779ipIQe
27NjXOmn8TiPUAKrIGmtjJ1RbJBF2bl6q13VVnCWMXpqNt5LXAI/wicZfeiuPYFY
jCpx79FDxAQM13T94SbsoKJesJ2KxlYb0iOI7UQGf0fqAcFV4qcRW2Lr+nY1BTLB
WNn2lmxvcVRKXCo2hU52+v/INUGJ7rfVBSOpLt4rEsYa0s3amD80vRUEj30DT0OG
wNLDgZq9L8R21eOmKhPY6lC3uO97mMz8cFpWD+zXPf78VzGjFqgQcp1WHT7SDCjW
qH7uXoAwbxWuyc0jblJ4IH94Tp6VT1+9SxEp3no2HrNiHTKljrkTMmrdzAsXx58W
bFfNSe0=
-----END CERTIFICATE-----