Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f69cbc37-b89a-4146-b58a-72cb1100a5ee.roa
File:                     f69cbc37-b89a-4146-b58a-72cb1100a5ee.roa (raw, json)
Hash identifier:          dQ8/eJy9ciOhXlSdxVaQzNlmN2eBdkXa/wHVVsYAhxY=
Subject key identifier:   D9:19:C4:7D:BE:43:EE:5E:74:60:17:10:AB:E7:C0:A0:22:46:11:29
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       64684217B220B9D8F710DCD0B987589196C29255
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f69cbc37-b89a-4146-b58a-72cb1100a5ee.roa
Signing time:             Wed 19 Oct 2022 00:00:00 +0000
ROA not before:           Wed 19 Oct 2022 00:00:00 +0000
ROA not after:            Sat 22 Oct 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:68:42:17:b2:20:b9:d8:f7:10:dc:d0:b9:87:58:91:96:c2:92:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Oct 19 00:00:00 2022 GMT
            Not After : Oct 22 23:59:59 2022 GMT
        Subject: serialNumber=786422a3260e19b4a985ba32def341258ebf2c05e9546e2ab655aebb3146e979, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:cb:e5:dc:49:d1:3f:99:b2:de:4d:ae:36:aa:
                    27:16:f4:20:f0:26:fa:bb:8f:74:74:92:e7:b7:6d:
                    09:5c:28:59:dd:44:c9:ea:68:37:c9:18:d0:02:3f:
                    4f:ee:92:f7:47:8e:f0:f3:06:b9:a4:5e:9e:96:10:
                    9e:c4:c3:bd:43:c9:46:65:04:4d:95:4b:03:d9:5c:
                    c7:90:16:5a:6f:47:11:d5:07:e6:55:b9:ac:c9:c7:
                    3b:9b:26:e5:16:ae:dd:e9:06:91:03:04:bb:2f:01:
                    99:2c:af:f6:eb:5b:02:aa:a2:9b:c2:ed:79:70:05:
                    6d:a8:b0:9b:e6:43:9e:ae:44:1d:14:fe:eb:a3:88:
                    b0:d1:ff:95:39:0e:36:dd:55:c7:c5:ee:f5:a8:8d:
                    7b:9c:24:1c:e8:a6:0f:13:c8:3e:18:31:7e:83:75:
                    77:d9:73:7e:1d:79:92:83:0b:48:be:10:7c:62:38:
                    39:40:54:82:64:1b:e5:b2:ed:55:f8:96:bf:1a:92:
                    b6:d5:4e:81:39:2e:d5:08:1f:a1:1e:9e:09:e8:75:
                    eb:39:b4:7f:76:0a:44:c5:a6:b8:01:5d:cc:d1:17:
                    6b:a5:e3:4a:a5:7f:a8:b7:70:8d:10:15:c7:c8:25:
                    40:90:29:b0:32:40:3c:a9:ad:cf:b2:1f:64:dd:a3:
                    7f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:19:C4:7D:BE:43:EE:5E:74:60:17:10:AB:E7:C0:A0:22:46:11:29
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f69cbc37-b89a-4146-b58a-72cb1100a5ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:ce:62:fd:ce:fc:9e:c9:3c:fd:66:26:f9:c1:9e:55:57:7f:
         be:49:6f:38:f5:dd:82:ec:b6:c8:f7:9c:58:24:f3:2a:e8:81:
         69:07:16:eb:48:d4:b8:87:46:92:81:e6:ab:d4:40:8f:02:3f:
         c0:d6:6c:f2:2c:4c:03:bf:7e:82:9c:fe:68:d9:cf:75:63:fc:
         ee:c7:c4:df:f0:e8:53:36:63:d9:4f:3c:a6:47:87:65:00:f8:
         7f:38:3a:66:25:46:18:5d:99:71:e2:fb:3d:60:b6:d3:e3:94:
         d0:da:f7:e4:0c:f3:e4:b2:8c:1a:eb:1f:dc:d7:32:01:6a:66:
         9e:49:90:44:d4:6e:a4:56:1d:16:c7:73:7e:da:fa:5e:db:a9:
         2b:95:9e:07:cb:41:23:16:d1:e6:4c:04:64:1c:66:d8:71:f2:
         c5:44:f3:45:09:f5:4d:b2:78:69:aa:6c:5c:6b:4a:66:89:09:
         2a:ea:bb:d5:0f:7c:c4:d1:4d:83:63:34:d5:8e:f5:c9:28:16:
         3c:10:a6:d0:46:f4:75:c7:b6:47:c2:ae:f1:a2:a0:6c:73:e6:
         a5:b9:84:0c:cc:83:8f:5b:3d:fd:b8:0d:34:92:a6:83:05:5f:
         49:f0:af:af:31:77:43:ca:0f:69:00:6e:50:b0:57:15:0f:da:
         41:45:f1:8c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZGhCF7Igudj3ENzQuYdYkZbCklUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMDE5MDAwMDAwWhcNMjIxMDIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzg2NDIyYTMyNjBlMTliNGE5ODViYTMyZGVmMzQxMjU4
ZWJmMmMwNWU5NTQ2ZTJhYjY1NWFlYmIzMTQ2ZTk3OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPXL5dxJ0T+Zst5NrjaqJxb0IPAm+ruPdHSS57dtCVwoWd1Eyepo
N8kY0AI/T+6S90eO8PMGuaRenpYQnsTDvUPJRmUETZVLA9lcx5AWWm9HEdUH5lW5
rMnHO5sm5Rau3ekGkQMEuy8BmSyv9utbAqqim8LteXAFbaiwm+ZDnq5EHRT+66OI
sNH/lTkONt1Vx8Xu9aiNe5wkHOimDxPIPhgxfoN1d9lzfh15koMLSL4QfGI4OUBU
gmQb5bLtVfiWvxqSttVOgTku1QgfoR6eCeh16zm0f3YKRMWmuAFdzNEXa6XjSqV/
qLdwjRAVx8glQJApsDJAPKmtz7IfZN2jfz8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTZGcR9vkPuXnRgFxCr58CgIkYRKTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjY5Y2JjMzctYjg5YS00MTQ2LWI1OGEtNzJjYjExMDBhNWVlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD7OYv3O/J7JPP1m
JvnBnlVXf75Jbzj13YLstsj3nFgk8yrogWkHFutI1LiHRpKB5qvUQI8CP8DWbPIs
TAO/foKc/mjZz3Vj/O7HxN/w6FM2Y9lPPKZHh2UA+H84OmYlRhhdmXHi+z1gttPj
lNDa9+QM8+SyjBrrH9zXMgFqZp5JkETUbqRWHRbHc37a+l7bqSuVngfLQSMW0eZM
BGQcZthx8sVE80UJ9U2yeGmqbFxrSmaJCSrqu9UPfMTRTYNjNNWO9ckoFjwQptBG
9HXHtkfCrvGioGxz5qW5hAzMg49bPf24DTSSpoMFX0nwr68xd0PKD2kAblCwVxUP
2kFF8Yw=
-----END CERTIFICATE-----