Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f74cf2f1-751c-4aee-9cf9-e5d3388cc7f4.roa
File:                     f74cf2f1-751c-4aee-9cf9-e5d3388cc7f4.roa (raw, json)
Hash identifier:          uqNbvMsCAgeuZMvuQ689eCc218drjv/xuBXTGMYEAH4=
Subject key identifier:   BE:4E:60:43:BE:42:F0:32:79:B0:33:C5:64:59:A2:B8:60:0A:60:8B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3C8537E38143064C4979AAD329440D70DC675527
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f74cf2f1-751c-4aee-9cf9-e5d3388cc7f4.roa
Signing time:             Tue 26 Jul 2022 00:00:00 +0000
ROA not before:           Tue 26 Jul 2022 00:00:00 +0000
ROA not after:            Fri 29 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:85:37:e3:81:43:06:4c:49:79:aa:d3:29:44:0d:70:dc:67:55:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 26 00:00:00 2022 GMT
            Not After : Jul 29 23:59:59 2022 GMT
        Subject: serialNumber=3112f323eebd9579783d8ce90d6067d3355da89365d01238af045b038501fe0d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0b:02:41:46:b7:c0:e2:e0:b2:86:3c:0a:e1:
                    39:65:f3:8d:b8:66:1d:c6:79:64:51:13:bc:ba:c9:
                    5d:ac:9d:e5:74:5a:30:93:ad:c9:91:24:37:f1:2c:
                    6b:57:d9:ab:9c:ed:67:ae:aa:99:4c:9f:8c:57:9f:
                    81:1e:20:0c:5f:9e:df:60:9a:f5:0b:c6:59:c5:5b:
                    d7:12:35:56:17:3b:3f:79:c2:32:fe:10:ca:af:ca:
                    5b:51:8d:86:6f:e5:59:6d:22:89:d2:ae:6b:a7:6d:
                    f0:8a:9a:c7:c3:a1:25:1c:28:5a:0b:24:8b:18:db:
                    50:e8:04:27:0f:60:00:db:0f:97:ee:4c:d5:e1:78:
                    be:3b:3e:3a:8c:a4:21:b3:98:32:fd:a6:bd:ae:b3:
                    94:9a:ce:7f:01:bc:50:6a:11:90:e0:ea:73:35:3d:
                    1e:5f:2e:82:d7:7a:92:20:46:00:94:4d:5c:86:d1:
                    2d:d9:dd:a6:61:e4:7f:39:7e:eb:ac:52:ea:f5:3a:
                    8c:ab:d5:29:44:16:3d:8e:cf:ee:e9:1e:65:10:42:
                    0c:8a:d2:1f:ce:61:5b:f1:43:e6:d6:28:8b:e0:0c:
                    00:af:13:d3:27:f6:f3:8e:42:f4:e4:4d:1c:0f:6b:
                    81:fa:8f:93:8e:4c:8e:cd:6a:78:60:12:f1:1b:5c:
                    82:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:4E:60:43:BE:42:F0:32:79:B0:33:C5:64:59:A2:B8:60:0A:60:8B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f74cf2f1-751c-4aee-9cf9-e5d3388cc7f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:f8:fe:69:10:dc:4b:f5:77:53:77:c6:dc:d3:72:ee:4b:4a:
         32:65:fd:e6:45:3a:06:ba:2e:c6:8c:e5:cb:98:ed:ec:e4:fd:
         9c:3c:37:ea:6b:f0:d5:3a:8d:13:f5:64:e0:e2:67:f4:b4:cf:
         76:78:8d:b1:0d:35:ad:1f:68:d7:ac:91:c9:74:3e:56:11:98:
         9d:e9:d0:64:3e:ad:29:63:23:46:d0:f9:51:7c:29:5d:54:73:
         2d:9c:1d:0a:99:c2:40:a4:b8:f1:2a:71:fe:1e:ae:95:ad:01:
         0e:87:2d:d6:8e:a9:8d:c0:e6:1f:a1:47:2c:f1:d9:04:37:2b:
         3a:2c:41:34:5e:35:d0:fd:ec:e9:0a:75:6d:01:3c:69:51:86:
         63:45:d1:81:ca:9c:00:9c:43:a8:2d:8e:a4:df:d3:3c:e0:ae:
         25:ba:ba:68:ab:38:3e:81:1a:52:f2:15:51:bc:db:4a:e0:db:
         02:f9:ac:a9:c8:b3:32:c6:f3:49:cf:b2:aa:59:7b:93:f0:fc:
         d8:bf:33:43:b5:e9:84:17:f5:5c:12:a2:8a:ef:a1:70:09:38:
         fa:47:a4:46:a7:40:ce:68:a8:a5:b4:2a:07:81:a2:51:82:1b:
         33:39:1f:80:4f:8d:9f:32:3d:27:f7:a5:c3:31:2d:1d:0b:09:
         99:0c:ca:e3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPIU344FDBkxJearTKUQNcNxnVScwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzI2MDAwMDAwWhcNMjIwNzI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzExMmYzMjNlZWJkOTU3OTc4M2Q4Y2U5MGQ2MDY3ZDMz
NTVkYTg5MzY1ZDAxMjM4YWYwNDViMDM4NTAxZmUwZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKwLAkFGt8Di4LKGPArhOWXzjbhmHcZ5ZFETvLrJXayd5XRaMJOt
yZEkN/Esa1fZq5ztZ66qmUyfjFefgR4gDF+e32Ca9QvGWcVb1xI1Vhc7P3nCMv4Q
yq/KW1GNhm/lWW0iidKua6dt8Iqax8OhJRwoWgskixjbUOgEJw9gANsPl+5M1eF4
vjs+OoykIbOYMv2mva6zlJrOfwG8UGoRkODqczU9Hl8ugtd6kiBGAJRNXIbRLdnd
pmHkfzl+66xS6vU6jKvVKUQWPY7P7ukeZRBCDIrSH85hW/FD5tYoi+AMAK8T0yf2
845C9ORNHA9rgfqPk45Mjs1qeGAS8RtcgmsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS+TmBDvkLwMnmwM8VkWaK4YApgizAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjc0Y2YyZjEtNzUxYy00YWVlLTljZjktZTVkMzM4OGNjN2Y0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC74/mkQ3Ev1d1N3
xtzTcu5LSjJl/eZFOga6LsaM5cuY7ezk/Zw8N+pr8NU6jRP1ZODiZ/S0z3Z4jbEN
Na0faNeskcl0PlYRmJ3p0GQ+rSljI0bQ+VF8KV1Ucy2cHQqZwkCkuPEqcf4erpWt
AQ6HLdaOqY3A5h+hRyzx2QQ3KzosQTReNdD97OkKdW0BPGlRhmNF0YHKnACcQ6gt
jqTf0zzgriW6umirOD6BGlLyFVG820rg2wL5rKnIszLG80nPsqpZe5Pw/Ni/M0O1
6YQX9VwSoorvoXAJOPpHpEanQM5oqKW0KgeBolGCGzM5H4BPjZ8yPSf3pcMxLR0L
CZkMyuM=
-----END CERTIFICATE-----