Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f8ac62cd-2de1-4c77-ba8a-e036e77392d2.roa
File:                     f8ac62cd-2de1-4c77-ba8a-e036e77392d2.roa (raw, json)
Hash identifier:          UVEQ/9DbU+0f9foG74yZX1nPzLrmI8ShWNyc7Ak0tMI=
Subject key identifier:   30:D5:5D:E9:EA:FF:0D:9C:83:CD:9C:C5:39:34:25:06:DE:93:28:43
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3F0EE108DBDA854DFFC9E081A00325A79715A3B4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f8ac62cd-2de1-4c77-ba8a-e036e77392d2.roa
Signing time:             Mon 07 Nov 2022 00:00:00 +0000
ROA not before:           Mon 07 Nov 2022 00:00:00 +0000
ROA not after:            Thu 10 Nov 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:0e:e1:08:db:da:85:4d:ff:c9:e0:81:a0:03:25:a7:97:15:a3:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Nov  7 00:00:00 2022 GMT
            Not After : Nov 10 23:59:59 2022 GMT
        Subject: serialNumber=aeab7da15ca0217691da3b3ae5c12b88eca20b03fc1f1b2a07cae08f5edddb34, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:50:3d:69:48:46:f9:1c:78:b8:d7:03:f0:a7:
                    c7:9e:60:da:8e:a1:99:5f:99:a2:ff:4f:bb:a9:64:
                    cf:94:07:2d:26:4b:b9:0f:1c:f8:90:4e:97:38:85:
                    36:9e:5f:97:18:1a:8b:68:4a:0a:f8:bd:50:11:79:
                    17:68:c6:24:e4:90:ea:67:02:34:bd:eb:2e:61:15:
                    a3:8f:50:81:30:b1:5b:29:34:74:45:09:64:dc:39:
                    db:a5:75:6a:56:19:15:70:9f:84:90:29:c2:78:de:
                    71:7f:74:9c:0d:e9:ac:44:36:69:00:8f:39:17:9a:
                    d7:77:c3:71:e2:bf:40:bd:ab:89:ec:e1:e2:74:07:
                    98:9c:d8:72:65:7f:3c:0a:b3:26:39:b6:39:aa:7a:
                    ff:70:6b:f1:75:51:35:01:3d:fa:40:45:66:53:6e:
                    b3:d7:dc:de:60:c8:76:bf:4f:aa:5d:95:75:47:ba:
                    0d:b9:0e:59:3f:db:dd:b1:b3:8f:11:6f:ab:62:58:
                    38:d7:8f:cd:8e:ab:bf:bb:66:c6:d5:1f:27:e9:70:
                    0c:f1:40:a6:bf:b9:48:ac:c4:fc:76:92:57:90:84:
                    c9:2b:68:6d:df:e5:48:56:9e:5a:d8:f4:39:95:ac:
                    ff:8c:e1:5c:45:b7:f5:90:60:3d:44:2d:fa:04:c7:
                    68:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D5:5D:E9:EA:FF:0D:9C:83:CD:9C:C5:39:34:25:06:DE:93:28:43
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f8ac62cd-2de1-4c77-ba8a-e036e77392d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:0d:4b:0f:64:67:39:2c:c9:ab:eb:13:08:ec:c2:48:88:0f:
         31:0f:b5:67:02:a0:07:42:1f:c7:69:c4:82:a5:8d:14:93:26:
         df:a2:4d:08:71:cc:46:59:a1:b8:09:4c:14:d8:09:48:5e:f9:
         dc:85:d4:e2:19:61:ed:7a:ca:66:60:d4:d2:47:14:c9:fb:0b:
         98:b4:e7:37:c0:e8:41:71:b8:e9:08:57:47:54:ee:62:25:68:
         49:37:93:84:e1:d3:e8:b0:d3:20:ae:8d:52:16:dc:04:73:55:
         77:2b:1d:b6:c4:c1:71:c7:88:90:ba:8b:f9:d2:0f:8e:92:5c:
         a5:45:af:ef:47:41:6a:08:58:4b:1e:d3:8e:9a:19:23:0d:8e:
         55:1a:36:38:6c:e1:a5:65:41:ae:2f:6d:52:38:a6:52:d6:5f:
         d6:b4:89:8b:ca:a2:a4:bd:f0:55:6f:92:73:5e:8e:ff:26:8e:
         dd:1e:a7:d5:51:51:2f:12:95:c9:d9:87:9c:32:21:8d:70:1d:
         15:c7:92:88:48:57:9f:46:05:c6:e9:34:d3:0e:58:d6:c9:2a:
         e3:86:a6:6a:57:9c:8b:31:23:fc:fc:9c:eb:2e:e3:39:22:85:
         3d:11:90:b0:f3:2b:3d:c5:3d:0f:4b:5e:1d:30:ef:4d:c3:1c:
         1c:8a:4f:c3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPw7hCNvahU3/yeCBoAMlp5cVo7QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMTA3MDAwMDAwWhcNMjIxMTEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWVhYjdkYTE1Y2EwMjE3NjkxZGEzYjNhZTVjMTJiODhl
Y2EyMGIwM2ZjMWYxYjJhMDdjYWUwOGY1ZWRkZGIzNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMBQPWlIRvkceLjXA/Cnx55g2o6hmV+Zov9Pu6lkz5QHLSZLuQ8c
+JBOlziFNp5flxgai2hKCvi9UBF5F2jGJOSQ6mcCNL3rLmEVo49QgTCxWyk0dEUJ
ZNw526V1alYZFXCfhJApwnjecX90nA3prEQ2aQCPORea13fDceK/QL2riezh4nQH
mJzYcmV/PAqzJjm2Oap6/3Br8XVRNQE9+kBFZlNus9fc3mDIdr9Pql2VdUe6DbkO
WT/b3bGzjxFvq2JYONePzY6rv7tmxtUfJ+lwDPFApr+5SKzE/HaSV5CEyStobd/l
SFaeWtj0OZWs/4zhXEW39ZBgPUQt+gTHaKsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQw1V3p6v8NnIPNnMU5NCUG3pMoQzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjhhYzYyY2QtMmRlMS00Yzc3LWJhOGEtZTAzNmU3NzM5MmQyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKINSw9kZzksyavr
EwjswkiIDzEPtWcCoAdCH8dpxIKljRSTJt+iTQhxzEZZobgJTBTYCUhe+dyF1OIZ
Ye16ymZg1NJHFMn7C5i05zfA6EFxuOkIV0dU7mIlaEk3k4Th0+iw0yCujVIW3ARz
VXcrHbbEwXHHiJC6i/nSD46SXKVFr+9HQWoIWEse046aGSMNjlUaNjhs4aVlQa4v
bVI4plLWX9a0iYvKoqS98FVvknNejv8mjt0ep9VRUS8SlcnZh5wyIY1wHRXHkohI
V59GBcbpNNMOWNbJKuOGpmpXnIsxI/z8nOsu4zkihT0RkLDzKz3FPQ9LXh0w703D
HByKT8M=
-----END CERTIFICATE-----