Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fd0fa040-a61a-4e43-9e9b-07898a004ef8.roa
File:                     fd0fa040-a61a-4e43-9e9b-07898a004ef8.roa (raw, json)
Hash identifier:          FtZxvPyDGf3P2edmQj5rLd0lPrTC/XavNN1N5O+Ei7g=
Subject key identifier:   AF:36:18:77:82:03:B1:B0:98:88:49:52:7B:F2:AC:2C:B2:7F:D4:28
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       35384C0A2A54B666E2BBD80115099BEC8D5B71D8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fd0fa040-a61a-4e43-9e9b-07898a004ef8.roa
Signing time:             Thu 08 Sep 2022 00:00:00 +0000
ROA not before:           Thu 08 Sep 2022 00:00:00 +0000
ROA not after:            Sun 11 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:38:4c:0a:2a:54:b6:66:e2:bb:d8:01:15:09:9b:ec:8d:5b:71:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep  8 00:00:00 2022 GMT
            Not After : Sep 11 23:59:59 2022 GMT
        Subject: serialNumber=b7339cc817ac17785fc22175ff8c5e8c2f3e9cf7b9246af9f18d9e6f9f16c999, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b6:c8:d2:22:65:c3:ed:e0:38:73:b9:57:40:
                    42:1d:1a:fe:cf:f2:11:7c:50:03:8a:9a:d1:97:42:
                    67:b2:f9:d5:df:e6:65:75:b1:ed:89:67:84:17:af:
                    c9:9f:f0:a8:a4:34:57:78:eb:98:cf:7c:c0:a0:6e:
                    cf:37:d5:23:82:5c:16:10:76:30:25:1c:cf:37:26:
                    69:0f:70:25:7f:1c:bb:9c:7f:24:11:1b:71:04:47:
                    81:36:21:3f:88:e1:c6:fe:e2:9f:20:44:9b:43:81:
                    4f:d5:05:34:33:ec:32:f9:16:c1:d4:e3:24:0b:7a:
                    8e:d9:23:46:9c:d4:d6:69:51:cf:41:14:5d:e0:6f:
                    c3:f6:88:bd:43:4a:c1:b7:9d:e2:49:e3:55:ee:af:
                    de:4a:59:d7:55:9d:62:60:ad:ad:b6:6a:db:a9:7e:
                    c0:86:75:5d:3c:4b:1a:9b:52:8d:9e:fe:4a:08:fe:
                    4c:e9:68:79:7b:b3:7d:9d:b8:8a:a4:09:c8:16:55:
                    c6:2f:d4:9d:af:4e:91:06:3e:9c:e5:0e:08:75:86:
                    c9:a8:01:b8:f6:77:9d:f7:7b:2a:26:a5:8d:cc:52:
                    9a:b5:3f:ed:7e:09:02:31:8f:3e:5f:77:28:75:70:
                    92:5d:6b:76:d2:95:62:00:ce:ed:3f:e1:42:23:1d:
                    a3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:36:18:77:82:03:B1:B0:98:88:49:52:7B:F2:AC:2C:B2:7F:D4:28
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fd0fa040-a61a-4e43-9e9b-07898a004ef8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:c8:da:ec:9a:83:65:07:46:f3:ce:96:8b:a9:0f:4b:92:cc:
         26:25:e2:91:1b:c3:2a:c8:a7:d0:21:8f:f7:a4:e7:fb:db:09:
         7c:f4:ea:d6:71:0d:83:ee:18:ae:a5:91:cb:0c:5a:a5:49:ad:
         29:88:20:32:ba:87:7b:4a:0f:49:35:ed:31:4a:67:76:9c:de:
         5a:b3:18:a9:93:89:e4:ad:df:bc:ab:e5:bc:7a:f0:9d:29:32:
         b8:6b:aa:ae:a7:f1:a9:a5:2b:7e:a8:e1:53:3d:37:4d:32:94:
         00:d5:1d:c8:9a:57:aa:9a:b1:38:12:89:3a:4a:a5:10:6e:de:
         8c:6c:06:46:a5:9c:67:ac:39:f7:15:a7:5e:ff:24:06:a3:40:
         0b:59:b9:a8:16:42:fe:cd:0f:3a:3e:24:14:ef:f6:17:e7:c2:
         63:89:45:c6:d4:0c:d5:40:2b:1e:d7:92:38:a2:0a:ed:51:a4:
         c1:88:53:3f:0a:2d:71:67:e5:d3:31:2e:fa:be:03:7e:6a:15:
         70:cc:6b:b6:5a:6e:db:5d:f3:ec:d6:98:28:a0:b0:aa:46:91:
         dd:80:db:9b:47:3c:f7:0a:7d:03:b7:36:16:e9:26:f6:6e:6f:
         3f:71:76:5b:05:9a:23:3c:e5:c7:57:3b:ce:55:ac:7a:11:41:
         83:99:5c:8c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNThMCipUtmbiu9gBFQmb7I1bcdgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTA4MDAwMDAwWhcNMjIwOTExMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjczMzljYzgxN2FjMTc3ODVmYzIyMTc1ZmY4YzVlOGMy
ZjNlOWNmN2I5MjQ2YWY5ZjE4ZDllNmY5ZjE2Yzk5OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALG2yNIiZcPt4DhzuVdAQh0a/s/yEXxQA4qa0ZdCZ7L51d/mZXWx
7YlnhBevyZ/wqKQ0V3jrmM98wKBuzzfVI4JcFhB2MCUczzcmaQ9wJX8cu5x/JBEb
cQRHgTYhP4jhxv7inyBEm0OBT9UFNDPsMvkWwdTjJAt6jtkjRpzU1mlRz0EUXeBv
w/aIvUNKwbed4knjVe6v3kpZ11WdYmCtrbZq26l+wIZ1XTxLGptSjZ7+Sgj+TOlo
eXuzfZ24iqQJyBZVxi/Una9OkQY+nOUOCHWGyagBuPZ3nfd7KialjcxSmrU/7X4J
AjGPPl93KHVwkl1rdtKVYgDO7T/hQiMdo3sCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSvNhh3ggOxsJiISVJ78qwssn/UKDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZmQwZmEwNDAtYTYxYS00ZTQzLTllOWItMDc4OThhMDA0ZWY4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHLI2uyag2UHRvPO
loupD0uSzCYl4pEbwyrIp9Ahj/ek5/vbCXz06tZxDYPuGK6lkcsMWqVJrSmIIDK6
h3tKD0k17TFKZ3ac3lqzGKmTieSt37yr5bx68J0pMrhrqq6n8amlK36o4VM9N00y
lADVHciaV6qasTgSiTpKpRBu3oxsBkalnGesOfcVp17/JAajQAtZuagWQv7NDzo+
JBTv9hfnwmOJRcbUDNVAKx7XkjiiCu1RpMGIUz8KLXFn5dMxLvq+A35qFXDMa7Za
bttd8+zWmCigsKpGkd2A25tHPPcKfQO3NhbpJvZubz9xdlsFmiM85cdXO85VrHoR
QYOZXIw=
-----END CERTIFICATE-----