Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61af99cb-c626-462a-a4dd-3825b1cc9e53.roa
File:                     61af99cb-c626-462a-a4dd-3825b1cc9e53.roa (raw, json)
Hash identifier:          raC+IQaj3sLLtl4w7+1aVxg0i4SutXvau4i2fbCvQ+M=
Subject key identifier:   7D:CD:4C:59:18:07:6F:06:1B:01:97:79:1B:D8:8E:8B:1B:C3:C1:9D
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       792F17579395CFB332673B657C63D11E283DF61C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61af99cb-c626-462a-a4dd-3825b1cc9e53.roa
Signing time:             Sun 21 May 2023 00:00:00 +0000
ROA not before:           Sun 21 May 2023 00:00:00 +0000
ROA not after:            Wed 24 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:2f:17:57:93:95:cf:b3:32:67:3b:65:7c:63:d1:1e:28:3d:f6:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 21 00:00:00 2023 GMT
            Not After : May 24 23:59:59 2023 GMT
        Subject: serialNumber=6f300828d7fe6f2033d3e5f7f1d43481cef588fcdf34dff9ffcb4a25fe1239d7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c8:51:19:c5:b2:9f:26:e5:96:d7:ba:f3:03:
                    51:86:1e:6a:ad:8a:50:39:c9:f7:5a:f2:24:ae:d6:
                    af:ff:0f:ce:97:e5:6a:a5:b9:50:69:17:4c:a5:6b:
                    2d:9d:5f:95:a2:c4:90:a4:b0:5f:6a:9b:b5:6d:1f:
                    78:17:d5:6f:d9:e1:96:69:dd:1d:5b:a6:46:e6:a0:
                    e7:f5:43:47:15:b3:ea:6c:21:9d:2e:c3:cd:a9:11:
                    18:ef:f3:11:00:f1:ec:63:8a:04:10:c3:82:84:b3:
                    30:68:fd:a5:c2:dd:fd:b2:bb:61:6f:68:51:3d:e0:
                    15:2c:b0:df:36:cc:5d:f4:c4:63:e4:93:15:93:8f:
                    f5:76:87:37:0d:81:78:a1:3d:59:39:ff:38:42:81:
                    14:2e:fe:51:8a:42:b7:b5:63:4e:f8:a8:e2:8c:c2:
                    c5:94:15:e9:91:df:c0:ff:a7:01:92:35:eb:ea:1a:
                    aa:5f:0d:cb:96:49:4e:61:6d:7a:1f:71:1e:4c:cf:
                    a8:85:c0:b1:b9:a6:91:2f:e8:8d:f8:09:4b:87:c4:
                    3a:0b:68:58:27:06:01:af:8a:83:8b:8e:5e:ec:57:
                    5b:35:ae:b3:b3:01:2a:2b:f3:91:85:58:cb:2c:73:
                    b5:99:1c:d2:b4:82:f2:84:55:73:df:df:f5:ae:1b:
                    e8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:CD:4C:59:18:07:6F:06:1B:01:97:79:1B:D8:8E:8B:1B:C3:C1:9D
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61af99cb-c626-462a-a4dd-3825b1cc9e53.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:3c:da:6b:fe:0d:02:c1:c0:0b:15:f9:1c:2a:db:b6:e8:d2:
         7a:e1:13:47:5d:5e:e9:5a:a3:bb:63:0b:b2:d9:96:8f:27:2c:
         49:b0:93:e4:42:e4:c3:53:f2:e3:c7:d0:a1:2c:1c:66:f6:b4:
         aa:1f:54:e3:4f:41:2b:dc:84:d8:32:95:61:a0:8d:5f:e2:1f:
         a2:cd:e3:7c:d7:0a:84:4b:c6:50:0a:ff:32:19:c7:79:3e:08:
         19:5a:89:4e:a1:c3:01:10:7e:c8:71:e7:7f:33:32:7d:46:f0:
         f3:85:ba:80:19:aa:3f:44:47:f3:62:97:30:3b:02:55:16:64:
         c8:9e:a2:55:ee:b5:c4:66:37:b4:77:38:e1:65:b0:4f:cd:a5:
         84:b8:0d:5a:a0:6f:6b:dc:be:3d:55:34:7e:2a:f4:ce:75:73:
         f6:eb:eb:d9:77:34:5c:d1:0b:71:ac:c1:ae:31:fa:cf:01:77:
         21:61:82:17:7d:3f:1c:aa:e0:93:d3:54:fd:ac:43:28:0a:99:
         9b:a5:93:14:69:b7:a9:a0:3b:39:d8:e1:26:a4:4a:57:83:f2:
         6d:02:ff:0e:00:15:05:f9:a3:95:ec:39:82:9f:14:37:f3:58:
         e7:c9:f0:78:7f:f0:43:20:fe:5f:33:e9:4b:95:bb:e1:74:4f:
         90:e3:42:8b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUeS8XV5OVz7MyZztlfGPRHig99hwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIxMDAwMDAwWhcNMjMwNTI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANmYzMDA4MjhkN2ZlNmYyMDMzZDNlNWY3ZjFkNDM0ODFj
ZWY1ODhmY2RmMzRkZmY5ZmZjYjRhMjVmZTEyMzlkNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANfIURnFsp8m5ZbXuvMDUYYeaq2KUDnJ91ryJK7Wr/8PzpflaqW5
UGkXTKVrLZ1flaLEkKSwX2qbtW0feBfVb9nhlmndHVumRuag5/VDRxWz6mwhnS7D
zakRGO/zEQDx7GOKBBDDgoSzMGj9pcLd/bK7YW9oUT3gFSyw3zbMXfTEY+STFZOP
9XaHNw2BeKE9WTn/OEKBFC7+UYpCt7VjTvio4ozCxZQV6ZHfwP+nAZI16+oaql8N
y5ZJTmFteh9xHkzPqIXAsbmmkS/ojfgJS4fEOgtoWCcGAa+Kg4uOXuxXWzWus7MB
KivzkYVYyyxztZkc0rSC8oRVc9/f9a4b6KECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR9zUxZGAdvBhsBl3kb2I6LG8PBnTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjFhZjk5Y2ItYzYyNi00NjJhLWE0ZGQtMzgyNWIxY2M5ZTUzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKE82mv+DQLBwAsV
+Rwq27bo0nrhE0ddXulao7tjC7LZlo8nLEmwk+RC5MNT8uPH0KEsHGb2tKofVONP
QSvchNgylWGgjV/iH6LN43zXCoRLxlAK/zIZx3k+CBlaiU6hwwEQfshx538zMn1G
8POFuoAZqj9ER/NilzA7AlUWZMieolXutcRmN7R3OOFlsE/NpYS4DVqgb2vcvj1V
NH4q9M51c/br69l3NFzRC3Gswa4x+s8BdyFhghd9Pxyq4JPTVP2sQygKmZulkxRp
t6mgOznY4SakSleD8m0C/w4AFQX5o5XsOYKfFDfzWOfJ8Hh/8EMg/l8z6UuVu+F0
T5DjQos=
-----END CERTIFICATE-----