Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ba00107b-cec5-44c4-bfb5-6f7959694027.roa
File:                     ba00107b-cec5-44c4-bfb5-6f7959694027.roa (raw, json)
Hash identifier:          TF0PbygjUedMaf0jvNtRC07OdxeUTzU3NR1lW5iuegs=
Subject key identifier:   3A:35:5E:82:BF:11:FE:CB:57:B1:FF:A6:36:E2:59:A2:47:85:A6:C3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       61B903F521437C2FE74BD1727EBDC08D502225CA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ba00107b-cec5-44c4-bfb5-6f7959694027.roa
Signing time:             Sat 24 Dec 2022 00:00:00 +0000
ROA not before:           Sat 24 Dec 2022 00:00:00 +0000
ROA not after:            Tue 27 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:b9:03:f5:21:43:7c:2f:e7:4b:d1:72:7e:bd:c0:8d:50:22:25:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 24 00:00:00 2022 GMT
            Not After : Dec 27 23:59:59 2022 GMT
        Subject: serialNumber=db993bb9eb2ab63f44a246606875321ce80fefae9fb33abbaf7b6712854ba035, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:cd:0d:1a:9a:e5:f7:9d:c0:8b:fc:30:81:de:
                    a7:81:2c:e0:af:54:dd:a9:f2:58:24:9a:f4:87:1c:
                    ca:9c:36:a6:34:65:14:9f:d0:21:73:e5:40:ac:c6:
                    de:2a:b1:3b:fc:f7:92:e8:5e:57:a6:74:30:82:a5:
                    7a:11:cf:4b:a9:46:f8:b5:c5:1e:d5:df:bf:e9:94:
                    2b:05:ba:37:e0:1e:46:18:da:df:f2:be:2b:02:ab:
                    2a:dc:e4:b0:c1:ef:6d:bc:0c:a0:69:5c:22:b0:f1:
                    d9:80:f1:9e:35:33:d7:12:5c:8a:83:e0:b8:09:00:
                    8d:1c:2e:8f:35:08:08:ac:e3:0c:c3:b9:e0:68:c0:
                    6f:2a:f0:dd:9f:5a:75:c8:cd:39:f2:69:80:74:c7:
                    67:7c:94:45:45:86:b3:a7:70:b0:e3:b2:c1:95:ef:
                    6e:34:28:bd:1a:9a:74:2a:4d:83:9a:9b:b9:32:24:
                    5c:a2:91:8b:56:43:2e:4d:ff:c9:22:85:af:56:83:
                    de:d0:63:c1:ae:64:2e:fd:c6:24:51:e7:46:a9:a8:
                    1d:e6:6c:f7:39:49:71:04:3c:df:4f:91:36:0d:10:
                    a4:24:6e:22:12:0c:8c:66:d8:78:60:fb:32:7a:ba:
                    15:c3:6c:9d:77:ef:6c:c6:df:aa:b1:09:1f:cc:fb:
                    bd:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:35:5E:82:BF:11:FE:CB:57:B1:FF:A6:36:E2:59:A2:47:85:A6:C3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ba00107b-cec5-44c4-bfb5-6f7959694027.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:14:e0:77:c2:f8:3e:03:36:ab:8e:63:ce:7f:d5:e7:4f:da:
         75:7a:54:32:c7:b4:28:27:ad:de:e5:fa:4f:38:41:ec:f2:51:
         d1:8d:ee:95:f9:99:3b:0e:ba:3e:f4:ca:9f:b4:03:be:51:26:
         d9:34:29:39:83:73:1c:7b:ff:35:ce:68:ff:f5:8a:88:2a:ef:
         e3:6c:27:1f:d1:6a:77:aa:b5:6d:dc:fb:5a:38:e7:b3:02:9c:
         ff:e3:29:af:5f:fc:97:03:49:31:1a:a1:28:47:35:75:21:d7:
         d0:49:85:65:ec:dd:22:01:1a:3e:fd:7a:0e:d3:94:23:d3:1b:
         5a:21:52:c6:6e:f4:aa:5e:34:9e:5a:43:c7:e9:55:f9:a4:91:
         15:0a:e7:bf:2e:be:a0:b4:f4:85:4b:b2:69:c7:ee:a0:01:86:
         25:33:c6:a2:0c:09:b5:2f:dd:18:39:90:15:31:ea:ca:a2:2f:
         62:12:13:dc:51:15:01:b8:33:13:4f:fd:42:91:dd:a7:92:80:
         9f:3f:5a:69:b9:d3:b7:56:b3:9d:18:8e:4b:56:0c:b5:85:12:
         ac:5b:60:3d:11:03:0c:4d:38:ef:72:ca:b2:b5:d8:d1:71:48:
         8b:13:8f:c9:5a:28:a5:0c:44:92:b5:80:0e:0b:98:6c:ab:8d:
         1b:70:fe:aa
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYbkD9SFDfC/nS9Fyfr3AjVAiJcowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjI0MDAwMDAwWhcNMjIxMjI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGI5OTNiYjllYjJhYjYzZjQ0YTI0NjYwNjg3NTMyMWNl
ODBmZWZhZTlmYjMzYWJiYWY3YjY3MTI4NTRiYTAzNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM7NDRqa5fedwIv8MIHep4Es4K9U3anyWCSa9Iccypw2pjRlFJ/Q
IXPlQKzG3iqxO/z3kuheV6Z0MIKlehHPS6lG+LXFHtXfv+mUKwW6N+AeRhja3/K+
KwKrKtzksMHvbbwMoGlcIrDx2YDxnjUz1xJcioPguAkAjRwujzUICKzjDMO54GjA
byrw3Z9adcjNOfJpgHTHZ3yURUWGs6dwsOOywZXvbjQovRqadCpNg5qbuTIkXKKR
i1ZDLk3/ySKFr1aD3tBjwa5kLv3GJFHnRqmoHeZs9zlJcQQ830+RNg0QpCRuIhIM
jGbYeGD7Mnq6FcNsnXfvbMbfqrEJH8z7vfsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ6NV6CvxH+y1ex/6Y24lmiR4WmwzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmEwMDEwN2ItY2VjNS00NGM0LWJmYjUtNmY3OTU5Njk0MDI3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIoU4HfC+D4DNquO
Y85/1edP2nV6VDLHtCgnrd7l+k84QezyUdGN7pX5mTsOuj70yp+0A75RJtk0KTmD
cxx7/zXOaP/1iogq7+NsJx/RaneqtW3c+1o457MCnP/jKa9f/JcDSTEaoShHNXUh
19BJhWXs3SIBGj79eg7TlCPTG1ohUsZu9KpeNJ5aQ8fpVfmkkRUK578uvqC09IVL
smnH7qABhiUzxqIMCbUv3Rg5kBUx6sqiL2ISE9xRFQG4MxNP/UKR3aeSgJ8/Wmm5
07dWs50YjktWDLWFEqxbYD0RAwxNOO9yyrK12NFxSIsTj8laKKUMRJK1gA4LmGyr
jRtw/qo=
-----END CERTIFICATE-----