Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0872c1d9-ebc5-4bd2-b083-b1750bdb4d9f.roa
File:                     0872c1d9-ebc5-4bd2-b083-b1750bdb4d9f.roa (raw, json)
Hash identifier:          ud+9N8gPrkzsjYF6e1jrmcMVVMb5pQyvRZTHfhPnr7c=
Subject key identifier:   C3:E7:99:AD:3A:6B:4B:39:2D:99:A9:9F:CB:11:6F:B2:EC:37:AB:89
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       26C5423A4499F76E14C9C9F3A6777252ECD723AE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0872c1d9-ebc5-4bd2-b083-b1750bdb4d9f.roa
Signing time:             Mon 03 Apr 2023 00:00:00 +0000
ROA not before:           Mon 03 Apr 2023 00:00:00 +0000
ROA not after:            Thu 06 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:c5:42:3a:44:99:f7:6e:14:c9:c9:f3:a6:77:72:52:ec:d7:23:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  3 00:00:00 2023 GMT
            Not After : Apr  6 23:59:59 2023 GMT
        Subject: serialNumber=178de82e862236dbf4d4e793274a1d78170cb8257068e1d1d5181f66c9a15d3f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:65:c1:b9:69:cf:ac:eb:3d:11:94:fe:18:c8:
                    6e:f0:92:67:6a:2c:37:55:6b:32:44:cd:00:13:0d:
                    47:c9:b0:b3:ce:b7:95:94:19:7c:2c:fb:ef:22:62:
                    c5:59:f8:e1:78:61:46:41:b8:77:d3:a1:58:49:09:
                    74:7b:08:f9:53:69:b9:8f:78:e1:98:a3:5d:6b:f4:
                    92:86:44:7f:e7:44:e6:ea:50:4f:e5:68:48:44:c8:
                    af:4e:79:21:ef:1b:cf:cf:34:d9:ff:53:10:4b:aa:
                    86:82:3d:ee:01:d4:ce:a8:26:1c:38:74:39:61:75:
                    a6:03:61:a3:f9:c3:2c:3e:6b:8d:d2:71:43:aa:2a:
                    ab:72:f3:85:7a:c9:79:16:a8:19:d8:72:c5:cd:8d:
                    36:0d:57:80:7c:15:b6:f7:41:d0:7a:53:b7:af:e6:
                    a3:5a:20:e3:9d:21:a9:8e:88:a7:a1:e4:65:8a:ef:
                    15:87:9e:41:76:ab:04:34:ba:17:90:1d:dc:bf:fa:
                    18:73:f7:9a:14:9d:dc:bc:08:ff:15:d9:f9:11:75:
                    6c:21:81:51:96:2b:ee:81:2b:58:8d:62:48:e9:30:
                    28:e3:01:cd:80:b0:84:b9:fe:da:e5:4d:97:ce:7b:
                    fc:47:c8:80:fc:bf:e4:3e:25:65:e1:7f:75:59:f9:
                    e8:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E7:99:AD:3A:6B:4B:39:2D:99:A9:9F:CB:11:6F:B2:EC:37:AB:89
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0872c1d9-ebc5-4bd2-b083-b1750bdb4d9f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:27:0a:20:f9:d9:ba:65:18:84:b2:60:6f:29:58:ac:fd:45:
         63:d1:16:21:5c:c0:c0:6b:4d:7d:2b:69:20:7c:bc:9a:cb:ef:
         22:54:79:e6:59:e9:9c:79:92:3d:bb:78:8c:53:d6:3a:e3:d0:
         80:d2:43:3c:7c:59:ae:20:76:80:31:17:5c:6a:18:67:0a:36:
         94:f6:e9:40:e2:46:fc:85:5e:e2:dc:67:9e:e0:2e:bb:57:02:
         cd:01:23:19:b7:ed:5c:07:fa:03:fb:43:0c:0a:91:59:69:06:
         f6:a1:51:ac:a7:b3:c6:b9:a8:d3:34:6a:8e:32:fd:c8:69:52:
         aa:c9:a4:a9:86:55:8f:48:c1:37:22:01:1e:43:e9:5e:e1:4b:
         b8:ba:2a:fd:7f:0c:e0:79:02:a0:ce:05:14:06:80:17:cf:63:
         50:f1:24:8d:1b:fc:6c:87:98:79:19:08:5b:94:f3:21:0f:b3:
         bf:08:51:f3:ef:ad:2b:44:1c:7f:37:7a:a4:6f:ff:e6:63:d6:
         f2:4f:81:6a:0d:b4:3e:3a:d3:d3:1c:91:be:58:9b:b0:e4:31:
         70:b7:29:0e:00:a4:89:ed:f4:5b:ec:1d:5c:19:d2:2d:68:e5:
         bf:b6:b8:b2:0d:3c:62:5e:75:b9:14:79:53:37:c8:3f:5d:3c:
         d0:c9:a6:f9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJsVCOkSZ924UycnzpndyUuzXI64wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDAzMDAwMDAwWhcNMjMwNDA2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTc4ZGU4MmU4NjIyMzZkYmY0ZDRlNzkzMjc0YTFkNzgx
NzBjYjgyNTcwNjhlMWQxZDUxODFmNjZjOWExNWQzZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANllwblpz6zrPRGU/hjIbvCSZ2osN1VrMkTNABMNR8mws863lZQZ
fCz77yJixVn44XhhRkG4d9OhWEkJdHsI+VNpuY944ZijXWv0koZEf+dE5upQT+Vo
SETIr055Ie8bz8802f9TEEuqhoI97gHUzqgmHDh0OWF1pgNho/nDLD5rjdJxQ6oq
q3LzhXrJeRaoGdhyxc2NNg1XgHwVtvdB0HpTt6/mo1og450hqY6Ip6HkZYrvFYee
QXarBDS6F5Ad3L/6GHP3mhSd3LwI/xXZ+RF1bCGBUZYr7oErWI1iSOkwKOMBzYCw
hLn+2uVNl857/EfIgPy/5D4lZeF/dVn56FMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTD55mtOmtLOS2ZqZ/LEW+y7DeriTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDg3MmMxZDktZWJjNS00YmQyLWIwODMtYjE3NTBiZGI0ZDlmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADcnCiD52bplGISy
YG8pWKz9RWPRFiFcwMBrTX0raSB8vJrL7yJUeeZZ6Zx5kj27eIxT1jrj0IDSQzx8
Wa4gdoAxF1xqGGcKNpT26UDiRvyFXuLcZ57gLrtXAs0BIxm37VwH+gP7QwwKkVlp
BvahUayns8a5qNM0ao4y/chpUqrJpKmGVY9IwTciAR5D6V7hS7i6Kv1/DOB5AqDO
BRQGgBfPY1DxJI0b/GyHmHkZCFuU8yEPs78IUfPvrStEHH83eqRv/+Zj1vJPgWoN
tD4609Mckb5Ym7DkMXC3KQ4ApInt9FvsHVwZ0i1o5b+2uLINPGJedbkUeVM3yD9d
PNDJpvk=
-----END CERTIFICATE-----