Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/08e1f532-2b81-441c-936a-ff54987bd5bf.roa
File:                     08e1f532-2b81-441c-936a-ff54987bd5bf.roa (raw, json)
Hash identifier:          B0lbGnFjVgFA8x6GOy30cZaJBMD05tAFMGaXSms4DfE=
Subject key identifier:   CE:1C:FA:41:7D:B5:56:FD:4E:F6:39:B1:98:8A:67:B8:B7:27:4F:C6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4344B18990B723A24C70C9578CA7AD8010DC4377
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/08e1f532-2b81-441c-936a-ff54987bd5bf.roa
Signing time:             Sun 02 Apr 2023 00:00:00 +0000
ROA not before:           Sun 02 Apr 2023 00:00:00 +0000
ROA not after:            Wed 05 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:44:b1:89:90:b7:23:a2:4c:70:c9:57:8c:a7:ad:80:10:dc:43:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  2 00:00:00 2023 GMT
            Not After : Apr  5 23:59:59 2023 GMT
        Subject: serialNumber=be185c51c16ec3fbca167e48e887155d3f135425ce74c3a11b5c08409384d59f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7a:ce:09:1c:e7:41:02:0a:c5:0f:d8:42:3d:
                    9e:03:77:d8:bf:06:8a:2c:8c:f8:01:08:29:ec:e7:
                    f4:e3:04:85:6f:a6:76:fe:15:0d:c1:99:19:6b:55:
                    26:1f:85:40:0d:da:f4:a7:31:ce:08:7a:93:87:49:
                    c4:e8:0e:2f:93:d1:17:eb:0a:01:ca:a9:47:d3:1a:
                    12:33:d7:d8:2c:1e:42:39:16:36:cb:c3:61:9d:c5:
                    cc:d7:57:5a:4e:52:1f:0f:7c:7d:48:62:ce:0e:22:
                    d1:c5:14:fd:ef:6a:ee:bf:3c:8f:c4:3c:9b:97:27:
                    88:d9:3c:4e:39:95:cd:13:de:d1:f2:d1:f2:a8:ac:
                    17:a2:0e:f8:7e:77:51:c9:81:38:80:c3:a5:95:9b:
                    1c:b9:61:56:6e:f1:77:05:1f:d4:ab:34:54:06:72:
                    63:eb:53:6e:3f:69:2d:2c:af:fe:e8:6b:3e:33:91:
                    96:21:de:93:3a:4f:a8:d5:92:92:14:d5:be:1b:e7:
                    fa:25:9e:fb:ec:02:da:a2:36:cb:c8:c8:c3:17:f8:
                    52:2f:71:ca:c6:14:ee:93:f0:86:b9:ce:73:46:9a:
                    dd:30:32:ba:c1:79:a9:9c:1e:59:81:ab:0b:c8:69:
                    bf:68:b1:70:b7:a2:b7:63:13:1e:80:90:3c:fd:55:
                    fb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:1C:FA:41:7D:B5:56:FD:4E:F6:39:B1:98:8A:67:B8:B7:27:4F:C6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/08e1f532-2b81-441c-936a-ff54987bd5bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:85:9e:4a:7c:b9:31:9d:71:a2:a1:ec:43:38:66:0c:e1:10:
         bd:ca:07:1d:12:8a:d0:f7:39:a6:b5:52:5e:54:89:7a:3b:22:
         10:e9:50:5c:84:c0:0b:86:aa:d5:cd:a9:1b:9b:f1:fe:14:28:
         b6:4d:5b:7c:b8:d1:cd:4b:d2:61:95:62:c6:70:aa:97:68:b0:
         ee:ee:39:62:9c:21:3a:c0:be:d1:a7:54:da:07:93:10:d1:ab:
         0c:9b:26:36:a7:d9:37:9a:ed:1c:41:70:43:e9:72:0c:fa:f4:
         96:1b:93:50:7a:34:1b:93:d0:cc:0d:64:80:aa:e5:cb:58:1d:
         69:3d:f6:f4:09:20:a4:54:bf:c0:6f:80:8f:32:5b:90:03:b3:
         ad:98:ff:70:ce:23:b3:3d:76:9b:ff:57:ec:78:1a:03:c7:45:
         21:6f:91:86:0e:14:5d:d1:00:98:90:84:12:ba:2a:c1:da:38:
         f4:04:bb:03:3f:e0:59:7e:01:e2:ab:a7:0b:3b:93:e9:5b:86:
         c3:4d:31:f5:f2:cf:2f:48:32:f0:b6:c2:0b:ce:b2:25:fc:21:
         d5:e0:75:7f:50:d5:e4:14:41:27:f1:b0:bd:93:97:2c:cf:37:
         a5:89:6b:e3:ed:78:82:01:fa:8f:b1:d8:d8:b6:ea:f9:52:35:
         50:03:71:ec
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQ0SxiZC3I6JMcMlXjKetgBDcQ3cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDAyMDAwMDAwWhcNMjMwNDA1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmUxODVjNTFjMTZlYzNmYmNhMTY3ZTQ4ZTg4NzE1NWQz
ZjEzNTQyNWNlNzRjM2ExMWI1YzA4NDA5Mzg0ZDU5ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJp6zgkc50ECCsUP2EI9ngN32L8GiiyM+AEIKezn9OMEhW+mdv4V
DcGZGWtVJh+FQA3a9Kcxzgh6k4dJxOgOL5PRF+sKAcqpR9MaEjPX2CweQjkWNsvD
YZ3FzNdXWk5SHw98fUhizg4i0cUU/e9q7r88j8Q8m5cniNk8TjmVzRPe0fLR8qis
F6IO+H53UcmBOIDDpZWbHLlhVm7xdwUf1Ks0VAZyY+tTbj9pLSyv/uhrPjORliHe
kzpPqNWSkhTVvhvn+iWe++wC2qI2y8jIwxf4Ui9xysYU7pPwhrnOc0aa3TAyusF5
qZweWYGrC8hpv2ixcLeit2MTHoCQPP1V+60CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTOHPpBfbVW/U72ObGYime4tydPxjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDhlMWY1MzItMmI4MS00NDFjLTkzNmEtZmY1NDk4N2JkNWJmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACyFnkp8uTGdcaKh
7EM4ZgzhEL3KBx0SitD3Oaa1Ul5UiXo7IhDpUFyEwAuGqtXNqRub8f4UKLZNW3y4
0c1L0mGVYsZwqpdosO7uOWKcITrAvtGnVNoHkxDRqwybJjan2Tea7RxBcEPpcgz6
9JYbk1B6NBuT0MwNZICq5ctYHWk99vQJIKRUv8BvgI8yW5ADs62Y/3DOI7M9dpv/
V+x4GgPHRSFvkYYOFF3RAJiQhBK6KsHaOPQEuwM/4Fl+AeKrpws7k+lbhsNNMfXy
zy9IMvC2wgvOsiX8IdXgdX9Q1eQUQSfxsL2TlyzPN6WJa+PteIIB+o+x2Ni26vlS
NVADcew=
-----END CERTIFICATE-----