Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/195c5509-8359-4823-b8ff-209f80234fff.roa
File:                     195c5509-8359-4823-b8ff-209f80234fff.roa (raw, json)
Hash identifier:          HU4S8FjpoeSvdcYuhJW7N/xURuNlZJeCgiWzl4bj8wo=
Subject key identifier:   D2:6F:75:E5:71:0C:ED:0E:9C:45:13:68:A2:88:69:C2:39:5D:04:7C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       11C42B6D8F4FC5409F08610AC479450D910298B9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/195c5509-8359-4823-b8ff-209f80234fff.roa
Signing time:             Sun 21 May 2023 00:00:00 +0000
ROA not before:           Sun 21 May 2023 00:00:00 +0000
ROA not after:            Wed 24 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:c4:2b:6d:8f:4f:c5:40:9f:08:61:0a:c4:79:45:0d:91:02:98:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 21 00:00:00 2023 GMT
            Not After : May 24 23:59:59 2023 GMT
        Subject: serialNumber=cf7ee874d03b5bdbd4638b3794b9c5c4a518f77ba10744a27a688d07f2e2bea6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:1e:d3:8f:a3:f7:14:ee:81:66:32:24:0c:38:
                    16:15:d8:bf:c2:ad:3e:7f:73:d6:4a:b1:8f:fe:a8:
                    76:d8:30:07:f0:92:f1:c0:54:32:02:46:3c:c2:fb:
                    7b:3e:02:c5:ab:90:41:d0:fd:a8:d4:4b:99:91:de:
                    d5:28:84:3a:0a:e4:73:d0:6a:01:d9:03:f3:b3:b2:
                    63:1d:e3:a8:c7:7e:98:68:c1:72:d3:33:2b:a9:a3:
                    40:94:03:a3:11:f1:c3:dd:e3:99:ea:19:6d:aa:64:
                    e5:78:31:9f:16:b4:2b:7c:15:fd:fc:4c:0f:d2:c1:
                    5d:a3:8f:71:f4:c1:f3:af:e2:ca:df:e2:84:d8:84:
                    c0:c9:11:77:56:bd:7b:bf:e5:4e:3c:2b:34:55:27:
                    1c:8c:48:69:08:1e:7d:6e:d3:32:17:69:42:08:97:
                    ef:81:39:b1:21:ef:be:94:ad:85:c9:80:bc:bf:a6:
                    08:1b:74:94:26:1c:82:d5:16:d8:ea:bf:cf:33:de:
                    14:6d:50:63:f6:6a:34:28:9b:46:44:8b:ea:c3:c2:
                    45:6c:1b:a1:87:46:84:d7:c8:a5:07:a9:a9:6c:8b:
                    f4:76:20:5c:01:d5:0b:24:5d:19:8f:fb:1f:13:2d:
                    7a:7d:32:4d:4a:ac:f6:cb:57:13:76:ef:f6:2e:09:
                    ab:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:6F:75:E5:71:0C:ED:0E:9C:45:13:68:A2:88:69:C2:39:5D:04:7C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/195c5509-8359-4823-b8ff-209f80234fff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:84:38:a4:2e:3e:a9:a4:62:d7:48:57:f5:25:ee:bf:32:4e:
         32:4c:e3:6f:d2:ea:5e:2d:ca:b3:b9:af:46:84:2f:6c:71:38:
         5d:27:85:2d:d1:2d:2d:21:3b:dc:65:d9:c5:cc:d9:86:52:a3:
         d7:32:c8:2b:0f:51:94:8a:f4:f8:e4:ed:e0:a1:0a:62:d1:09:
         dd:99:49:b2:e9:8c:e3:58:3f:39:07:22:fa:ec:a6:4d:cb:93:
         4f:a6:0f:f8:48:20:4b:f7:25:43:a9:a4:59:e1:4b:53:00:24:
         73:13:eb:38:7a:be:57:cf:68:95:bd:79:e1:d0:bc:9e:c3:7c:
         19:b2:a2:c8:e0:39:7c:93:91:19:7e:53:4e:02:30:aa:e2:c3:
         e9:a6:a7:80:45:0e:ad:cb:21:19:7e:ec:66:0a:16:8c:77:76:
         8e:a9:cf:26:78:0a:67:b4:cd:a7:77:47:9c:6d:96:c4:b6:a8:
         a0:72:73:03:c1:44:9b:d3:38:c0:9e:a4:fe:cf:02:39:42:09:
         54:6e:8d:d1:dc:f4:8c:73:72:5d:a9:30:2d:34:c0:b4:32:23:
         5b:58:2b:0f:5b:01:1e:23:06:42:a2:75:bf:14:65:8b:30:94:
         e6:75:27:9a:41:dd:bd:53:f9:bb:ff:28:e6:17:f7:eb:e3:eb:
         b7:30:8b:36
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEcQrbY9PxUCfCGEKxHlFDZECmLkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTIxMDAwMDAwWhcNMjMwNTI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2Y3ZWU4NzRkMDNiNWJkYmQ0NjM4YjM3OTRiOWM1YzRh
NTE4Zjc3YmExMDc0NGEyN2E2ODhkMDdmMmUyYmVhNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANge04+j9xTugWYyJAw4FhXYv8KtPn9z1kqxj/6odtgwB/CS8cBU
MgJGPML7ez4CxauQQdD9qNRLmZHe1SiEOgrkc9BqAdkD87OyYx3jqMd+mGjBctMz
K6mjQJQDoxHxw93jmeoZbapk5Xgxnxa0K3wV/fxMD9LBXaOPcfTB86/iyt/ihNiE
wMkRd1a9e7/lTjwrNFUnHIxIaQgefW7TMhdpQgiX74E5sSHvvpSthcmAvL+mCBt0
lCYcgtUW2Oq/zzPeFG1QY/ZqNCibRkSL6sPCRWwboYdGhNfIpQepqWyL9HYgXAHV
CyRdGY/7HxMten0yTUqs9stXE3bv9i4Jq88CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTSb3XlcQztDpxFE2iiiGnCOV0EfDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTk1YzU1MDktODM1OS00ODIzLWI4ZmYtMjA5ZjgwMjM0ZmZmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG+EOKQuPqmkYtdI
V/Ul7r8yTjJM42/S6l4tyrO5r0aEL2xxOF0nhS3RLS0hO9xl2cXM2YZSo9cyyCsP
UZSK9Pjk7eChCmLRCd2ZSbLpjONYPzkHIvrspk3Lk0+mD/hIIEv3JUOppFnhS1MA
JHMT6zh6vlfPaJW9eeHQvJ7DfBmyosjgOXyTkRl+U04CMKriw+mmp4BFDq3LIRl+
7GYKFox3do6pzyZ4Cme0zad3R5xtlsS2qKBycwPBRJvTOMCepP7PAjlCCVRujdHc
9Ixzcl2pMC00wLQyI1tYKw9bAR4jBkKidb8UZYswlOZ1J5pB3b1T+bv/KOYX9+vj
67cwizY=
-----END CERTIFICATE-----