Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1e1375b4-b0ca-4ac5-9982-fdd28b2ce323.roa
File:                     1e1375b4-b0ca-4ac5-9982-fdd28b2ce323.roa (raw, json)
Hash identifier:          mHD6ndQEZjndifWdh/c/jaRYNp8olJkvEV5x1HHvwkc=
Subject key identifier:   76:2A:1E:2C:20:54:07:DE:38:2C:CA:AD:F4:F9:B0:94:D8:21:BB:95
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5A363C3EF3FE4A75E67918B4A01222FAE241F0E9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1e1375b4-b0ca-4ac5-9982-fdd28b2ce323.roa
Signing time:             Tue 28 Feb 2023 00:00:00 +0000
ROA not before:           Tue 28 Feb 2023 00:00:00 +0000
ROA not after:            Fri 03 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:36:3c:3e:f3:fe:4a:75:e6:79:18:b4:a0:12:22:fa:e2:41:f0:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 28 00:00:00 2023 GMT
            Not After : Mar  3 23:59:59 2023 GMT
        Subject: serialNumber=3d49e2830f29277a22ab8307fd88529369751f1b72cef65228b6f048e7552135, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:52:06:92:d6:67:92:27:cb:40:2a:4f:fa:02:
                    6e:2d:84:47:b1:9a:d4:42:29:9e:fc:0a:03:e2:9f:
                    ef:e9:e5:31:2f:6b:a0:ae:41:a4:f0:96:65:41:6e:
                    74:c4:b8:7e:a8:08:22:df:2a:b0:e6:c6:bd:36:a0:
                    1b:bb:bb:31:22:b6:e1:73:95:98:0a:40:28:21:c2:
                    53:1f:9c:5b:93:e5:a1:ee:25:52:3c:e2:7b:21:cb:
                    dc:78:84:72:a6:3b:94:e5:6e:65:b2:14:e4:84:75:
                    ed:d9:7c:67:f6:0f:97:bf:34:ef:a3:f3:e2:c0:26:
                    24:47:92:f1:9a:31:55:a6:54:9a:85:c1:b9:78:47:
                    46:d0:04:ec:85:95:b5:8c:69:d5:0b:23:d1:34:69:
                    ec:ea:33:3a:b5:8a:3a:76:ce:b1:fc:c8:b3:79:a3:
                    1b:03:44:64:2c:f6:a5:ea:6b:15:fb:ae:4b:97:c8:
                    3f:3c:67:96:12:31:c9:4a:65:5c:21:6b:64:a6:74:
                    b3:bf:b5:c8:ef:3e:a6:99:64:b9:44:ab:7e:f2:5d:
                    1c:ed:3e:64:6f:6a:ac:14:9a:eb:b0:0a:12:5a:a9:
                    02:f1:a7:fe:8d:c1:87:86:9f:c4:3c:f8:ac:0f:73:
                    67:0d:f5:80:ea:c1:e5:dc:60:ab:f9:59:58:25:50:
                    4e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:2A:1E:2C:20:54:07:DE:38:2C:CA:AD:F4:F9:B0:94:D8:21:BB:95
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1e1375b4-b0ca-4ac5-9982-fdd28b2ce323.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:77:6e:a3:b0:ad:27:e6:b0:3d:6a:05:a2:26:14:28:a6:a6:
         59:7f:61:ff:f6:4c:ea:9a:d9:22:a3:81:7b:01:35:a0:c7:d5:
         43:5a:2c:6f:af:60:bb:95:ae:2f:1b:57:c5:10:37:56:b8:89:
         58:75:36:01:f6:bd:ff:2d:86:24:0a:b1:d2:77:03:01:94:f0:
         54:c0:38:67:39:cb:0e:26:8b:55:32:3d:82:86:29:8f:92:69:
         2d:7b:09:17:b8:88:0d:4f:82:33:18:44:bd:ff:ec:c0:a1:12:
         d5:9a:07:fa:99:6f:1b:bf:e6:8f:8a:f9:bf:1f:63:e0:3a:bd:
         3a:c9:36:bc:44:77:af:96:47:e5:c3:e0:dc:52:1d:58:c3:ec:
         12:02:5b:f1:6b:2e:a7:cd:07:e3:18:23:b6:29:bb:83:c8:02:
         ef:16:68:c6:97:38:ad:97:71:74:14:c9:39:df:aa:0b:de:28:
         d2:ed:1b:28:0d:f7:ab:60:47:b3:d6:7d:c5:13:ac:4a:74:02:
         ea:7a:9e:27:75:2b:80:4a:ab:2a:76:71:e0:17:50:4c:e9:54:
         cd:94:47:a6:e7:cf:dd:b9:70:6c:2c:50:bc:87:c7:ac:5c:dd:
         df:8e:30:06:ae:2a:1d:ed:91:fd:64:e9:56:df:83:b5:a5:5c:
         ca:34:ae:20
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUWjY8PvP+SnXmeRi0oBIi+uJB8OkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI4MDAwMDAwWhcNMjMwMzAzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2Q0OWUyODMwZjI5Mjc3YTIyYWI4MzA3ZmQ4ODUyOTM2
OTc1MWYxYjcyY2VmNjUyMjhiNmYwNDhlNzU1MjEzNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM9SBpLWZ5Iny0AqT/oCbi2ER7Ga1EIpnvwKA+Kf7+nlMS9roK5B
pPCWZUFudMS4fqgIIt8qsObGvTagG7u7MSK24XOVmApAKCHCUx+cW5Ploe4lUjzi
eyHL3HiEcqY7lOVuZbIU5IR17dl8Z/YPl78076Pz4sAmJEeS8ZoxVaZUmoXBuXhH
RtAE7IWVtYxp1Qsj0TRp7OozOrWKOnbOsfzIs3mjGwNEZCz2peprFfuuS5fIPzxn
lhIxyUplXCFrZKZ0s7+1yO8+pplkuUSrfvJdHO0+ZG9qrBSa67AKElqpAvGn/o3B
h4afxDz4rA9zZw31gOrB5dxgq/lZWCVQTlUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR2Kh4sIFQH3jgsyq30+bCU2CG7lTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWUxMzc1YjQtYjBjYS00YWM1LTk5ODItZmRkMjhiMmNlMzIzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEd3bqOwrSfmsD1q
BaImFCimpll/Yf/2TOqa2SKjgXsBNaDH1UNaLG+vYLuVri8bV8UQN1a4iVh1NgH2
vf8thiQKsdJ3AwGU8FTAOGc5yw4mi1UyPYKGKY+SaS17CRe4iA1PgjMYRL3/7MCh
EtWaB/qZbxu/5o+K+b8fY+A6vTrJNrxEd6+WR+XD4NxSHVjD7BICW/FrLqfNB+MY
I7Ypu4PIAu8WaMaXOK2XcXQUyTnfqgveKNLtGygN96tgR7PWfcUTrEp0Aup6nid1
K4BKqyp2ceAXUEzpVM2UR6bnz925cGwsULyHx6xc3d+OMAauKh3tkf1k6Vbfg7Wl
XMo0riA=
-----END CERTIFICATE-----