Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24f28f3c-0f4b-4dfc-bd14-31c45af03725.roa
File:                     24f28f3c-0f4b-4dfc-bd14-31c45af03725.roa (raw, json)
Hash identifier:          nXsQ7FFQ3eCr0KVIi0H4sALQvz7EZbGCovIckmZcGSI=
Subject key identifier:   63:F8:E3:D9:EC:5B:EC:C1:FD:4B:05:93:29:EE:A0:89:56:E9:97:59
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       41BB3C6FD0D7CA5DCE1BED1ED5079504051ADB2A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24f28f3c-0f4b-4dfc-bd14-31c45af03725.roa
Signing time:             Sun 19 Mar 2023 00:00:00 +0000
ROA not before:           Sun 19 Mar 2023 00:00:00 +0000
ROA not after:            Wed 22 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:bb:3c:6f:d0:d7:ca:5d:ce:1b:ed:1e:d5:07:95:04:05:1a:db:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 19 00:00:00 2023 GMT
            Not After : Mar 22 23:59:59 2023 GMT
        Subject: serialNumber=55812f462a49594e430c520504b1334769f038c08719c8ffab168e796a6b06f3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ab:25:34:71:a6:8f:c9:23:1e:81:70:fc:1d:
                    f1:96:f1:7b:2f:7b:b0:6b:b9:68:f3:c6:fd:79:42:
                    4c:31:08:1a:a2:96:27:b2:ce:88:5e:ff:12:0c:4a:
                    ed:5e:b8:ca:4a:98:48:b5:98:d3:cb:6a:88:25:8f:
                    99:df:fe:32:c7:cc:73:1a:8d:d8:c0:ab:5f:ed:3a:
                    1b:fd:86:24:4b:1c:ea:a5:35:70:57:4e:ea:f7:66:
                    1e:dc:73:df:17:aa:cd:25:99:47:14:4c:a5:06:71:
                    f0:e3:e6:03:93:e2:55:4b:03:be:a2:c3:70:08:97:
                    b8:29:16:4c:9c:8c:4c:4e:e3:a4:77:7c:d4:75:1d:
                    c9:fb:1b:9a:c8:d8:05:ab:85:9d:73:bf:8e:f2:3b:
                    34:81:a9:03:7f:30:41:6f:a4:33:2e:02:72:21:7e:
                    72:e8:aa:9d:db:60:20:89:f3:02:25:e4:c3:98:2e:
                    43:ac:88:2d:32:4c:7e:38:de:85:20:1b:f9:26:ae:
                    f3:62:06:b6:02:95:f4:2e:84:52:18:b2:2d:b6:b7:
                    9b:d1:39:23:8c:c6:bc:78:ae:21:06:47:07:56:43:
                    6b:34:93:66:e5:e1:23:2e:cf:85:fb:a0:61:44:b0:
                    0e:aa:d3:c2:ed:2d:bb:36:c0:ca:12:18:ea:3c:07:
                    59:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F8:E3:D9:EC:5B:EC:C1:FD:4B:05:93:29:EE:A0:89:56:E9:97:59
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24f28f3c-0f4b-4dfc-bd14-31c45af03725.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:3c:f1:fe:9b:86:da:a2:a9:f9:09:b3:8c:8c:fe:ef:cc:89:
         be:22:e1:8b:9e:4b:96:4d:51:f9:71:2f:3b:72:0b:16:fd:f6:
         c4:b1:4b:a9:78:81:49:36:3f:aa:73:77:52:4a:05:e8:50:21:
         a9:cb:bf:2f:fd:eb:88:e1:b5:1e:5b:5f:ee:02:0e:6b:d0:2c:
         c0:11:49:58:ff:8d:96:82:72:0a:1c:af:f5:d4:35:b8:9a:86:
         50:8d:00:d6:72:64:79:2c:0a:1c:8a:94:13:06:e7:21:fb:a8:
         d7:91:b1:61:f0:96:90:a4:48:9e:0c:71:2e:4d:e6:ea:4a:b5:
         de:e9:0a:70:32:85:ab:dd:2a:22:2f:84:f1:c7:1d:9b:2d:fa:
         e8:3f:cc:0b:94:6c:cd:75:f9:e1:32:97:a8:a5:47:ef:84:69:
         a0:ef:5e:5e:cd:0e:47:ed:4f:94:f2:7f:dd:2e:7f:e6:dd:f6:
         2a:22:ae:38:70:00:dd:87:f2:ac:e4:09:a5:af:74:83:41:94:
         2d:b6:24:34:40:7c:71:dc:af:d5:9c:94:13:71:36:e9:44:97:
         1e:bb:0c:f7:3a:f6:c6:1a:7c:24:dd:0e:97:79:be:c2:d2:8e:
         95:78:dc:16:37:b7:b4:83:d7:02:8c:c0:aa:97:05:2c:d3:b4:
         54:b5:07:7f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQbs8b9DXyl3OG+0e1QeVBAUa2yowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE5MDAwMDAwWhcNMjMwMzIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNANTU4MTJmNDYyYTQ5NTk0ZTQzMGM1MjA1MDRiMTMzNDc2
OWYwMzhjMDg3MTljOGZmYWIxNjhlNzk2YTZiMDZmMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKOrJTRxpo/JIx6BcPwd8Zbxey97sGu5aPPG/XlCTDEIGqKWJ7LO
iF7/EgxK7V64ykqYSLWY08tqiCWPmd/+MsfMcxqN2MCrX+06G/2GJEsc6qU1cFdO
6vdmHtxz3xeqzSWZRxRMpQZx8OPmA5PiVUsDvqLDcAiXuCkWTJyMTE7jpHd81HUd
yfsbmsjYBauFnXO/jvI7NIGpA38wQW+kMy4CciF+cuiqndtgIInzAiXkw5guQ6yI
LTJMfjjehSAb+Sau82IGtgKV9C6EUhiyLba3m9E5I4zGvHiuIQZHB1ZDazSTZuXh
Iy7PhfugYUSwDqrTwu0tuzbAyhIY6jwHWekCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRj+OPZ7Fvswf1LBZMp7qCJVumXWTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjRmMjhmM2MtMGY0Yi00ZGZjLWJkMTQtMzFjNDVhZjAzNzI1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAE488f6bhtqiqfkJ
s4yM/u/Mib4i4YueS5ZNUflxLztyCxb99sSxS6l4gUk2P6pzd1JKBehQIanLvy/9
64jhtR5bX+4CDmvQLMARSVj/jZaCcgocr/XUNbiahlCNANZyZHksChyKlBMG5yH7
qNeRsWHwlpCkSJ4McS5N5upKtd7pCnAyhavdKiIvhPHHHZst+ug/zAuUbM11+eEy
l6ilR++EaaDvXl7NDkftT5Tyf90uf+bd9ioirjhwAN2H8qzkCaWvdINBlC22JDRA
fHHcr9WclBNxNulElx67DPc69sYafCTdDpd5vsLSjpV43BY3t7SD1wKMwKqXBSzT
tFS1B38=
-----END CERTIFICATE-----