Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2b8a076e-608f-46a8-9565-08617caa5efe.roa
File:                     2b8a076e-608f-46a8-9565-08617caa5efe.roa (raw, json)
Hash identifier:          gB+il70p5jJmu6B98lef/0YL8k44cHZCmGFVsxBe/Hc=
Subject key identifier:   49:0A:47:44:7F:56:98:F9:4F:65:A4:D6:14:03:A7:C4:58:8A:60:7A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0CD68A3FCABF0DA4C9BDBAE53805B6738CFEA96D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2b8a076e-608f-46a8-9565-08617caa5efe.roa
Signing time:             Thu 16 Feb 2023 00:00:00 +0000
ROA not before:           Thu 16 Feb 2023 00:00:00 +0000
ROA not after:            Sun 19 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:d6:8a:3f:ca:bf:0d:a4:c9:bd:ba:e5:38:05:b6:73:8c:fe:a9:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 16 00:00:00 2023 GMT
            Not After : Feb 19 23:59:59 2023 GMT
        Subject: serialNumber=8758c3f372269889c3a03c0c76376bbd74d01d3ce016bd5b125223f73b4a9de2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f8:db:77:64:c3:06:42:cd:f2:d8:52:bc:e1:
                    04:3e:bc:25:c4:e9:4d:d5:a2:2f:6c:de:67:df:00:
                    22:7e:43:2a:12:a5:b2:1b:a2:9f:4f:4d:a6:14:0f:
                    6b:a5:10:8d:3f:7a:6b:c8:c2:91:1a:3f:4a:d6:71:
                    aa:4a:4e:0b:19:37:5c:67:d7:7f:4e:db:f3:82:68:
                    4e:9e:d7:b8:a0:e6:86:dc:be:a2:9e:bd:32:c4:a8:
                    36:d0:aa:0f:e8:9f:05:71:73:c9:8c:be:f8:40:b7:
                    3e:f7:32:c4:60:13:83:a7:d1:ae:eb:af:7e:72:32:
                    93:eb:af:1a:f2:3d:50:ec:c2:b7:a2:61:a7:be:16:
                    5d:64:a7:1b:ec:7d:70:bb:4f:bb:7b:9a:10:47:f8:
                    b4:b4:00:8a:ba:da:dc:58:7b:66:ed:76:70:ba:06:
                    c8:3d:36:f8:fe:04:4a:8d:57:fb:ed:34:af:0e:25:
                    2c:31:95:dd:8d:ca:1f:20:e2:55:ff:03:24:6a:a2:
                    de:ee:d0:9f:8f:0f:c5:cf:f4:06:fc:4c:7b:f1:a3:
                    c1:25:72:89:1b:50:22:f1:4a:eb:24:f6:fe:a3:55:
                    73:30:c4:c7:ad:fb:8b:9d:40:57:68:2d:1f:e5:a0:
                    dd:7b:20:39:ad:15:35:98:ae:46:27:a9:2f:08:e2:
                    cc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:0A:47:44:7F:56:98:F9:4F:65:A4:D6:14:03:A7:C4:58:8A:60:7A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2b8a076e-608f-46a8-9565-08617caa5efe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:9f:a2:0b:28:bc:8d:22:99:23:ff:a6:9c:7d:0e:cf:24:bb:
         06:0b:6e:cd:a1:34:92:5b:96:c6:b8:16:bd:dd:09:0b:79:50:
         5d:b4:4e:1b:58:58:38:4d:4e:7c:ef:81:12:a9:f3:4c:8a:44:
         c2:7a:80:4c:67:03:2c:d2:8f:32:57:47:d6:43:6d:1d:83:8a:
         ca:39:51:8b:65:60:fe:05:4a:d3:1c:40:2f:56:85:d9:db:ba:
         52:0c:69:97:d6:a4:b8:bb:a1:a7:da:2f:59:be:70:53:ab:31:
         c8:55:a8:0d:ea:f2:87:89:2c:24:74:44:55:93:c9:a2:a7:e1:
         28:13:51:42:92:00:5e:51:34:1c:c2:25:bd:9d:a2:4c:ef:4e:
         d5:bf:d4:a7:8d:62:56:48:50:f7:70:d2:16:0f:50:ed:d2:ee:
         e9:68:bf:37:b6:e9:14:e2:5d:a1:e1:7e:0b:18:c7:d9:bb:23:
         26:c6:65:e4:db:4c:6c:11:79:12:02:3e:38:23:a6:77:e3:17:
         bf:a3:78:c1:6d:7a:b4:13:43:2d:a8:c0:1e:ce:d3:0a:92:14:
         19:3e:cf:43:ba:c9:a8:1c:af:b5:8b:89:7a:03:26:c0:11:29:
         f1:00:6e:a5:f3:9a:17:7c:7a:69:a5:c0:12:9d:a1:ae:19:d1:
         41:33:4a:0f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDNaKP8q/DaTJvbrlOAW2c4z+qW0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE2MDAwMDAwWhcNMjMwMjE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODc1OGMzZjM3MjI2OTg4OWMzYTAzYzBjNzYzNzZiYmQ3
NGQwMWQzY2UwMTZiZDViMTI1MjIzZjczYjRhOWRlMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALT423dkwwZCzfLYUrzhBD68JcTpTdWiL2zeZ98AIn5DKhKlshui
n09NphQPa6UQjT96a8jCkRo/StZxqkpOCxk3XGfXf07b84JoTp7XuKDmhty+op69
MsSoNtCqD+ifBXFzyYy++EC3PvcyxGATg6fRruuvfnIyk+uvGvI9UOzCt6Jhp74W
XWSnG+x9cLtPu3uaEEf4tLQAirra3Fh7Zu12cLoGyD02+P4ESo1X++00rw4lLDGV
3Y3KHyDiVf8DJGqi3u7Qn48Pxc/0BvxMe/GjwSVyiRtQIvFK6yT2/qNVczDEx637
i51AV2gtH+Wg3XsgOa0VNZiuRiepLwjizKcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRJCkdEf1aY+U9lpNYUA6fEWIpgejAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMmI4YTA3NmUtNjA4Zi00NmE4LTk1NjUtMDg2MTdjYWE1ZWZlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIufogsovI0imSP/
ppx9Ds8kuwYLbs2hNJJblsa4Fr3dCQt5UF20ThtYWDhNTnzvgRKp80yKRMJ6gExn
AyzSjzJXR9ZDbR2Diso5UYtlYP4FStMcQC9WhdnbulIMaZfWpLi7oafaL1m+cFOr
MchVqA3q8oeJLCR0RFWTyaKn4SgTUUKSAF5RNBzCJb2dokzvTtW/1KeNYlZIUPdw
0hYPUO3S7ulovze26RTiXaHhfgsYx9m7IybGZeTbTGwReRICPjgjpnfjF7+jeMFt
erQTQy2owB7O0wqSFBk+z0O6yagcr7WLiXoDJsARKfEAbqXzmhd8emmlwBKdoa4Z
0UEzSg8=
-----END CERTIFICATE-----