Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33c398d2-a159-4e2d-8f56-b0c0af9688fe.roa
File:                     33c398d2-a159-4e2d-8f56-b0c0af9688fe.roa (raw, json)
Hash identifier:          ksFwm/sXMBNyANy42dGgH05eXjYLQ7i7hCr2sPrNKzY=
Subject key identifier:   14:08:4A:45:0A:C6:97:3B:FC:40:99:13:7E:63:6E:9D:8B:F1:5A:E5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       776414B8E0FF4320286C7C1E595B4FE60B891340
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33c398d2-a159-4e2d-8f56-b0c0af9688fe.roa
Signing time:             Wed 10 May 2023 00:00:00 +0000
ROA not before:           Wed 10 May 2023 00:00:00 +0000
ROA not after:            Sat 13 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:64:14:b8:e0:ff:43:20:28:6c:7c:1e:59:5b:4f:e6:0b:89:13:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 10 00:00:00 2023 GMT
            Not After : May 13 23:59:59 2023 GMT
        Subject: serialNumber=3d49091804ac9104c5bc67e042bffb4236f9637c534346ade7a52f4c2ef4b9e7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b7:14:c3:1d:75:cd:6e:e4:fa:5e:45:b4:c0:
                    c3:6a:49:8f:48:c4:ab:7d:da:a0:e4:61:4f:c3:c9:
                    15:74:4a:ee:2f:ae:25:b7:cc:9b:a5:3f:6b:d7:8e:
                    fb:d2:04:2e:7e:19:68:11:72:e3:83:06:40:cd:12:
                    2b:4a:9d:68:10:9d:75:c8:59:09:b5:3f:70:62:36:
                    5e:70:5a:99:6b:2a:85:4e:ec:29:fc:ba:a3:ca:de:
                    cf:e5:aa:1a:91:f9:df:03:37:ae:f1:27:a4:d7:18:
                    41:db:a6:cb:bc:68:49:31:a0:e1:f3:b2:de:62:ca:
                    59:57:53:1e:60:9f:2d:f9:89:b5:d2:5d:8b:f0:2b:
                    bb:82:c5:18:7f:9a:d3:13:a6:e2:a0:d0:3e:23:2e:
                    57:0d:c7:2e:d0:33:18:eb:ce:e3:03:ce:5f:0e:5e:
                    79:e4:46:d4:6b:d8:63:d7:d5:72:f4:c1:ef:93:f9:
                    d0:37:a8:a0:d3:92:32:5c:41:46:6a:ac:c4:be:27:
                    a2:ea:25:fe:cf:82:38:aa:30:26:8f:10:eb:a8:b2:
                    64:41:d3:c9:a7:b3:a2:38:ab:62:54:a0:be:33:2e:
                    4f:41:cb:9a:02:c7:70:52:81:0a:58:f0:a0:99:0b:
                    d9:6e:43:d6:d9:17:ff:8f:50:67:65:a7:ff:de:e2:
                    00:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:08:4A:45:0A:C6:97:3B:FC:40:99:13:7E:63:6E:9D:8B:F1:5A:E5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/33c398d2-a159-4e2d-8f56-b0c0af9688fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:7c:4e:62:66:29:32:89:26:bf:b7:96:57:a5:3d:ae:3b:e2:
         23:5b:31:34:14:42:c9:b1:db:35:da:97:b6:f2:c9:68:40:1b:
         57:23:e9:62:e0:36:2a:3c:66:1d:8f:bd:c7:0f:63:03:d1:b3:
         4d:07:27:88:5f:9d:c6:6f:f7:88:4d:f9:ad:6f:5d:be:be:d6:
         a9:a2:d2:a9:43:aa:f3:c7:db:c6:5f:bd:42:20:67:9a:54:24:
         56:27:c5:a1:d1:c4:41:59:e8:01:13:fc:de:db:20:77:18:91:
         84:fd:ab:41:90:42:72:75:ff:54:a4:b1:a9:77:66:a2:4e:67:
         9e:8a:93:0a:27:c8:b2:82:fe:72:c8:f8:cd:4e:d4:c6:ec:77:
         45:62:e4:e7:17:b3:ba:01:49:be:50:c2:7c:17:a7:3e:39:b1:
         eb:d0:70:21:f1:62:a8:ba:f9:8e:c7:ca:a9:6c:12:84:c5:2f:
         ba:60:21:8e:d9:80:f8:3d:de:b1:ef:a7:45:96:ff:45:53:3f:
         9e:89:45:ca:20:fd:21:03:45:9e:9b:a6:3e:aa:0b:05:5a:17:
         3c:cf:e0:83:c7:8b:d1:d4:da:7f:de:3b:a8:73:37:62:35:e6:
         56:d0:cc:8f:79:b3:cd:7f:72:dc:ee:ed:6f:2e:ff:a5:41:68:
         ce:13:69:82
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUd2QUuOD/QyAobHweWVtP5guJE0AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTEwMDAwMDAwWhcNMjMwNTEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2Q0OTA5MTgwNGFjOTEwNGM1YmM2N2UwNDJiZmZiNDIz
NmY5NjM3YzUzNDM0NmFkZTdhNTJmNGMyZWY0YjllNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMC3FMMddc1u5PpeRbTAw2pJj0jEq33aoORhT8PJFXRK7i+uJbfM
m6U/a9eO+9IELn4ZaBFy44MGQM0SK0qdaBCddchZCbU/cGI2XnBamWsqhU7sKfy6
o8rez+WqGpH53wM3rvEnpNcYQdumy7xoSTGg4fOy3mLKWVdTHmCfLfmJtdJdi/Ar
u4LFGH+a0xOm4qDQPiMuVw3HLtAzGOvO4wPOXw5eeeRG1GvYY9fVcvTB75P50Deo
oNOSMlxBRmqsxL4nouol/s+COKowJo8Q66iyZEHTyaezojirYlSgvjMuT0HLmgLH
cFKBCljwoJkL2W5D1tkX/49QZ2Wn/97iAG8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQUCEpFCsaXO/xAmRN+Y26di/Fa5TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzNjMzk4ZDItYTE1OS00ZTJkLThmNTYtYjBjMGFmOTY4OGZlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACB8TmJmKTKJJr+3
llelPa474iNbMTQUQsmx2zXal7byyWhAG1cj6WLgNio8Zh2PvccPYwPRs00HJ4hf
ncZv94hN+a1vXb6+1qmi0qlDqvPH28ZfvUIgZ5pUJFYnxaHRxEFZ6AET/N7bIHcY
kYT9q0GQQnJ1/1Sksal3ZqJOZ56KkwonyLKC/nLI+M1O1Mbsd0Vi5OcXs7oBSb5Q
wnwXpz45sevQcCHxYqi6+Y7HyqlsEoTFL7pgIY7ZgPg93rHvp0WW/0VTP56JRcog
/SEDRZ6bpj6qCwVaFzzP4IPHi9HU2n/eO6hzN2I15lbQzI95s81/ctzu7W8u/6VB
aM4TaYI=
-----END CERTIFICATE-----