Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3b3f54f2-f84f-46f8-a906-a2e3ffc3fdb9.roa
File:                     3b3f54f2-f84f-46f8-a906-a2e3ffc3fdb9.roa (raw, json)
Hash identifier:          kQT9kUrZID1OB4M0A7d7ZG+afYFUKB4lHb7TDppnfGc=
Subject key identifier:   1E:B0:60:ED:92:CA:A7:BF:62:F1:2C:38:13:2B:8C:3A:99:CA:86:BD
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6B10E8A9D147AEAC5CEC06DE73419691C6D5F36E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3b3f54f2-f84f-46f8-a906-a2e3ffc3fdb9.roa
Signing time:             Wed 19 Apr 2023 00:00:00 +0000
ROA not before:           Wed 19 Apr 2023 00:00:00 +0000
ROA not after:            Sat 22 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:10:e8:a9:d1:47:ae:ac:5c:ec:06:de:73:41:96:91:c6:d5:f3:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 19 00:00:00 2023 GMT
            Not After : Apr 22 23:59:59 2023 GMT
        Subject: serialNumber=0055be9f2c667cc470f0831595b3facb500c54a1e304b1662c0291710b5cfa04, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b5:e3:f0:cc:82:ab:74:44:d7:a7:f6:03:e1:
                    2e:0c:52:53:07:5c:c8:e5:9b:9f:43:51:b7:54:50:
                    6c:dc:6c:0b:76:cc:dc:41:ea:1f:21:5a:97:6c:72:
                    b7:c2:7b:a6:56:5f:b7:57:57:c2:03:f4:45:f2:09:
                    0a:5f:34:0d:af:c6:f5:5c:a4:85:23:30:4d:32:31:
                    5c:7a:73:53:87:2d:3f:35:9c:cc:c5:42:14:01:70:
                    d3:f5:74:9b:d5:c2:1b:c9:ee:cb:89:d1:32:33:d4:
                    ed:c8:8c:38:2c:d8:e0:a7:a0:1a:47:d5:81:f7:0d:
                    4a:89:64:bf:ba:ba:70:8c:1e:e9:38:3e:f7:cd:d5:
                    08:92:3d:31:d0:2d:e0:4b:49:47:a1:e8:9a:a1:9d:
                    a8:81:32:1a:bb:dc:12:20:4c:11:23:4b:24:bc:dc:
                    cf:ab:21:50:dd:5b:44:d2:4f:2e:13:73:d1:d2:80:
                    36:52:4f:1d:41:35:96:d5:24:98:55:ce:77:b5:36:
                    59:76:7b:1b:04:1d:c2:39:35:3f:47:7e:53:4d:1c:
                    e1:a3:e6:80:64:04:5c:a1:12:eb:1f:05:39:4c:5d:
                    c4:d9:12:85:06:0d:6a:f7:4c:ed:30:d8:4e:04:99:
                    4a:1a:7c:87:dc:59:4f:01:3b:68:8f:f8:2d:8e:e2:
                    93:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:B0:60:ED:92:CA:A7:BF:62:F1:2C:38:13:2B:8C:3A:99:CA:86:BD
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3b3f54f2-f84f-46f8-a906-a2e3ffc3fdb9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:ee:2c:92:53:ba:0e:73:69:17:60:f9:f7:cd:6f:8b:75:0e:
         fb:e4:4d:f9:21:ad:4c:9c:57:ca:31:ec:26:c0:e4:65:6b:3b:
         43:3c:c8:73:5e:df:b6:3c:b5:42:d9:52:dc:99:ba:23:3e:b5:
         1b:db:c8:ec:e6:20:19:00:ef:6b:f8:0d:1f:32:a2:0f:f0:f5:
         0f:fc:ad:45:c5:f7:bb:57:91:d7:fd:d5:11:a5:d7:9d:0a:a3:
         fe:34:ce:f4:57:8f:da:83:82:57:c9:b9:54:89:08:40:1a:a1:
         e4:f7:e0:4b:f4:10:99:5e:a9:28:41:90:8f:cd:3e:6d:72:41:
         db:2c:35:ce:ad:0a:16:b3:26:9f:14:73:97:44:56:08:93:6a:
         b9:f3:1f:32:c3:e1:5f:aa:c6:8a:8d:e4:dc:ad:1b:0d:fd:0a:
         fe:57:f2:ed:93:fd:34:b4:a3:2c:6c:97:23:68:12:7c:07:7f:
         34:0e:8a:c4:f9:7c:04:c5:bc:d8:b9:52:67:6c:35:59:3e:9c:
         fe:ac:69:b7:06:16:8c:7c:1c:d3:ed:e3:1c:64:25:76:27:ff:
         71:41:79:9a:65:12:7d:ba:88:29:08:33:ab:86:1f:05:8a:54:
         29:38:c7:00:1c:25:0c:c6:07:9a:9c:8a:f8:8c:24:cb:7c:51:
         c5:af:6e:e2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUaxDoqdFHrqxc7Abec0GWkcbV824wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE5MDAwMDAwWhcNMjMwNDIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDA1NWJlOWYyYzY2N2NjNDcwZjA4MzE1OTViM2ZhY2I1
MDBjNTRhMWUzMDRiMTY2MmMwMjkxNzEwYjVjZmEwNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKm14/DMgqt0RNen9gPhLgxSUwdcyOWbn0NRt1RQbNxsC3bM3EHq
HyFal2xyt8J7plZft1dXwgP0RfIJCl80Da/G9VykhSMwTTIxXHpzU4ctPzWczMVC
FAFw0/V0m9XCG8nuy4nRMjPU7ciMOCzY4KegGkfVgfcNSolkv7q6cIwe6Tg+983V
CJI9MdAt4EtJR6HomqGdqIEyGrvcEiBMESNLJLzcz6shUN1bRNJPLhNz0dKANlJP
HUE1ltUkmFXOd7U2WXZ7GwQdwjk1P0d+U00c4aPmgGQEXKES6x8FOUxdxNkShQYN
avdM7TDYTgSZShp8h9xZTwE7aI/4LY7ik0sCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQesGDtksqnv2LxLDgTK4w6mcqGvTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2IzZjU0ZjItZjg0Zi00NmY4LWE5MDYtYTJlM2ZmYzNmZGI5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAjuLJJTug5zaRdg
+ffNb4t1DvvkTfkhrUycV8ox7CbA5GVrO0M8yHNe37Y8tULZUtyZuiM+tRvbyOzm
IBkA72v4DR8yog/w9Q/8rUXF97tXkdf91RGl150Ko/40zvRXj9qDglfJuVSJCEAa
oeT34Ev0EJleqShBkI/NPm1yQdssNc6tChazJp8Uc5dEVgiTarnzHzLD4V+qxoqN
5NytGw39Cv5X8u2T/TS0oyxslyNoEnwHfzQOisT5fATFvNi5UmdsNVk+nP6sabcG
Fox8HNPt4xxkJXYn/3FBeZplEn26iCkIM6uGHwWKVCk4xwAcJQzGB5qciviMJMt8
UcWvbuI=
-----END CERTIFICATE-----