Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41520de4-4f2e-4f50-9dd3-9cbf45105691.roa
File:                     41520de4-4f2e-4f50-9dd3-9cbf45105691.roa (raw, json)
Hash identifier:          fvwfBbb7bP1RfbcAP3lbJhBRhiBUiHZX4Nsbey49c5A=
Subject key identifier:   67:A6:DF:A0:37:3C:C4:3B:E6:6B:03:7C:8F:EE:FA:0E:BF:2A:3F:BC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       368E8DC42D152D6D8B325CDCCFBDE1DDD0ACF3CD
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41520de4-4f2e-4f50-9dd3-9cbf45105691.roa
Signing time:             Sun 23 Apr 2023 00:00:00 +0000
ROA not before:           Sun 23 Apr 2023 00:00:00 +0000
ROA not after:            Wed 26 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:8e:8d:c4:2d:15:2d:6d:8b:32:5c:dc:cf:bd:e1:dd:d0:ac:f3:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 23 00:00:00 2023 GMT
            Not After : Apr 26 23:59:59 2023 GMT
        Subject: serialNumber=a0a6a157fd2886a794b40804fb3f73981cbaa9676b4d6d1c7287cdcafb7887f6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:df:4a:23:1c:6d:93:01:ee:22:cc:fc:37:5d:
                    b5:be:c3:73:c1:3c:a5:dd:3c:70:fb:59:56:79:2e:
                    93:18:f0:3b:bd:76:bd:8e:f4:96:ee:6e:36:e0:5c:
                    94:32:17:99:82:3e:b9:e2:a1:7c:6f:d3:bf:85:1e:
                    86:9b:2c:06:48:81:87:d9:5d:5e:dc:5d:ee:38:b2:
                    8f:b0:90:6e:a2:63:af:f3:aa:cc:65:2f:67:57:56:
                    a6:23:fa:9e:45:e3:d8:fe:e1:44:0f:01:10:a3:5b:
                    5b:03:49:70:9e:dd:6b:ad:bb:6e:52:f8:f5:6a:d7:
                    1e:ec:36:ff:4a:f0:de:e9:ab:74:2d:23:50:c1:d5:
                    b8:ed:b3:4c:5d:1d:15:24:5d:36:db:19:29:7f:f4:
                    3b:f5:2d:78:07:82:fa:bf:da:83:cf:57:20:1d:dc:
                    8a:f5:0b:76:9a:96:e9:b2:bb:d5:19:74:7c:f5:b3:
                    84:b9:e1:0c:78:47:73:89:22:50:7b:13:3e:d1:a5:
                    37:c0:ab:35:dd:68:f6:7c:93:86:e2:98:0d:74:ad:
                    d7:17:41:8a:e0:0a:b5:78:96:77:d3:bd:a4:6d:9d:
                    2f:0e:45:a9:97:bc:a0:e4:a6:ea:07:e2:c8:d2:9b:
                    3f:f3:7a:a6:0c:27:d8:6c:37:ff:6d:fa:e4:f1:7a:
                    6e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A6:DF:A0:37:3C:C4:3B:E6:6B:03:7C:8F:EE:FA:0E:BF:2A:3F:BC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/41520de4-4f2e-4f50-9dd3-9cbf45105691.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:f8:d2:ae:da:81:74:04:1d:b5:59:ae:b6:ea:b8:4c:4d:07:
         96:1a:a0:01:bd:d7:52:c7:ad:22:26:56:8f:80:0f:fd:eb:7c:
         20:b3:a3:6f:41:bb:5d:50:bd:c3:4d:79:3b:0b:78:67:98:e1:
         4b:35:8b:31:d2:80:6a:1f:af:d0:c4:85:73:22:f5:78:32:3c:
         20:93:e5:4d:c5:1e:bd:a7:7a:e9:34:b0:6e:68:0b:27:6e:96:
         81:d0:6b:da:d2:4f:bc:fe:95:d4:9b:63:16:44:69:f3:1c:b1:
         be:de:82:ac:60:7d:ac:bb:f9:dd:fd:4c:d6:4c:07:c6:03:da:
         4a:ac:f0:59:be:39:00:00:12:d1:fe:95:49:3c:90:69:e6:81:
         df:05:8b:a9:31:f4:14:29:8d:e1:fd:3a:e6:8c:15:d5:b0:8a:
         8b:8d:76:7a:a9:71:9c:5c:99:50:b7:fc:4c:1e:16:68:bb:c4:
         14:15:a6:6c:2f:6d:59:e5:78:f2:11:87:cf:38:05:8c:a2:1b:
         24:d8:5c:2d:90:3e:27:b5:e8:d1:b2:90:86:6d:ef:86:b0:bf:
         6a:32:92:3b:e0:cd:b9:64:eb:9c:4e:f2:6d:49:23:95:5f:11:
         b9:71:44:2a:33:42:7e:d8:ea:ba:e0:a3:7f:8f:a6:a8:7b:3f:
         8a:7f:5a:19
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNo6NxC0VLW2LMlzcz73h3dCs880wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIzMDAwMDAwWhcNMjMwNDI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTBhNmExNTdmZDI4ODZhNzk0YjQwODA0ZmIzZjczOTgx
Y2JhYTk2NzZiNGQ2ZDFjNzI4N2NkY2FmYjc4ODdmNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKbfSiMcbZMB7iLM/Dddtb7Dc8E8pd08cPtZVnkukxjwO712vY70
lu5uNuBclDIXmYI+ueKhfG/Tv4UehpssBkiBh9ldXtxd7jiyj7CQbqJjr/OqzGUv
Z1dWpiP6nkXj2P7hRA8BEKNbWwNJcJ7da627blL49WrXHuw2/0rw3umrdC0jUMHV
uO2zTF0dFSRdNtsZKX/0O/UteAeC+r/ag89XIB3civULdpqW6bK71Rl0fPWzhLnh
DHhHc4kiUHsTPtGlN8CrNd1o9nyThuKYDXSt1xdBiuAKtXiWd9O9pG2dLw5FqZe8
oOSm6gfiyNKbP/N6pgwn2Gw3/2365PF6bn8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRnpt+gNzzEO+ZrA3yP7voOvyo/vDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDE1MjBkZTQtNGYyZS00ZjUwLTlkZDMtOWNiZjQ1MTA1NjkxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAT40q7agXQEHbVZ
rrbquExNB5YaoAG911LHrSImVo+AD/3rfCCzo29Bu11QvcNNeTsLeGeY4Us1izHS
gGofr9DEhXMi9XgyPCCT5U3FHr2neuk0sG5oCyduloHQa9rST7z+ldSbYxZEafMc
sb7egqxgfay7+d39TNZMB8YD2kqs8Fm+OQAAEtH+lUk8kGnmgd8Fi6kx9BQpjeH9
OuaMFdWwiouNdnqpcZxcmVC3/EweFmi7xBQVpmwvbVnlePIRh884BYyiGyTYXC2Q
Pie16NGykIZt74awv2oykjvgzblk65xO8m1JI5VfEblxRCozQn7Y6rrgo3+Ppqh7
P4p/Whk=
-----END CERTIFICATE-----