Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/463c31c2-0944-4050-8e40-afc99dd5c064.roa
File:                     463c31c2-0944-4050-8e40-afc99dd5c064.roa (raw, json)
Hash identifier:          atIiYeIyeh9TwUlnXpxb7QQpsq2aOxIK4OFyqI+o+ys=
Subject key identifier:   EA:1C:CC:D8:FE:A6:7C:B0:A3:54:3A:7F:7E:09:E1:9B:26:75:9C:8B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0BA01AFDD99B91838F0EEF0A06A47E82D2B28AE6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/463c31c2-0944-4050-8e40-afc99dd5c064.roa
Signing time:             Mon 13 Mar 2023 00:00:00 +0000
ROA not before:           Mon 13 Mar 2023 00:00:00 +0000
ROA not after:            Thu 16 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a0:1a:fd:d9:9b:91:83:8f:0e:ef:0a:06:a4:7e:82:d2:b2:8a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 13 00:00:00 2023 GMT
            Not After : Mar 16 23:59:59 2023 GMT
        Subject: serialNumber=d88e9f846acd6a40d790b2a9e5347a876fc8e307f157cc557e32f83d54253f27, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f1:15:6d:9d:d7:98:4d:95:02:e6:f8:6d:53:
                    d0:1b:18:7a:9e:17:85:4d:34:f1:a9:08:a8:a0:3a:
                    7a:98:9c:f6:87:4c:e0:b9:36:cd:13:c7:5b:4b:08:
                    94:cf:d7:8e:53:3a:ee:dc:d1:99:b3:7e:2f:e9:f7:
                    a5:97:8d:85:81:5d:00:43:7c:71:63:60:74:e7:36:
                    ef:83:71:1f:b3:b3:21:56:32:c5:e7:de:00:60:fa:
                    b1:7d:e1:09:02:ec:0c:48:fe:e1:e7:e6:16:dc:61:
                    0f:cf:d3:bd:2b:08:56:a2:c7:5d:f3:a2:5e:0e:cb:
                    4e:34:35:d8:aa:cd:35:83:f4:0e:96:f6:cd:20:ff:
                    82:8f:da:bb:ae:4e:36:82:d2:cf:76:c5:b1:a8:74:
                    44:80:7d:f0:0c:9c:c3:40:ac:5f:42:d4:1e:20:18:
                    3f:6b:76:fe:06:2f:1b:5a:db:a9:40:9e:fe:45:98:
                    ec:49:d0:5d:8a:ef:79:af:62:68:b6:5e:49:a7:9d:
                    36:ac:bf:2f:a2:f3:6a:30:85:ca:26:84:45:7d:d0:
                    f4:0f:48:54:6b:3c:92:58:b4:b3:e2:4a:a9:fa:63:
                    fa:a5:eb:2a:47:49:a8:b1:1c:8d:fa:e0:1c:39:10:
                    38:e0:b8:d8:39:5a:75:c1:a2:c2:69:a9:ca:6d:65:
                    e7:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:1C:CC:D8:FE:A6:7C:B0:A3:54:3A:7F:7E:09:E1:9B:26:75:9C:8B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/463c31c2-0944-4050-8e40-afc99dd5c064.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:76:59:23:14:21:35:8d:3f:b7:42:4c:94:02:ac:b0:ed:3c:
         48:54:01:af:ec:83:cb:9c:e5:08:a1:59:4c:b2:9d:3b:15:df:
         8c:ec:97:be:b1:7c:85:4e:b7:06:a6:01:1f:62:af:76:15:18:
         ca:1c:6d:ea:71:15:f2:38:42:e9:5d:0e:84:61:ee:0a:16:d4:
         ee:43:d6:d5:78:a6:db:05:ec:9f:6b:65:17:94:0b:b7:7c:82:
         da:06:2c:4a:1b:a6:79:a2:ce:18:4e:5e:d5:2d:34:c5:7b:80:
         42:c8:9e:58:63:5e:6b:ec:70:41:5a:81:5e:82:f9:91:17:d4:
         7e:a4:75:d8:ea:4d:7d:8d:01:7e:bc:00:94:a5:ba:49:ea:54:
         81:c3:ec:6f:e5:30:cf:1e:b5:9e:ad:86:9f:6e:08:d3:36:3a:
         f0:da:80:f5:27:39:d0:e3:18:85:29:d0:26:e0:e7:52:31:9d:
         8b:11:7e:de:68:cd:02:96:af:2e:9d:72:00:c6:03:6b:46:20:
         84:1e:9f:6a:c4:27:fd:22:4d:d8:80:3f:bd:f4:a1:c9:e9:a4:
         15:4d:21:67:d2:ad:9f:7b:c5:12:cb:e1:d0:df:c5:19:24:37:
         be:23:2b:0d:f8:d8:57:a0:b9:2d:e2:4c:0d:70:a5:20:62:84:
         ad:70:d3:49
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUC6Aa/dmbkYOPDu8KBqR+gtKyiuYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEzMDAwMDAwWhcNMjMwMzE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDg4ZTlmODQ2YWNkNmE0MGQ3OTBiMmE5ZTUzNDdhODc2
ZmM4ZTMwN2YxNTdjYzU1N2UzMmY4M2Q1NDI1M2YyNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJjxFW2d15hNlQLm+G1T0BsYep4XhU008akIqKA6epic9odM4Lk2
zRPHW0sIlM/XjlM67tzRmbN+L+n3pZeNhYFdAEN8cWNgdOc274NxH7OzIVYyxefe
AGD6sX3hCQLsDEj+4efmFtxhD8/TvSsIVqLHXfOiXg7LTjQ12KrNNYP0Dpb2zSD/
go/au65ONoLSz3bFsah0RIB98Aycw0CsX0LUHiAYP2t2/gYvG1rbqUCe/kWY7EnQ
XYrvea9iaLZeSaedNqy/L6LzajCFyiaERX3Q9A9IVGs8kli0s+JKqfpj+qXrKkdJ
qLEcjfrgHDkQOOC42DladcGiwmmpym1l50ECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTqHMzY/qZ8sKNUOn9+CeGbJnWcizAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDYzYzMxYzItMDk0NC00MDUwLThlNDAtYWZjOTlkZDVjMDY0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMx2WSMUITWNP7dC
TJQCrLDtPEhUAa/sg8uc5QihWUyynTsV34zsl76xfIVOtwamAR9ir3YVGMocbepx
FfI4QuldDoRh7goW1O5D1tV4ptsF7J9rZReUC7d8gtoGLEobpnmizhhOXtUtNMV7
gELInlhjXmvscEFagV6C+ZEX1H6kddjqTX2NAX68AJSluknqVIHD7G/lMM8etZ6t
hp9uCNM2OvDagPUnOdDjGIUp0Cbg51IxnYsRft5ozQKWry6dcgDGA2tGIIQen2rE
J/0iTdiAP730ocnppBVNIWfSrZ97xRLL4dDfxRkkN74jKw342FeguS3iTA1wpSBi
hK1w00k=
-----END CERTIFICATE-----