Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/468170a2-b65f-43d8-bb4e-b73d6befb73f.roa
File:                     468170a2-b65f-43d8-bb4e-b73d6befb73f.roa (raw, json)
Hash identifier:          urzQnMvgONsD/oJWba6nv+IiOw6l755ojHb6yx+F+tI=
Subject key identifier:   04:57:A8:27:99:22:71:DC:B5:18:5F:83:90:94:8D:C2:EB:C0:90:E6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       78951A39440A7BDDB4AC9BC5EF0BC672E0589678
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/468170a2-b65f-43d8-bb4e-b73d6befb73f.roa
Signing time:             Tue 05 Jul 2022 00:00:00 +0000
ROA not before:           Tue 05 Jul 2022 00:00:00 +0000
ROA not after:            Fri 08 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:95:1a:39:44:0a:7b:dd:b4:ac:9b:c5:ef:0b:c6:72:e0:58:96:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul  5 00:00:00 2022 GMT
            Not After : Jul  8 23:59:59 2022 GMT
        Subject: serialNumber=4779eb3a2c690a323bcd4fc800b76aa4857979ab75244bf97cff90e184378d3b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:db:81:d5:82:10:0c:ad:57:bc:7b:20:1a:1d:
                    b9:ab:53:e6:fd:b3:20:a4:af:73:74:38:58:49:08:
                    ef:95:1d:6a:cb:1d:83:33:8a:97:01:89:c6:82:8f:
                    55:3f:ee:bf:29:ff:3b:47:07:fb:3c:b3:d9:b1:cd:
                    0c:2d:40:31:76:ef:8d:b8:9a:fc:f9:ed:b7:90:e4:
                    2e:75:6c:5f:ea:ef:9d:27:6b:65:6a:6c:0c:8f:92:
                    5b:22:c4:e0:d5:8f:c9:02:55:a7:5c:70:c8:e9:04:
                    c6:f0:24:09:81:05:7c:85:26:c8:5f:41:fc:ec:1f:
                    39:dd:05:97:ff:eb:95:7c:e6:19:50:d8:e8:8a:ac:
                    d0:4a:4a:d8:1e:90:6d:80:75:bb:2e:ac:26:b0:3e:
                    43:85:57:2f:a7:70:a4:74:a3:23:83:3e:b6:0e:fe:
                    85:23:eb:ff:27:0b:6e:3c:35:c9:f6:15:20:a4:33:
                    d1:ba:0f:1d:81:b2:95:3f:68:48:54:aa:de:89:a1:
                    b7:14:92:66:23:85:0e:8f:33:f1:72:4e:40:93:83:
                    8b:9b:1d:75:81:5f:c7:5c:46:0f:b3:3c:6f:1b:89:
                    14:aa:7b:a6:42:23:5a:93:54:41:13:98:6e:a7:f3:
                    93:fd:59:fb:70:a3:e5:b6:f1:59:48:17:b0:fa:f5:
                    c6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:57:A8:27:99:22:71:DC:B5:18:5F:83:90:94:8D:C2:EB:C0:90:E6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/468170a2-b65f-43d8-bb4e-b73d6befb73f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:f7:34:d3:8a:26:c7:b9:82:ac:10:22:01:35:0e:04:0f:cd:
         ff:ee:5f:79:31:51:91:59:59:eb:44:20:f7:03:50:e5:fc:01:
         74:e1:ee:6b:5b:d0:3d:5e:32:91:81:68:df:6c:f4:47:07:da:
         8e:ed:e7:aa:9c:ec:43:2b:1a:a1:92:b2:39:10:b9:bf:7a:ca:
         cc:ef:a7:e5:7d:73:1d:f9:3e:3a:92:26:f1:49:eb:4a:ae:d5:
         21:11:40:19:6f:ec:a7:5e:8d:c4:db:62:75:4d:e8:77:45:69:
         c3:7b:96:06:d1:32:ef:21:fc:4c:9a:cc:ab:fc:73:03:60:9d:
         2b:44:8b:92:34:12:ec:fa:01:9f:a3:85:96:fb:5b:fb:41:04:
         31:d8:2c:8c:ec:04:0d:e6:d9:1b:cb:32:85:7f:80:5d:28:da:
         69:31:17:5f:08:67:a3:c6:00:5e:5f:6f:53:b8:9e:97:37:1c:
         35:77:50:90:83:bd:65:55:0c:07:80:d5:f1:53:d9:1f:24:8a:
         79:a5:7e:8f:fd:01:04:c1:bd:a0:87:73:73:8f:16:c8:22:34:
         c4:45:77:3f:4b:08:80:6a:b3:2f:f2:ee:96:67:8e:90:74:cf:
         ce:9e:d0:ef:4d:ef:b6:59:6b:6e:3a:b1:85:52:df:1d:7e:d4:
         36:b2:b7:aa
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUeJUaOUQKe920rJvF7wvGcuBYlngwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzA1MDAwMDAwWhcNMjIwNzA4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDc3OWViM2EyYzY5MGEzMjNiY2Q0ZmM4MDBiNzZhYTQ4
NTc5NzlhYjc1MjQ0YmY5N2NmZjkwZTE4NDM3OGQzYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL/bgdWCEAytV7x7IBoduatT5v2zIKSvc3Q4WEkI75UdassdgzOK
lwGJxoKPVT/uvyn/O0cH+zyz2bHNDC1AMXbvjbia/Pntt5DkLnVsX+rvnSdrZWps
DI+SWyLE4NWPyQJVp1xwyOkExvAkCYEFfIUmyF9B/OwfOd0Fl//rlXzmGVDY6Iqs
0EpK2B6QbYB1uy6sJrA+Q4VXL6dwpHSjI4M+tg7+hSPr/ycLbjw1yfYVIKQz0boP
HYGylT9oSFSq3omhtxSSZiOFDo8z8XJOQJODi5sddYFfx1xGD7M8bxuJFKp7pkIj
WpNUQROYbqfzk/1Z+3Cj5bbxWUgXsPr1xjcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQEV6gnmSJx3LUYX4OQlI3C68CQ5jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDY4MTcwYTItYjY1Zi00M2Q4LWJiNGUtYjczZDZiZWZiNzNmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADj3NNOKJse5gqwQ
IgE1DgQPzf/uX3kxUZFZWetEIPcDUOX8AXTh7mtb0D1eMpGBaN9s9EcH2o7t56qc
7EMrGqGSsjkQub96yszvp+V9cx35PjqSJvFJ60qu1SERQBlv7KdejcTbYnVN6HdF
acN7lgbRMu8h/EyazKv8cwNgnStEi5I0Euz6AZ+jhZb7W/tBBDHYLIzsBA3m2RvL
MoV/gF0o2mkxF18IZ6PGAF5fb1O4npc3HDV3UJCDvWVVDAeA1fFT2R8kinmlfo/9
AQTBvaCHc3OPFsgiNMRFdz9LCIBqsy/y7pZnjpB0z86e0O9N77ZZa246sYVS3x1+
1Dayt6o=
-----END CERTIFICATE-----