Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/49a52380-a9b6-4eb4-88a6-068ce2c59304.roa
File:                     49a52380-a9b6-4eb4-88a6-068ce2c59304.roa (raw, json)
Hash identifier:          cQyQtpB4v5qdjWsREvClCGHRxxXFYvTyX4wkRTXaUM8=
Subject key identifier:   07:64:B4:75:49:12:AC:FB:DF:F5:2C:5B:C2:5D:BD:14:7F:49:FB:D9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0F139C0BEF39598846514C295EA912A782D249D2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/49a52380-a9b6-4eb4-88a6-068ce2c59304.roa
Signing time:             Tue 21 Feb 2023 00:00:00 +0000
ROA not before:           Tue 21 Feb 2023 00:00:00 +0000
ROA not after:            Fri 24 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:13:9c:0b:ef:39:59:88:46:51:4c:29:5e:a9:12:a7:82:d2:49:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 21 00:00:00 2023 GMT
            Not After : Feb 24 23:59:59 2023 GMT
        Subject: serialNumber=77434d8b09d2d46115c53f4747bbdf8910c0b4e801482fdf6ff3dc30540bd424, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:74:9b:a0:fc:50:eb:c3:22:35:25:99:ae:ea:
                    a1:79:0d:11:d8:59:df:73:99:db:56:ea:07:1e:47:
                    a9:9b:fe:e2:db:86:ae:80:8d:20:52:d0:7b:be:1c:
                    0f:7c:da:57:96:91:87:c7:45:e0:3a:f7:a2:6f:4a:
                    80:26:e8:22:49:86:88:3d:96:03:cd:b8:be:46:11:
                    e6:62:06:92:90:6f:51:1e:59:16:0e:66:ff:f3:10:
                    9d:71:89:67:73:63:81:cd:82:ff:77:43:b6:09:5d:
                    7c:15:a1:c0:8f:69:e7:67:9c:8e:41:58:2c:47:13:
                    ca:72:89:95:de:fa:74:94:ca:d6:9c:83:fc:a6:f2:
                    da:03:fa:fd:fe:7b:b9:c6:94:91:99:a7:da:90:18:
                    67:6e:32:95:16:86:00:ff:9e:6d:93:1d:81:3c:93:
                    a5:f8:08:0e:bc:a9:8a:d2:85:cf:31:18:2c:13:20:
                    78:e7:ac:8b:20:ca:ab:b4:78:ed:7a:6c:af:7f:2d:
                    0e:36:eb:3f:cf:bf:ea:ac:f5:65:9e:73:87:61:bd:
                    d8:6c:83:53:85:00:75:57:2c:80:ed:f0:21:dd:7f:
                    3d:25:4c:4f:c0:7b:47:5e:48:55:6c:24:84:ae:d1:
                    f4:9e:0a:46:70:7e:4c:91:81:e7:06:fc:ae:63:39:
                    c7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:64:B4:75:49:12:AC:FB:DF:F5:2C:5B:C2:5D:BD:14:7F:49:FB:D9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/49a52380-a9b6-4eb4-88a6-068ce2c59304.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:be:02:c7:1c:9e:f7:86:cd:e2:29:6f:e3:57:78:f9:3e:8d:
         3d:54:5a:df:41:6b:bc:c1:9f:2f:bd:a1:44:e2:1f:9f:5e:b9:
         c8:80:1f:5a:51:dd:79:7a:d1:0e:a9:cc:d9:35:73:a6:b2:0a:
         f4:29:76:a4:70:91:60:b8:10:c4:6e:fc:7b:91:8f:d5:e5:04:
         7f:80:ad:77:db:db:47:ed:05:22:4f:1e:78:74:1c:a0:9e:ed:
         1b:20:a1:4e:33:05:10:7b:cb:7a:21:ac:7f:b2:7b:6b:5c:8c:
         a2:db:a9:f6:9a:66:db:01:56:d8:0d:6f:27:03:1e:f2:f7:b2:
         f6:21:2f:f3:e4:3d:2b:9c:84:45:da:b7:7a:8b:e2:e0:67:65:
         0a:48:98:cf:d5:8a:9d:6f:cb:72:66:9c:cd:88:f8:aa:7a:55:
         7b:8a:95:b8:6c:dc:1e:06:72:02:b2:3a:6f:fd:2b:50:8f:db:
         f8:b5:ea:59:2e:6f:18:21:c2:f4:ee:94:7a:1a:aa:d4:87:5f:
         63:5f:8b:2b:37:2a:55:cb:59:95:a3:63:92:f0:a7:44:6f:ae:
         be:45:6f:ac:d8:95:0e:70:8e:7d:fb:90:eb:7b:15:cd:fa:10:
         f3:b5:1b:7b:7a:2c:da:4b:06:38:d6:92:fa:62:a6:19:94:58:
         bd:1c:b1:e1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDxOcC+85WYhGUUwpXqkSp4LSSdIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIxMDAwMDAwWhcNMjMwMjI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzc0MzRkOGIwOWQyZDQ2MTE1YzUzZjQ3NDdiYmRmODkx
MGMwYjRlODAxNDgyZmRmNmZmM2RjMzA1NDBiZDQyNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKx0m6D8UOvDIjUlma7qoXkNEdhZ33OZ21bqBx5HqZv+4tuGroCN
IFLQe74cD3zaV5aRh8dF4Dr3om9KgCboIkmGiD2WA824vkYR5mIGkpBvUR5ZFg5m
//MQnXGJZ3Njgc2C/3dDtgldfBWhwI9p52ecjkFYLEcTynKJld76dJTK1pyD/Kby
2gP6/f57ucaUkZmn2pAYZ24ylRaGAP+ebZMdgTyTpfgIDrypitKFzzEYLBMgeOes
iyDKq7R47Xpsr38tDjbrP8+/6qz1ZZ5zh2G92GyDU4UAdVcsgO3wId1/PSVMT8B7
R15IVWwkhK7R9J4KRnB+TJGB5wb8rmM5xzcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQHZLR1SRKs+9/1LFvCXb0Uf0n72TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDlhNTIzODAtYTliNi00ZWI0LTg4YTYtMDY4Y2UyYzU5MzA0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEa+AsccnveGzeIp
b+NXePk+jT1UWt9Ba7zBny+9oUTiH59euciAH1pR3Xl60Q6pzNk1c6ayCvQpdqRw
kWC4EMRu/HuRj9XlBH+ArXfb20ftBSJPHnh0HKCe7RsgoU4zBRB7y3ohrH+ye2tc
jKLbqfaaZtsBVtgNbycDHvL3svYhL/PkPSuchEXat3qL4uBnZQpImM/Vip1vy3Jm
nM2I+Kp6VXuKlbhs3B4GcgKyOm/9K1CP2/i16lkubxghwvTulHoaqtSHX2Nfiys3
KlXLWZWjY5Lwp0Rvrr5Fb6zYlQ5wjn37kOt7Fc36EPO1G3t6LNpLBjjWkvpiphmU
WL0cseE=
-----END CERTIFICATE-----