Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4d3836a9-ba47-4699-a2b8-5531003fae63.roa
File:                     4d3836a9-ba47-4699-a2b8-5531003fae63.roa (raw, json)
Hash identifier:          x+6PilVk8K7IUcfc4y5IZCExPJy8GbHwDIovdOMdH3g=
Subject key identifier:   6E:94:77:93:3B:E9:6B:6C:E3:8F:10:E5:8A:41:E3:8A:48:BD:C0:32
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7696C0443C49059F5371E2F18D14AACEFD6C7D8A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4d3836a9-ba47-4699-a2b8-5531003fae63.roa
Signing time:             Mon 10 Apr 2023 00:00:00 +0000
ROA not before:           Mon 10 Apr 2023 00:00:00 +0000
ROA not after:            Thu 13 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:96:c0:44:3c:49:05:9f:53:71:e2:f1:8d:14:aa:ce:fd:6c:7d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 10 00:00:00 2023 GMT
            Not After : Apr 13 23:59:59 2023 GMT
        Subject: serialNumber=14083e9952bd01379cd7d1d30884e890d0980ec88c6eaca4dd10fdb90c8fede5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bd:8b:e6:b0:ce:fc:0b:3e:b4:24:c1:af:da:
                    dd:8b:c9:ea:51:fd:84:03:93:2e:2f:9e:f4:5d:56:
                    26:01:85:79:22:3d:1f:be:03:f9:46:7c:0e:c3:de:
                    b0:2d:e4:99:59:99:66:59:14:1f:07:dd:c7:55:17:
                    f9:63:6e:96:41:5f:7a:b0:23:d8:3f:45:17:cd:36:
                    d4:a2:80:15:ab:62:08:4d:5b:e0:f0:b8:62:bf:2c:
                    6e:a8:26:5d:1d:01:ed:07:0c:12:5a:4a:58:06:66:
                    92:17:b1:1d:c1:c3:3e:6e:f4:2e:d2:38:8b:50:74:
                    f3:92:e4:12:be:44:4a:ef:31:b0:fe:e0:7f:3b:15:
                    9a:5f:50:f8:da:2d:cb:b4:a3:51:db:60:4a:73:b3:
                    1d:f5:f2:e7:d3:eb:dc:79:6a:0e:39:d8:b8:de:fa:
                    8e:d2:5d:05:82:ee:33:8f:07:90:6a:0e:d8:5c:5c:
                    2c:0b:39:8d:9a:ef:47:b7:6b:bd:60:14:2f:d5:e7:
                    8d:c3:34:8c:a3:82:b8:b7:12:78:56:db:14:f2:fe:
                    cf:86:03:d7:32:22:92:75:0c:66:e2:ee:06:3b:ec:
                    bd:27:79:cb:4d:72:6e:0b:8b:6b:45:dc:93:2b:70:
                    a2:82:89:f9:42:d4:d8:f2:8a:1a:f1:8e:2a:91:c6:
                    11:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:94:77:93:3B:E9:6B:6C:E3:8F:10:E5:8A:41:E3:8A:48:BD:C0:32
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4d3836a9-ba47-4699-a2b8-5531003fae63.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:66:73:0b:de:f8:9d:d9:91:ea:5c:52:49:42:42:46:21:7d:
         1a:31:b1:5c:d0:82:1d:1d:b7:33:a2:47:b3:c8:9f:c8:8b:18:
         64:32:ce:6c:de:14:8d:b7:af:34:96:40:63:70:98:38:1b:74:
         ba:3e:2e:b4:4d:79:f5:08:18:bb:23:80:c8:72:df:8e:51:62:
         5b:a5:3a:1b:07:fe:f0:81:19:cd:94:25:fa:22:41:82:f0:81:
         86:38:b9:53:bf:fd:6d:61:bd:36:27:df:8c:4a:34:42:5c:4b:
         2f:ee:97:93:fd:37:64:66:0a:7f:a1:8f:c1:d6:a0:0d:39:1c:
         5e:06:59:87:57:ca:cd:d3:e4:eb:34:62:e3:87:c9:16:c0:0d:
         2c:8b:81:a1:67:82:c5:6b:d0:bc:67:02:2e:cf:3d:ae:76:57:
         05:10:06:35:f1:4d:99:8b:47:d6:42:de:d3:29:5c:28:5f:d8:
         92:71:54:b4:c1:ba:58:09:3f:cb:ad:10:5c:ea:32:96:e6:4f:
         b4:a8:58:51:e3:33:2a:71:01:ac:bc:41:ae:65:82:99:ed:68:
         ab:65:55:f5:71:ce:de:f8:07:18:5c:ee:9a:7f:1c:55:d7:26:
         22:1a:5e:95:53:ee:95:26:f6:c3:be:75:c7:92:94:04:6a:ee:
         a3:bc:af:da
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdpbARDxJBZ9TceLxjRSqzv1sfYowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEwMDAwMDAwWhcNMjMwNDEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTQwODNlOTk1MmJkMDEzNzljZDdkMWQzMDg4NGU4OTBk
MDk4MGVjODhjNmVhY2E0ZGQxMGZkYjkwYzhmZWRlNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL29i+awzvwLPrQkwa/a3YvJ6lH9hAOTLi+e9F1WJgGFeSI9H74D
+UZ8DsPesC3kmVmZZlkUHwfdx1UX+WNulkFferAj2D9FF8021KKAFatiCE1b4PC4
Yr8sbqgmXR0B7QcMElpKWAZmkhexHcHDPm70LtI4i1B085LkEr5ESu8xsP7gfzsV
ml9Q+Noty7SjUdtgSnOzHfXy59Pr3HlqDjnYuN76jtJdBYLuM48HkGoO2FxcLAs5
jZrvR7drvWAUL9XnjcM0jKOCuLcSeFbbFPL+z4YD1zIiknUMZuLuBjvsvSd5y01y
bguLa0XckytwooKJ+ULU2PKKGvGOKpHGEekCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRulHeTO+lrbOOPEOWKQeOKSL3AMjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNGQzODM2YTktYmE0Ny00Njk5LWEyYjgtNTUzMTAwM2ZhZTYzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI5mcwve+J3Zkepc
UklCQkYhfRoxsVzQgh0dtzOiR7PIn8iLGGQyzmzeFI23rzSWQGNwmDgbdLo+LrRN
efUIGLsjgMhy345RYlulOhsH/vCBGc2UJfoiQYLwgYY4uVO//W1hvTYn34xKNEJc
Sy/ul5P9N2RmCn+hj8HWoA05HF4GWYdXys3T5Os0YuOHyRbADSyLgaFngsVr0Lxn
Ai7PPa52VwUQBjXxTZmLR9ZC3tMpXChf2JJxVLTBulgJP8utEFzqMpbmT7SoWFHj
MypxAay8Qa5lgpntaKtlVfVxzt74Bxhc7pp/HFXXJiIaXpVT7pUm9sO+dceSlARq
7qO8r9o=
-----END CERTIFICATE-----