Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/579d8933-3837-46f4-8c97-f7611c593b7f.roa
File:                     579d8933-3837-46f4-8c97-f7611c593b7f.roa (raw, json)
Hash identifier:          4bQp9KyDO9b2JuESk0BHWadBl2DlF2/tloiE5NNfaM4=
Subject key identifier:   33:12:9C:A2:62:2A:69:EC:1E:67:7A:92:69:8D:5F:68:7A:25:4A:5B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5771AEA5FFF3459073E70E2B06899E31B54F6357
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/579d8933-3837-46f4-8c97-f7611c593b7f.roa
Signing time:             Wed 17 Aug 2022 00:00:00 +0000
ROA not before:           Wed 17 Aug 2022 00:00:00 +0000
ROA not after:            Sat 20 Aug 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:71:ae:a5:ff:f3:45:90:73:e7:0e:2b:06:89:9e:31:b5:4f:63:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Aug 17 00:00:00 2022 GMT
            Not After : Aug 20 23:59:59 2022 GMT
        Subject: serialNumber=fc528ad181ef3636b0196ee3bbcb6767e193b328326fd3167d2440c91de5af80, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cc:91:4d:ec:4e:8a:6b:e7:f0:61:dd:06:76:
                    15:c5:1f:63:00:7a:fb:b0:12:94:1a:77:99:fe:e4:
                    5d:89:0b:44:b7:32:b6:31:5d:a9:96:53:98:ff:92:
                    82:8e:1f:1f:50:6d:fa:68:4a:12:ff:49:d5:7f:f3:
                    af:b6:cd:96:7e:1c:3b:a2:8e:8b:2d:d7:b6:6f:a3:
                    a2:ec:91:87:3b:db:94:b9:c3:1f:48:90:23:56:bd:
                    25:3d:56:45:2c:92:69:6a:95:d5:cb:88:5c:44:0f:
                    c5:72:42:32:91:c3:fe:40:3b:dd:ff:0c:24:8b:89:
                    f8:00:ba:92:4e:f8:b4:7c:cc:8c:e3:fb:2d:8d:4c:
                    34:e8:76:15:3c:fa:ea:fa:84:de:fd:fd:37:6b:8d:
                    a2:d4:86:8f:17:1a:87:a4:ac:6a:a5:a6:bc:3f:a8:
                    17:bc:d9:3e:ab:22:ec:14:51:6b:98:4b:d1:64:85:
                    ba:2e:13:fd:f1:d5:ff:04:bd:6e:07:84:17:e7:f1:
                    b2:3b:b8:28:2b:33:52:65:fb:5f:36:e1:6c:7d:7c:
                    ff:cc:32:88:84:68:0b:9f:43:62:93:96:50:aa:a2:
                    fd:99:18:9d:53:86:29:4f:9a:f1:9f:88:a1:26:eb:
                    8e:cc:32:b1:88:34:7e:28:84:20:a4:50:79:71:54:
                    c4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:12:9C:A2:62:2A:69:EC:1E:67:7A:92:69:8D:5F:68:7A:25:4A:5B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/579d8933-3837-46f4-8c97-f7611c593b7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:71:b7:94:9e:11:88:08:15:91:d2:d6:77:38:53:0a:65:08:
         ea:6f:28:1a:66:60:87:c1:33:a8:85:b0:84:41:f7:5f:fd:f9:
         71:df:6a:25:e5:7b:db:42:13:a1:11:98:3e:42:87:f6:6a:7d:
         0f:7e:94:58:f8:22:af:c7:6c:2f:40:af:7c:04:cd:e6:e2:db:
         5f:0c:1a:e9:d9:80:d7:cd:a5:91:64:87:06:35:8d:35:44:36:
         e9:ef:a1:78:27:06:f4:43:79:46:f6:54:36:39:1f:43:69:17:
         60:49:10:a4:bd:b4:e1:19:8e:1f:48:88:98:ca:6e:cc:73:f2:
         2e:fc:b3:ff:93:6d:31:7a:b9:38:7e:37:1f:ba:16:50:4c:51:
         95:7e:89:2b:a0:51:2f:9f:ea:46:6c:44:0d:fe:1e:6a:92:27:
         bc:1f:26:7c:bc:dc:bd:41:6d:54:2e:fc:bc:37:67:2a:4e:50:
         e7:d0:82:74:2b:ea:f7:66:8c:b4:7f:1c:fe:ca:a0:da:b6:ca:
         82:f2:5c:93:7f:db:51:7c:27:1b:f7:bd:e3:5e:9c:6d:a0:23:
         29:08:a2:4c:ad:d2:84:7b:a8:66:35:04:5a:08:4b:1e:47:91:
         62:12:a3:79:de:66:0c:b7:63:85:a8:dc:e3:ce:48:c2:b2:89:
         f1:8e:49:b6
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUV3Gupf/zRZBz5w4rBomeMbVPY1cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwODE3MDAwMDAwWhcNMjIwODIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmM1MjhhZDE4MWVmMzYzNmIwMTk2ZWUzYmJjYjY3Njdl
MTkzYjMyODMyNmZkMzE2N2QyNDQwYzkxZGU1YWY4MDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALPMkU3sTopr5/Bh3QZ2FcUfYwB6+7ASlBp3mf7kXYkLRLcytjFd
qZZTmP+Sgo4fH1Bt+mhKEv9J1X/zr7bNln4cO6KOiy3Xtm+jouyRhzvblLnDH0iQ
I1a9JT1WRSySaWqV1cuIXEQPxXJCMpHD/kA73f8MJIuJ+AC6kk74tHzMjOP7LY1M
NOh2FTz66vqE3v39N2uNotSGjxcah6SsaqWmvD+oF7zZPqsi7BRRa5hL0WSFui4T
/fHV/wS9bgeEF+fxsju4KCszUmX7XzbhbH18/8wyiIRoC59DYpOWUKqi/ZkYnVOG
KU+a8Z+IoSbrjswysYg0fiiEIKRQeXFUxBkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQzEpyiYipp7B5nepJpjV9oeiVKWzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTc5ZDg5MzMtMzgzNy00NmY0LThjOTctZjc2MTFjNTkzYjdmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJFxt5SeEYgIFZHS
1nc4UwplCOpvKBpmYIfBM6iFsIRB91/9+XHfaiXle9tCE6ERmD5Ch/ZqfQ9+lFj4
Iq/HbC9Ar3wEzebi218MGunZgNfNpZFkhwY1jTVENunvoXgnBvRDeUb2VDY5H0Np
F2BJEKS9tOEZjh9IiJjKbsxz8i78s/+TbTF6uTh+Nx+6FlBMUZV+iSugUS+f6kZs
RA3+HmqSJ7wfJny83L1BbVQu/Lw3ZypOUOfQgnQr6vdmjLR/HP7KoNq2yoLyXJN/
21F8Jxv3veNenG2gIykIokyt0oR7qGY1BFoISx5HkWISo3neZgy3Y4Wo3OPOSMKy
ifGOSbY=
-----END CERTIFICATE-----