Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5dac2dbe-bbb9-4baf-abb1-80a22c53fb9f.roa
File:                     5dac2dbe-bbb9-4baf-abb1-80a22c53fb9f.roa (raw, json)
Hash identifier:          sHUGfD41YtUSYtHr7ljUuxwQv+3rQzkNPy4R3v3sLmI=
Subject key identifier:   0B:4E:DF:9F:C6:9D:55:A6:AC:C9:BF:9E:3D:E1:D5:06:72:94:C2:C9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       138119024D41A62E54C30253D99629A3D1CC85B5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5dac2dbe-bbb9-4baf-abb1-80a22c53fb9f.roa
Signing time:             Tue 26 Jul 2022 00:00:00 +0000
ROA not before:           Tue 26 Jul 2022 00:00:00 +0000
ROA not after:            Fri 29 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:81:19:02:4d:41:a6:2e:54:c3:02:53:d9:96:29:a3:d1:cc:85:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 26 00:00:00 2022 GMT
            Not After : Jul 29 23:59:59 2022 GMT
        Subject: serialNumber=d31d01b8f701870dab73948002f0d89387a0e80239855ea91003625d2fcd620f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f9:38:63:25:0e:21:a0:20:df:ce:ef:c2:31:
                    13:39:bf:29:e2:2e:cc:34:a0:83:a8:1e:bb:4a:f5:
                    76:9b:d6:84:04:d5:7c:e3:de:aa:90:14:36:45:4d:
                    3d:8f:59:b4:f8:88:49:a7:c9:7b:f9:3a:59:74:3e:
                    75:b8:72:c2:95:48:ce:a7:dc:f9:a8:a6:ae:18:72:
                    8c:61:e4:1b:bf:23:b2:51:9b:59:eb:82:6b:90:db:
                    31:d4:61:91:c7:0a:cb:75:77:99:d0:6c:4b:af:c1:
                    1c:1c:02:32:2f:b5:be:28:4d:73:54:ed:1e:7b:25:
                    ee:9b:c2:8b:9b:62:02:d5:25:49:36:8d:18:35:d2:
                    86:80:7b:ce:21:8e:93:6d:ea:dd:52:2f:0a:c7:5e:
                    8c:3e:22:a1:6c:19:25:6f:79:25:bd:42:40:a2:88:
                    2a:b7:b6:6a:b8:f2:5a:d4:64:d0:28:cf:00:2f:52:
                    e8:8d:32:02:f9:f4:5b:74:f3:a5:c9:35:f3:4d:b9:
                    2e:7e:e3:e1:e4:fa:4b:1a:d5:8d:8b:40:ef:a5:01:
                    d4:74:45:da:68:f6:4d:37:f3:46:c0:d8:82:0a:48:
                    05:5f:7c:29:2b:6d:43:21:3f:56:35:78:04:bb:d4:
                    b9:37:e5:42:a0:eb:18:f0:6d:b1:3c:27:54:3b:0a:
                    cf:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:4E:DF:9F:C6:9D:55:A6:AC:C9:BF:9E:3D:E1:D5:06:72:94:C2:C9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5dac2dbe-bbb9-4baf-abb1-80a22c53fb9f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:0b:6c:df:dc:92:0c:3b:d2:4f:45:53:e3:24:9d:78:2c:5b:
         19:93:3b:ed:3e:b3:f7:aa:52:93:00:1a:63:38:b4:a6:73:c0:
         7c:6c:7e:8c:86:4b:78:78:01:83:4c:8b:d8:9f:b2:33:03:0f:
         42:1b:d8:e3:8d:09:be:51:fd:a8:0b:be:f3:b6:0b:28:71:29:
         29:09:88:23:55:90:30:5d:4d:d7:51:70:0f:a3:b4:25:e2:e9:
         27:f3:37:9e:a5:69:94:4c:b8:b4:78:a4:3a:36:72:13:25:73:
         be:9e:e8:c6:45:a7:9e:6e:c6:c6:fa:6e:4e:17:b8:e3:0c:ff:
         77:ae:59:8e:6b:76:25:79:9c:9a:69:d0:9c:15:93:1b:f4:b7:
         ad:c1:d1:3d:c1:3e:83:6c:e7:81:15:0e:17:31:3c:82:29:af:
         12:6c:22:9b:ce:f2:db:91:85:25:7e:a3:32:8d:5c:59:9d:bc:
         70:e9:82:fc:04:60:35:ef:59:5e:ec:22:50:ab:62:a1:47:7b:
         4a:36:a0:00:b6:da:f6:a2:8a:96:f2:84:f7:cb:46:77:56:85:
         e9:cc:31:f4:d3:a6:5a:af:16:82:c9:e5:9a:89:b7:0e:55:27:
         c0:d4:22:1e:8a:10:e3:27:1d:fe:8c:15:4b:3c:74:69:8d:68:
         76:c5:2b:8d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUE4EZAk1Bpi5UwwJT2ZYpo9HMhbUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzI2MDAwMDAwWhcNMjIwNzI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDMxZDAxYjhmNzAxODcwZGFiNzM5NDgwMDJmMGQ4OTM4
N2EwZTgwMjM5ODU1ZWE5MTAwMzYyNWQyZmNkNjIwZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK35OGMlDiGgIN/O78IxEzm/KeIuzDSgg6geu0r1dpvWhATVfOPe
qpAUNkVNPY9ZtPiISafJe/k6WXQ+dbhywpVIzqfc+aimrhhyjGHkG78jslGbWeuC
a5DbMdRhkccKy3V3mdBsS6/BHBwCMi+1vihNc1TtHnsl7pvCi5tiAtUlSTaNGDXS
hoB7ziGOk23q3VIvCsdejD4ioWwZJW95Jb1CQKKIKre2arjyWtRk0CjPAC9S6I0y
Avn0W3Tzpck18025Ln7j4eT6SxrVjYtA76UB1HRF2mj2TTfzRsDYggpIBV98KStt
QyE/VjV4BLvUuTflQqDrGPBtsTwnVDsKzwsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQLTt+fxp1VpqzJv5494dUGcpTCyTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNWRhYzJkYmUtYmJiOS00YmFmLWFiYjEtODBhMjJjNTNmYjlmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFoLbN/ckgw70k9F
U+MknXgsWxmTO+0+s/eqUpMAGmM4tKZzwHxsfoyGS3h4AYNMi9ifsjMDD0Ib2OON
Cb5R/agLvvO2CyhxKSkJiCNVkDBdTddRcA+jtCXi6SfzN56laZRMuLR4pDo2chMl
c76e6MZFp55uxsb6bk4XuOMM/3euWY5rdiV5nJpp0JwVkxv0t63B0T3BPoNs54EV
DhcxPIIprxJsIpvO8tuRhSV+ozKNXFmdvHDpgvwEYDXvWV7sIlCrYqFHe0o2oAC2
2vaiipbyhPfLRndWhenMMfTTplqvFoLJ5ZqJtw5VJ8DUIh6KEOMnHf6MFUs8dGmN
aHbFK40=
-----END CERTIFICATE-----