Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61561ab9-bee8-4ad5-8fc8-240a366ba93d.roa
File:                     61561ab9-bee8-4ad5-8fc8-240a366ba93d.roa (raw, json)
Hash identifier:          kutInI3JwufSJrmNWEqQPdNmdMASx+7B2rdPpyptjBI=
Subject key identifier:   CE:72:94:E0:0B:FD:13:BA:C2:C9:72:15:73:1B:15:9C:10:9A:29:FF
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       19D211FA704C4573718FA8CDE9C933A4F12631ED
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61561ab9-bee8-4ad5-8fc8-240a366ba93d.roa
Signing time:             Sun 12 Feb 2023 00:00:00 +0000
ROA not before:           Sun 12 Feb 2023 00:00:00 +0000
ROA not after:            Wed 15 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:d2:11:fa:70:4c:45:73:71:8f:a8:cd:e9:c9:33:a4:f1:26:31:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 12 00:00:00 2023 GMT
            Not After : Feb 15 23:59:59 2023 GMT
        Subject: serialNumber=a3b2f7701f4369c0dad464f1b43cf81fea8a6e7e6d90fc68d93c389fce05f078, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1b:2f:48:81:cc:1a:8a:e3:09:d7:ed:91:31:
                    82:53:74:9d:59:93:40:82:16:72:15:5b:52:b4:ea:
                    4b:5b:85:75:2b:85:66:80:64:22:88:55:d3:62:88:
                    d2:5c:c7:64:f7:b9:f7:5a:7d:66:2b:6e:23:3d:0a:
                    ec:3f:4c:22:b9:d7:2a:9e:4d:eb:06:e0:91:bf:1c:
                    f9:cf:c5:e3:c4:5c:b4:c4:e9:66:1c:41:74:61:2e:
                    ef:a0:92:6b:f9:c6:9c:b3:58:17:a1:db:90:6f:b0:
                    f9:3d:63:32:13:93:09:30:48:64:d6:70:9f:e8:48:
                    d3:4b:b0:ec:d7:a4:4e:68:67:c7:54:94:05:b3:e9:
                    33:6e:d2:69:f9:8c:1d:56:ec:86:d3:ae:37:01:e5:
                    4b:bb:c9:43:76:fb:94:bf:5f:62:5d:3c:fa:01:d9:
                    45:31:c4:7d:d7:54:91:d1:a2:36:11:4e:55:3e:9c:
                    68:bc:95:39:10:21:6b:06:2d:7e:48:fa:80:46:7c:
                    99:7d:c6:3c:64:78:de:4b:df:69:13:6b:ff:fe:f7:
                    96:93:d7:69:ae:fd:4d:62:28:f8:4e:88:0c:ff:f9:
                    3f:79:dc:d4:0d:70:f7:c3:e4:6c:e2:f5:c5:d8:81:
                    7b:d7:86:9d:8d:43:d1:01:03:ce:98:5b:5a:ce:9d:
                    a8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:72:94:E0:0B:FD:13:BA:C2:C9:72:15:73:1B:15:9C:10:9A:29:FF
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61561ab9-bee8-4ad5-8fc8-240a366ba93d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:82:89:08:ae:f3:72:15:25:d3:e4:e7:11:c4:bb:58:8e:e5:
         cf:18:17:0c:c9:b5:45:5e:58:d2:28:ca:3e:3b:a3:cd:a8:6e:
         e9:3f:03:0d:f6:8d:f2:0a:fd:82:ca:8d:6c:25:64:43:6b:c6:
         0b:41:f7:e8:48:29:7d:c7:93:78:c8:f1:9f:aa:02:1a:0a:01:
         42:43:c7:31:1f:63:61:57:81:fa:35:ec:a9:9f:4c:74:17:bf:
         5b:a7:1e:53:a9:45:6e:bc:7c:24:3b:b1:ea:77:e9:d8:4d:db:
         8f:09:9e:c6:c2:90:e8:27:0f:ad:ae:26:01:aa:42:b3:34:2b:
         19:6c:d6:7a:2d:4a:9c:06:ab:d6:d7:7e:df:4d:28:4e:d8:62:
         ff:b7:4a:a3:5f:08:25:cd:47:67:3b:47:0f:df:32:2b:cc:70:
         4a:3e:79:56:9d:73:10:d1:5d:1b:71:2e:a7:e2:b6:c0:b8:a7:
         cc:25:1d:34:4e:90:c6:67:69:1c:6a:a2:01:07:4a:82:3b:fb:
         03:68:cb:7d:19:9c:3d:96:6d:70:98:e5:e6:e1:fb:52:0d:95:
         4e:4d:dd:d3:ed:62:9c:c9:4f:5c:98:7b:10:c2:40:cb:06:34:
         e0:ed:49:f3:25:4b:be:32:f3:7e:9e:35:7e:21:30:78:b0:e5:
         ca:ea:18:85
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGdIR+nBMRXNxj6jN6ckzpPEmMe0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEyMDAwMDAwWhcNMjMwMjE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTNiMmY3NzAxZjQzNjljMGRhZDQ2NGYxYjQzY2Y4MWZl
YThhNmU3ZTZkOTBmYzY4ZDkzYzM4OWZjZTA1ZjA3ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALQbL0iBzBqK4wnX7ZExglN0nVmTQIIWchVbUrTqS1uFdSuFZoBk
IohV02KI0lzHZPe591p9ZituIz0K7D9MIrnXKp5N6wbgkb8c+c/F48RctMTpZhxB
dGEu76CSa/nGnLNYF6HbkG+w+T1jMhOTCTBIZNZwn+hI00uw7NekTmhnx1SUBbPp
M27SafmMHVbshtOuNwHlS7vJQ3b7lL9fYl08+gHZRTHEfddUkdGiNhFOVT6caLyV
ORAhawYtfkj6gEZ8mX3GPGR43kvfaRNr//73lpPXaa79TWIo+E6IDP/5P3nc1A1w
98PkbOL1xdiBe9eGnY1D0QEDzphbWs6dqJsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTOcpTgC/0TusLJchVzGxWcEJop/zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjE1NjFhYjktYmVlOC00YWQ1LThmYzgtMjQwYTM2NmJhOTNkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAKCiQiu83IVJdPk
5xHEu1iO5c8YFwzJtUVeWNIoyj47o82obuk/Aw32jfIK/YLKjWwlZENrxgtB9+hI
KX3Hk3jI8Z+qAhoKAUJDxzEfY2FXgfo17KmfTHQXv1unHlOpRW68fCQ7sep36dhN
248JnsbCkOgnD62uJgGqQrM0Kxls1notSpwGq9bXft9NKE7YYv+3SqNfCCXNR2c7
Rw/fMivMcEo+eVadcxDRXRtxLqfitsC4p8wlHTROkMZnaRxqogEHSoI7+wNoy30Z
nD2WbXCY5ebh+1INlU5N3dPtYpzJT1yYexDCQMsGNODtSfMlS74y836eNX4hMHiw
5crqGIU=
-----END CERTIFICATE-----