Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61b57730-8ad4-4543-a140-cdc5cd531767.roa
File:                     61b57730-8ad4-4543-a140-cdc5cd531767.roa (raw, json)
Hash identifier:          N+BhwSUlRVC4IkBq7phKR2PrwceXIp5mwFI8NXMovEY=
Subject key identifier:   70:EE:78:8B:EC:D0:B6:5F:B8:1A:A4:B3:6F:1F:88:42:F3:ED:F9:51
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3E45F3F24B8724E1782D8352D238DAEA35F66E8A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61b57730-8ad4-4543-a140-cdc5cd531767.roa
Signing time:             Thu 11 May 2023 00:00:00 +0000
ROA not before:           Thu 11 May 2023 00:00:00 +0000
ROA not after:            Sun 14 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:45:f3:f2:4b:87:24:e1:78:2d:83:52:d2:38:da:ea:35:f6:6e:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 11 00:00:00 2023 GMT
            Not After : May 14 23:59:59 2023 GMT
        Subject: serialNumber=95603e0990116e966d5c2035f6c4f206e4fe1b6501fe65d20d9a124691050a3b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:8d:e3:ae:43:e3:42:35:05:e6:f6:fc:62:6c:
                    55:ac:df:f4:c3:ba:4b:ec:1a:ae:d4:2d:44:60:bd:
                    f5:a6:4b:7e:7a:3a:21:c5:c0:07:db:11:de:f7:c4:
                    20:c2:cb:ec:8d:5b:07:ea:08:64:07:24:13:d4:c6:
                    68:33:29:2e:80:de:92:f8:d6:2f:96:5c:ca:0c:6e:
                    09:30:b1:a1:78:0c:ca:6b:0c:e6:1d:d2:8e:03:47:
                    cd:20:64:d5:d9:ed:f0:0f:1a:1a:21:98:a6:1e:f3:
                    97:81:62:d8:f0:3d:49:aa:30:e2:46:c6:25:9a:c2:
                    40:75:a8:af:f6:64:69:64:d6:1a:7b:da:fd:a8:e3:
                    c0:e4:a2:92:b5:a8:44:37:8e:8d:7f:d2:39:4e:41:
                    43:fb:ae:81:aa:6c:aa:c6:54:8b:9c:68:3c:d9:8c:
                    c8:ce:8f:e5:6b:1d:66:b3:8e:33:25:f8:34:a0:bc:
                    30:80:a0:0a:07:e7:ac:41:87:e9:34:fa:79:15:21:
                    4c:ed:ad:82:35:d2:cc:56:e2:64:75:fb:c1:75:ed:
                    c3:71:30:b0:93:37:0b:17:d1:bc:ca:5a:c0:88:ae:
                    a9:80:1d:ee:ac:5d:54:aa:5e:ca:29:4b:bb:f2:2f:
                    39:a0:b3:07:93:38:90:e0:c2:95:5b:a1:28:ad:f2:
                    de:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:EE:78:8B:EC:D0:B6:5F:B8:1A:A4:B3:6F:1F:88:42:F3:ED:F9:51
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61b57730-8ad4-4543-a140-cdc5cd531767.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:9e:7f:bf:44:c2:c8:e9:ce:a2:6b:7c:16:3c:a4:b4:df:ce:
         35:ae:ce:8e:db:75:ba:36:c4:ab:c9:0d:ea:95:b6:3a:ef:89:
         72:06:cf:1f:e6:ec:55:ef:c9:d1:8e:5b:97:2f:3f:f4:29:88:
         2d:20:4e:47:67:a3:36:68:19:b6:51:b2:6c:fd:a8:fb:a6:36:
         1c:4b:c9:7e:5d:6e:67:d7:cb:5e:cf:c8:90:ab:b4:c6:40:81:
         10:4e:fa:06:dd:f7:d5:60:31:1f:2d:5f:9a:30:29:71:ac:16:
         de:6e:38:d5:bd:e2:47:02:f3:e8:14:59:76:75:e1:1b:d1:1a:
         96:ea:51:1b:8b:a5:29:69:4b:4d:a5:2c:73:f0:55:35:98:1b:
         15:0f:7f:25:b9:e9:6d:85:1c:1a:04:6d:53:5f:f4:d4:52:05:
         97:03:eb:50:2b:9e:f1:35:2e:b6:e2:14:7a:bd:44:52:7b:40:
         df:b2:28:1a:f0:e4:71:dc:9d:39:cf:9f:a9:e3:40:21:68:e8:
         66:f4:6b:02:8e:a2:4a:57:51:e3:39:dd:fa:b6:6a:d5:2e:dd:
         26:24:e5:6e:ec:c5:15:e6:a8:06:82:90:a6:43:e4:58:06:7a:
         f0:cc:71:3f:c7:96:15:e9:7a:2c:94:1e:a8:40:8c:43:7b:45:
         5d:9c:6b:90
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPkXz8kuHJOF4LYNS0jja6jX2boowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTExMDAwMDAwWhcNMjMwNTE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTU2MDNlMDk5MDExNmU5NjZkNWMyMDM1ZjZjNGYyMDZl
NGZlMWI2NTAxZmU2NWQyMGQ5YTEyNDY5MTA1MGEzYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANmN465D40I1Beb2/GJsVazf9MO6S+wartQtRGC99aZLfno6IcXA
B9sR3vfEIMLL7I1bB+oIZAckE9TGaDMpLoDekvjWL5ZcygxuCTCxoXgMymsM5h3S
jgNHzSBk1dnt8A8aGiGYph7zl4Fi2PA9Saow4kbGJZrCQHWor/ZkaWTWGnva/ajj
wOSikrWoRDeOjX/SOU5BQ/uugapsqsZUi5xoPNmMyM6P5WsdZrOOMyX4NKC8MICg
CgfnrEGH6TT6eRUhTO2tgjXSzFbiZHX7wXXtw3EwsJM3CxfRvMpawIiuqYAd7qxd
VKpeyilLu/IvOaCzB5M4kODClVuhKK3y3tkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRw7niL7NC2X7gapLNvH4hC8+35UTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjFiNTc3MzAtOGFkNC00NTQzLWExNDAtY2RjNWNkNTMxNzY3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADSef79EwsjpzqJr
fBY8pLTfzjWuzo7bdbo2xKvJDeqVtjrviXIGzx/m7FXvydGOW5cvP/QpiC0gTkdn
ozZoGbZRsmz9qPumNhxLyX5dbmfXy17PyJCrtMZAgRBO+gbd99VgMR8tX5owKXGs
Ft5uONW94kcC8+gUWXZ14RvRGpbqURuLpSlpS02lLHPwVTWYGxUPfyW56W2FHBoE
bVNf9NRSBZcD61ArnvE1LrbiFHq9RFJ7QN+yKBrw5HHcnTnPn6njQCFo6Gb0awKO
okpXUeM53fq2atUu3SYk5W7sxRXmqAaCkKZD5FgGevDMcT/HlhXpeiyUHqhAjEN7
RV2ca5A=
-----END CERTIFICATE-----