Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6443eafa-85cd-40d0-96e1-94ddfc38d60f.roa
File:                     6443eafa-85cd-40d0-96e1-94ddfc38d60f.roa (raw, json)
Hash identifier:          LecBebDZREX7GB7m0bFyOXZU88e5SoIQtxMb4Na5jIk=
Subject key identifier:   75:9B:4D:5C:43:F1:A9:47:AB:CC:4C:FA:81:EF:75:7D:A4:3B:FD:7E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3632EA6EEAB66833C5D49F938A2F3D94A1C6F6AA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6443eafa-85cd-40d0-96e1-94ddfc38d60f.roa
Signing time:             Wed 12 Apr 2023 00:00:00 +0000
ROA not before:           Wed 12 Apr 2023 00:00:00 +0000
ROA not after:            Sat 15 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:32:ea:6e:ea:b6:68:33:c5:d4:9f:93:8a:2f:3d:94:a1:c6:f6:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 12 00:00:00 2023 GMT
            Not After : Apr 15 23:59:59 2023 GMT
        Subject: serialNumber=558879823437af83eab1f556c10f9fb596e0a1151fe38311354b5d449e5f4949, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:dc:6a:1e:c2:b7:86:dc:d4:c6:85:eb:de:69:
                    14:49:db:fc:4b:93:0a:ee:46:be:0e:af:e6:9b:64:
                    96:0f:d2:39:9c:78:c2:a9:c0:30:41:55:ad:40:3e:
                    1a:28:eb:e1:ca:35:39:37:22:2a:c3:02:cc:d5:ed:
                    97:8e:0d:a3:cb:ac:34:64:07:6f:e7:78:3e:d9:d6:
                    c2:3c:d2:57:a2:d3:77:5f:55:7b:89:c8:25:66:d2:
                    91:61:bd:de:bf:c0:3b:4d:67:80:82:85:d0:12:9a:
                    89:aa:f2:81:6d:b0:bc:4d:4c:5a:d9:0a:4f:c3:ab:
                    56:10:06:c0:08:fb:72:77:ab:d9:be:b3:21:af:ab:
                    4a:0e:c3:f1:f4:f9:58:bb:1c:83:5f:02:2e:42:bf:
                    1f:32:9c:ee:a2:11:c2:4c:5f:05:a4:56:4d:71:31:
                    da:2c:b4:0c:87:34:c3:76:84:f3:45:b2:11:12:39:
                    e0:9c:b6:d6:ca:58:0d:8c:c3:2b:4c:34:88:c1:64:
                    0f:c3:a3:9b:80:5c:43:e6:f4:05:a7:80:dc:75:40:
                    17:80:16:72:be:d4:2a:44:b4:e0:47:22:71:b0:5d:
                    c5:db:94:c0:eb:31:9d:24:a3:99:b7:32:aa:e6:28:
                    52:14:02:e4:57:a1:54:10:f2:f8:82:e7:bc:e7:78:
                    6c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:9B:4D:5C:43:F1:A9:47:AB:CC:4C:FA:81:EF:75:7D:A4:3B:FD:7E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6443eafa-85cd-40d0-96e1-94ddfc38d60f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:76:4e:6e:15:2b:22:ac:c6:85:c2:92:a8:cb:a1:c0:48:8f:
         76:42:84:7e:29:91:73:08:02:db:2c:ea:b4:7c:62:cb:cc:d5:
         46:8a:89:ca:fa:b8:68:7b:3e:14:1e:6a:8c:27:06:be:ea:70:
         b9:54:3d:09:32:55:c2:06:ec:ce:ef:e5:1d:04:2f:89:94:da:
         0b:7b:39:43:d3:bc:9c:59:fd:a3:17:37:6b:5b:cf:56:ef:86:
         0b:9f:9d:3a:11:71:6d:7f:14:6e:15:22:1e:2b:c4:ff:96:27:
         43:a4:45:7a:a3:37:4e:03:81:fa:12:21:75:0c:ad:1c:49:64:
         f5:2b:d5:48:64:b8:38:48:43:b4:e3:2b:24:da:c4:47:80:ac:
         3f:8b:9b:1a:0a:9f:ee:60:5e:fa:61:a7:b9:2f:ae:6c:26:0e:
         a9:8b:82:f7:c5:d7:5d:c2:86:0d:01:f7:97:47:82:18:fd:d6:
         ae:d0:6b:58:10:30:87:86:f6:04:04:4b:c4:82:5b:52:ec:86:
         a4:22:39:d5:d9:3c:7d:8c:06:11:95:c8:b8:b0:b2:44:89:69:
         54:51:f9:5a:a4:6c:ef:22:60:06:0f:64:e2:ff:56:39:dc:bd:
         aa:bf:c0:35:52:23:62:7a:c0:d2:60:70:c7:89:a4:c5:55:f3:
         6d:ea:fc:5b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNjLqbuq2aDPF1J+Tii89lKHG9qowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEyMDAwMDAwWhcNMjMwNDE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTU4ODc5ODIzNDM3YWY4M2VhYjFmNTU2YzEwZjlmYjU5
NmUwYTExNTFmZTM4MzExMzU0YjVkNDQ5ZTVmNDk0OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL7cah7Ct4bc1MaF695pFEnb/EuTCu5Gvg6v5ptklg/SOZx4wqnA
MEFVrUA+Gijr4co1OTciKsMCzNXtl44No8usNGQHb+d4PtnWwjzSV6LTd19Ve4nI
JWbSkWG93r/AO01ngIKF0BKaiarygW2wvE1MWtkKT8OrVhAGwAj7cner2b6zIa+r
Sg7D8fT5WLscg18CLkK/HzKc7qIRwkxfBaRWTXEx2iy0DIc0w3aE80WyERI54Jy2
1spYDYzDK0w0iMFkD8Ojm4BcQ+b0BaeA3HVAF4AWcr7UKkS04EcicbBdxduUwOsx
nSSjmbcyquYoUhQC5FehVBDy+ILnvOd4bH0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR1m01cQ/GpR6vMTPqB73V9pDv9fjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjQ0M2VhZmEtODVjZC00MGQwLTk2ZTEtOTRkZGZjMzhkNjBmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHt2Tm4VKyKsxoXC
kqjLocBIj3ZChH4pkXMIAtss6rR8YsvM1UaKicr6uGh7PhQeaownBr7qcLlUPQky
VcIG7M7v5R0EL4mU2gt7OUPTvJxZ/aMXN2tbz1bvhgufnToRcW1/FG4VIh4rxP+W
J0OkRXqjN04DgfoSIXUMrRxJZPUr1UhkuDhIQ7TjKyTaxEeArD+LmxoKn+5gXvph
p7kvrmwmDqmLgvfF113Chg0B95dHghj91q7Qa1gQMIeG9gQES8SCW1LshqQiOdXZ
PH2MBhGVyLiwskSJaVRR+VqkbO8iYAYPZOL/Vjncvaq/wDVSI2J6wNJgcMeJpMVV
823q/Fs=
-----END CERTIFICATE-----