Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/66548bc1-c61c-449c-93a6-55d728de1c64.roa
File:                     66548bc1-c61c-449c-93a6-55d728de1c64.roa (raw, json)
Hash identifier:          5QBSGqusVKWn5u8F2S4oZcLluRZVISDDMdXnXOi+ECI=
Subject key identifier:   69:C6:0D:D8:C2:33:18:FC:91:B6:63:76:32:D2:99:38:7B:21:5F:E4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       526876AD9DCA16E75C4611A37F6692A8C678C7B1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/66548bc1-c61c-449c-93a6-55d728de1c64.roa
Signing time:             Fri 23 Sep 2022 00:00:00 +0000
ROA not before:           Fri 23 Sep 2022 00:00:00 +0000
ROA not after:            Mon 26 Sep 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:68:76:ad:9d:ca:16:e7:5c:46:11:a3:7f:66:92:a8:c6:78:c7:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Sep 23 00:00:00 2022 GMT
            Not After : Sep 26 23:59:59 2022 GMT
        Subject: serialNumber=f9d352ca822e7cd173e293e1e9e149c35c5402709899917aa9142ac6b9a79ea8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:93:fd:48:98:60:cb:84:14:b4:8c:df:78:0d:
                    a0:6b:b5:b5:0f:75:b7:d4:b9:e3:7d:0b:8c:2d:2f:
                    e2:76:c7:37:93:73:c4:89:d0:5a:96:fc:48:13:67:
                    32:1a:a0:67:f5:a4:60:9d:4b:7f:74:db:5d:d6:75:
                    3f:fc:ac:74:58:e1:a7:f5:86:7c:b0:44:dd:02:dc:
                    11:ce:16:35:ee:f5:bf:f0:fe:40:a9:98:7f:eb:c6:
                    fc:97:f4:08:e3:72:9d:4a:7e:2e:20:83:c6:77:d7:
                    83:64:15:ab:66:73:92:19:96:ee:95:10:c3:87:ab:
                    86:d0:1a:52:9f:bb:6d:0c:9a:df:ff:9a:1a:64:66:
                    25:b0:2b:dd:50:63:bb:51:b0:e2:df:93:92:c6:78:
                    15:53:df:bb:ba:2c:73:37:2b:dc:a4:40:7b:29:13:
                    78:15:2f:a3:fb:1f:92:aa:4a:79:55:2f:45:af:04:
                    1d:df:a0:8d:4f:12:28:99:87:f8:bd:62:7f:ed:df:
                    13:10:03:34:84:02:2d:79:7f:d2:03:03:42:c9:b4:
                    69:ee:6c:4b:f7:2f:f4:ae:ca:75:9c:a0:7e:1b:6e:
                    37:9e:77:e3:1c:1d:65:42:06:e3:5c:88:d2:54:15:
                    b4:80:00:52:90:81:2d:ed:df:8c:dc:9a:cc:82:0b:
                    81:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C6:0D:D8:C2:33:18:FC:91:B6:63:76:32:D2:99:38:7B:21:5F:E4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/66548bc1-c61c-449c-93a6-55d728de1c64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:23:91:fd:60:39:20:01:4b:f0:ff:59:f2:8b:62:d1:ed:3c:
         70:bd:3d:c9:77:4d:92:04:5c:62:14:af:f9:f7:66:4d:aa:c5:
         08:04:51:c9:20:31:81:f2:b4:a4:c5:c9:2c:2d:b7:37:e9:89:
         2d:52:8c:bd:e5:02:dd:8a:7e:58:95:f1:c0:eb:5a:01:c4:f4:
         cc:74:0f:c1:96:e9:c2:4e:2d:31:d9:87:73:54:c3:d9:c1:d0:
         38:40:8b:6b:5f:69:ff:5c:65:57:3d:0e:52:53:02:a3:07:3e:
         f5:1d:8a:51:fe:50:4e:54:ca:a6:d3:f8:ee:1a:0f:6a:17:6f:
         b0:c2:71:ae:10:2b:4b:cf:9d:d5:79:5f:04:b3:c7:0d:5e:07:
         3c:f6:a2:4b:4c:51:fe:72:4b:10:49:01:d1:d7:fb:31:a3:8d:
         b8:9a:88:01:28:5a:65:24:3c:eb:01:c0:cb:6a:20:5f:2f:fd:
         e7:9a:cf:a4:8b:eb:52:c9:07:3b:e2:b7:68:8d:66:1f:c3:13:
         a8:7f:62:6c:af:07:7b:bb:64:6a:7b:59:e6:0f:c8:ac:c7:ab:
         28:07:ee:a5:db:3e:1f:e1:cf:86:ce:27:8e:15:e5:a2:0d:24:
         9f:18:f1:9b:e0:ac:8f:14:57:ce:3a:4c:a9:3f:9d:53:63:d1:
         b6:2b:4d:ef
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUmh2rZ3KFudcRhGjf2aSqMZ4x7EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwOTIzMDAwMDAwWhcNMjIwOTI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjlkMzUyY2E4MjJlN2NkMTczZTI5M2UxZTllMTQ5YzM1
YzU0MDI3MDk4OTk5MTdhYTkxNDJhYzZiOWE3OWVhODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALuT/UiYYMuEFLSM33gNoGu1tQ91t9S5430LjC0v4nbHN5NzxInQ
Wpb8SBNnMhqgZ/WkYJ1Lf3TbXdZ1P/ysdFjhp/WGfLBE3QLcEc4WNe71v/D+QKmY
f+vG/Jf0CONynUp+LiCDxnfXg2QVq2ZzkhmW7pUQw4erhtAaUp+7bQya3/+aGmRm
JbAr3VBju1Gw4t+TksZ4FVPfu7osczcr3KRAeykTeBUvo/sfkqpKeVUvRa8EHd+g
jU8SKJmH+L1if+3fExADNIQCLXl/0gMDQsm0ae5sS/cv9K7KdZygfhtuN5534xwd
ZUIG41yI0lQVtIAAUpCBLe3fjNyazIILgSkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRpxg3YwjMY/JG2Y3Yy0pk4eyFf5DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjY1NDhiYzEtYzYxYy00NDljLTkzYTYtNTVkNzI4ZGUxYzY0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACMjkf1gOSABS/D/
WfKLYtHtPHC9Pcl3TZIEXGIUr/n3Zk2qxQgEUckgMYHytKTFySwttzfpiS1SjL3l
At2KfliV8cDrWgHE9Mx0D8GW6cJOLTHZh3NUw9nB0DhAi2tfaf9cZVc9DlJTAqMH
PvUdilH+UE5UyqbT+O4aD2oXb7DCca4QK0vPndV5XwSzxw1eBzz2oktMUf5ySxBJ
AdHX+zGjjbiaiAEoWmUkPOsBwMtqIF8v/eeaz6SL61LJBzvit2iNZh/DE6h/Ymyv
B3u7ZGp7WeYPyKzHqygH7qXbPh/hz4bOJ44V5aINJJ8Y8ZvgrI8UV846TKk/nVNj
0bYrTe8=
-----END CERTIFICATE-----