Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/66784b76-a8d8-4a3a-bf94-c2a71fb96713.roa
File:                     66784b76-a8d8-4a3a-bf94-c2a71fb96713.roa (raw, json)
Hash identifier:          bexIAURHltgkTENqO1+7a1/ryhkAQb2tLn4XkftC6/w=
Subject key identifier:   6B:EF:B5:49:64:06:69:E0:DB:00:A2:E2:72:5D:F9:4D:F1:1D:44:98
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0FA47820150EFBFA856CDBE33A3536CAFBEA7151
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/66784b76-a8d8-4a3a-bf94-c2a71fb96713.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:a4:78:20:15:0e:fb:fa:85:6c:db:e3:3a:35:36:ca:fb:ea:71:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=115b9654355ef43c74d31cfccf26e8b48a17d7b214280f2f2b12b5d75f046ed4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:32:12:3f:36:f2:6d:0f:d2:3a:0d:cb:04:8b:
                    b0:9e:c1:ec:b3:2c:6e:13:51:e3:8e:07:51:f9:4f:
                    ba:c4:a1:55:51:97:85:b5:1a:79:d6:9b:a0:b7:5d:
                    0c:3b:e5:22:e7:1a:c0:0c:b8:05:ec:54:ea:0b:00:
                    e1:25:1f:57:e7:91:8c:d2:b9:69:77:8a:64:c3:47:
                    db:91:5f:74:d9:b0:9c:98:97:96:44:a2:f9:8b:48:
                    fa:dc:4a:0c:68:b5:f1:b4:1d:7b:7a:c4:12:ef:8f:
                    c2:d5:15:c9:ec:91:7b:d2:60:f5:17:07:cc:f5:54:
                    18:c1:15:16:e9:b6:f1:60:6d:ff:5c:6b:ea:85:5e:
                    50:7f:59:52:26:b2:ec:48:08:af:ee:b7:11:15:9d:
                    cf:2c:3f:3d:5b:51:c8:6c:7c:b5:99:f7:26:57:c7:
                    9a:bc:8e:df:9a:a7:d8:4e:98:fa:b6:61:43:07:bf:
                    ad:48:66:9a:c2:b2:43:0b:e9:90:77:ce:d2:14:49:
                    04:9d:d9:7d:7d:97:25:74:fc:06:a9:f2:d9:1c:a6:
                    e3:fa:99:1f:0e:0a:10:01:af:4b:1e:60:e5:67:e1:
                    be:f7:01:80:60:5f:5d:43:22:cc:5d:cb:66:ce:c8:
                    20:d3:88:b4:36:c4:66:53:4d:6e:32:80:6e:63:93:
                    d7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:EF:B5:49:64:06:69:E0:DB:00:A2:E2:72:5D:F9:4D:F1:1D:44:98
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/66784b76-a8d8-4a3a-bf94-c2a71fb96713.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c4:29:71:25:8d:cd:51:81:5e:c3:93:ae:15:2e:36:cd:d1:
         c8:fa:e1:b3:0d:27:91:52:10:60:d1:56:e3:0a:b6:5a:3e:ac:
         0f:1b:2b:3c:56:0a:84:76:fa:64:1f:ee:64:b1:58:4a:dc:80:
         27:c0:4f:e8:75:62:16:86:93:e9:8c:a7:38:51:fd:a7:8f:06:
         7b:f1:9b:27:a9:93:d9:66:d4:da:ab:6e:65:72:ec:34:cb:a2:
         ac:2a:b8:17:5e:28:41:ba:66:b6:cf:f1:0b:1e:db:fd:7d:a5:
         01:8f:a6:f1:4f:af:cf:a7:45:e5:07:5e:75:0a:72:c9:6d:2c:
         a5:f3:51:ba:28:8e:d6:1a:81:52:48:03:8e:81:d4:9e:6e:6c:
         b1:e2:a4:7f:c2:8f:ad:ec:1a:b9:b0:5f:69:14:3b:06:36:92:
         36:b1:08:61:70:f3:43:8d:21:ba:5b:30:13:f9:83:14:e1:59:
         64:60:84:57:f5:e8:e7:fa:ad:24:25:d6:74:52:24:df:68:73:
         29:83:78:cf:a7:51:dc:e9:93:3c:c2:46:83:2d:8e:c9:fb:ad:
         f4:7c:6a:02:89:32:6d:e6:67:64:4b:dd:f6:61:72:a0:4c:d6:
         f3:94:a0:a6:61:ac:96:0c:db:22:4e:c7:0a:d8:d9:d4:4d:03:
         02:5b:af:07
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUD6R4IBUO+/qFbNvjOjU2yvvqcVEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTE1Yjk2NTQzNTVlZjQzYzc0ZDMxY2ZjY2YyNmU4YjQ4
YTE3ZDdiMjE0MjgwZjJmMmIxMmI1ZDc1ZjA0NmVkNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN0yEj828m0P0joNywSLsJ7B7LMsbhNR444HUflPusShVVGXhbUa
edaboLddDDvlIucawAy4BexU6gsA4SUfV+eRjNK5aXeKZMNH25FfdNmwnJiXlkSi
+YtI+txKDGi18bQde3rEEu+PwtUVyeyRe9Jg9RcHzPVUGMEVFum28WBt/1xr6oVe
UH9ZUiay7EgIr+63ERWdzyw/PVtRyGx8tZn3JlfHmryO35qn2E6Y+rZhQwe/rUhm
msKyQwvpkHfO0hRJBJ3ZfX2XJXT8Bqny2Rym4/qZHw4KEAGvSx5g5WfhvvcBgGBf
XUMizF3LZs7IINOItDbEZlNNbjKAbmOT16UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRr77VJZAZp4NsAouJyXflN8R1EmDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjY3ODRiNzYtYThkOC00YTNhLWJmOTQtYzJhNzFmYjk2NzEzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACPEKXEljc1RgV7D
k64VLjbN0cj64bMNJ5FSEGDRVuMKtlo+rA8bKzxWCoR2+mQf7mSxWErcgCfAT+h1
YhaGk+mMpzhR/aePBnvxmyepk9lm1NqrbmVy7DTLoqwquBdeKEG6ZrbP8Qse2/19
pQGPpvFPr8+nReUHXnUKcsltLKXzUboojtYagVJIA46B1J5ubLHipH/Cj63sGrmw
X2kUOwY2kjaxCGFw80ONIbpbMBP5gxThWWRghFf16Of6rSQl1nRSJN9ocymDeM+n
UdzpkzzCRoMtjsn7rfR8agKJMm3mZ2RL3fZhcqBM1vOUoKZhrJYM2yJOxwrY2dRN
AwJbrwc=
-----END CERTIFICATE-----