Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7fc1cd21-d9fd-4b23-8bbd-6eb3b3056af8.roa
File:                     7fc1cd21-d9fd-4b23-8bbd-6eb3b3056af8.roa (raw, json)
Hash identifier:          I9WjfL13hiKEph1f1EpCHerNzyMfWXMEyArAZz4f5IE=
Subject key identifier:   C1:23:71:55:AD:CC:B2:92:BF:D9:31:F3:BA:98:B3:51:6C:78:9F:63
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       52E4894A5DEEA1BF2DB4DF2824CA7FF209EF381A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7fc1cd21-d9fd-4b23-8bbd-6eb3b3056af8.roa
Signing time:             Fri 10 Mar 2023 00:00:00 +0000
ROA not before:           Fri 10 Mar 2023 00:00:00 +0000
ROA not after:            Mon 13 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:e4:89:4a:5d:ee:a1:bf:2d:b4:df:28:24:ca:7f:f2:09:ef:38:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 10 00:00:00 2023 GMT
            Not After : Mar 13 23:59:59 2023 GMT
        Subject: serialNumber=e2faa9517a501af4cf5e2bf20a00bff19493e1bd16e833f31cc058d3cacc4901, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:36:9d:e2:4e:aa:5a:f7:1d:cc:b9:bf:60:d8:
                    61:bb:e0:b2:19:6a:dc:a3:96:c6:b3:af:74:48:80:
                    8e:1d:4f:8b:51:e9:3c:e1:89:8c:33:bf:9e:32:75:
                    c1:d4:17:ff:e5:ad:cd:57:10:7e:75:f8:81:84:ff:
                    af:04:43:71:ca:e3:49:90:72:b5:e5:7f:ff:0e:e7:
                    7a:6f:c5:dc:cf:b9:7a:d4:88:76:61:2b:b7:b6:07:
                    ea:8c:1c:04:2f:d4:3a:f4:3c:23:58:99:1b:90:86:
                    4a:7d:1e:6c:8e:8b:11:19:03:78:8f:92:1c:b9:e9:
                    97:d3:66:52:9f:4b:57:8e:39:8f:c4:a1:2a:b1:40:
                    b4:fd:57:a2:98:22:88:65:20:5c:69:8f:ec:bc:50:
                    53:a0:d6:3d:61:df:65:b6:cb:1e:f3:49:1e:61:68:
                    7d:f5:03:09:e5:a1:ce:56:cb:db:49:c6:61:53:96:
                    4f:6a:32:11:64:92:4d:0e:fd:0c:ec:20:01:b3:57:
                    f0:52:4d:a7:06:ee:0c:34:af:a4:a5:1d:2c:67:ed:
                    53:a7:f6:fe:16:8b:a3:31:f4:48:41:1f:72:5c:9a:
                    63:03:a3:f6:73:d8:00:75:fc:07:cb:12:f2:57:32:
                    0c:b4:ee:9a:14:81:22:87:ff:ea:1e:b0:19:9b:21:
                    5a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:23:71:55:AD:CC:B2:92:BF:D9:31:F3:BA:98:B3:51:6C:78:9F:63
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7fc1cd21-d9fd-4b23-8bbd-6eb3b3056af8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:24:d8:7b:99:1b:35:8f:9b:ae:04:0b:f5:da:0f:36:2b:35:
         d4:1e:d1:27:f2:f3:68:75:d6:ef:07:48:af:c3:0f:23:50:de:
         c8:a4:d6:f8:d4:ec:2d:7f:df:13:e1:53:f3:ce:e9:aa:58:53:
         8f:19:eb:b4:fc:f2:54:78:f5:58:62:20:fd:04:cd:a4:42:f7:
         cb:21:2a:c4:7e:87:cc:31:54:2a:b3:6a:d8:b4:fc:c4:c0:81:
         05:e1:7d:ff:75:cc:d4:55:8b:80:08:8b:c9:e9:9c:13:58:72:
         ba:82:79:fb:ed:2a:3f:91:8a:29:67:9a:30:a8:82:bd:2e:85:
         92:c2:a8:18:40:94:41:24:1b:42:c7:02:3b:87:71:3b:c0:f4:
         81:77:9c:0a:ac:04:67:ed:37:ed:bd:91:24:ad:55:1b:8c:87:
         2e:a1:7c:e8:cb:c3:02:a0:d7:d0:3d:b9:6e:88:28:c6:3f:7b:
         bd:c7:16:86:5c:04:ab:27:0e:8d:42:94:ea:d2:d6:c8:e3:15:
         43:b5:7f:31:6b:01:00:d9:b3:e7:55:c4:ea:e6:6a:2a:97:51:
         ff:ff:c6:26:de:3b:92:c7:f0:8d:2b:f6:34:37:03:a1:80:3c:
         79:fc:0b:47:ba:e8:2a:a8:04:53:a0:03:44:96:7b:0f:9c:5d:
         70:3d:34:2f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUuSJSl3uob8ttN8oJMp/8gnvOBowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEwMDAwMDAwWhcNMjMwMzEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTJmYWE5NTE3YTUwMWFmNGNmNWUyYmYyMGEwMGJmZjE5
NDkzZTFiZDE2ZTgzM2YzMWNjMDU4ZDNjYWNjNDkwMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANk2neJOqlr3Hcy5v2DYYbvgshlq3KOWxrOvdEiAjh1Pi1HpPOGJ
jDO/njJ1wdQX/+WtzVcQfnX4gYT/rwRDccrjSZByteV//w7nem/F3M+5etSIdmEr
t7YH6owcBC/UOvQ8I1iZG5CGSn0ebI6LERkDeI+SHLnpl9NmUp9LV445j8ShKrFA
tP1XopgiiGUgXGmP7LxQU6DWPWHfZbbLHvNJHmFoffUDCeWhzlbL20nGYVOWT2oy
EWSSTQ79DOwgAbNX8FJNpwbuDDSvpKUdLGftU6f2/haLozH0SEEfclyaYwOj9nPY
AHX8B8sS8lcyDLTumhSBIof/6h6wGZshWjMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTBI3FVrcyykr/ZMfO6mLNRbHifYzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2ZjMWNkMjEtZDlmZC00YjIzLThiYmQtNmViM2IzMDU2YWY4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADUk2HuZGzWPm64E
C/XaDzYrNdQe0Sfy82h11u8HSK/DDyNQ3sik1vjU7C1/3xPhU/PO6apYU48Z67T8
8lR49VhiIP0EzaRC98shKsR+h8wxVCqzati0/MTAgQXhff91zNRVi4AIi8npnBNY
crqCefvtKj+RiilnmjCogr0uhZLCqBhAlEEkG0LHAjuHcTvA9IF3nAqsBGftN+29
kSStVRuMhy6hfOjLwwKg19A9uW6IKMY/e73HFoZcBKsnDo1ClOrS1sjjFUO1fzFr
AQDZs+dVxOrmaiqXUf//xibeO5LH8I0r9jQ3A6GAPHn8C0e66CqoBFOgA0SWew+c
XXA9NC8=
-----END CERTIFICATE-----