Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8c9de37c-42d1-4f92-b7ba-0d863ad24665.roa
File:                     8c9de37c-42d1-4f92-b7ba-0d863ad24665.roa (raw, json)
Hash identifier:          wQ/4qaGaYNG94DkJ7N7r36H2FBDKhskVWw4yYgeG0FI=
Subject key identifier:   1D:92:65:05:07:CA:74:1A:B7:83:52:3E:B1:02:22:79:94:A6:40:DB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       79F03A680DD1B963C38C15D64F5371A7CB17F8B6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8c9de37c-42d1-4f92-b7ba-0d863ad24665.roa
Signing time:             Tue 21 Mar 2023 00:00:00 +0000
ROA not before:           Tue 21 Mar 2023 00:00:00 +0000
ROA not after:            Fri 24 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:f0:3a:68:0d:d1:b9:63:c3:8c:15:d6:4f:53:71:a7:cb:17:f8:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 21 00:00:00 2023 GMT
            Not After : Mar 24 23:59:59 2023 GMT
        Subject: serialNumber=a8888f3ebca29c81753e62e41f339ff492581901b2c134eb217931d0b6d1ebf6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:93:65:2e:4d:c5:7b:ab:81:3a:6a:e6:8b:c4:
                    e0:3c:02:09:32:00:fa:c7:15:4c:46:10:3e:e5:f9:
                    ce:d5:af:e0:63:79:7a:7f:10:26:b1:4e:f4:42:cb:
                    16:3e:e3:51:f5:a1:06:0a:33:71:bb:8d:1c:3f:b3:
                    47:41:c6:f3:ea:67:40:11:d0:f6:f2:41:73:b7:93:
                    e3:bb:00:a2:85:86:42:83:d8:4e:85:1a:24:70:7c:
                    86:c6:2f:57:ac:bc:16:b8:10:5d:bb:6a:ce:a6:58:
                    f0:58:40:3c:7f:4a:d9:e0:d0:08:24:ed:7a:86:77:
                    53:a8:22:cf:67:5e:c7:9a:0e:a5:e8:0a:5a:51:30:
                    ee:7c:bf:56:da:4c:f3:17:3d:69:91:56:2a:61:40:
                    6b:67:b4:7a:41:a5:ab:a8:af:bf:2c:b1:aa:fd:de:
                    f1:a9:46:aa:ea:0d:7a:ca:c5:c0:fe:b6:b7:13:41:
                    a9:87:2a:e7:03:3c:7b:5b:7f:d3:5a:f0:02:d9:b9:
                    d6:62:ec:2c:7b:68:bd:ea:f9:5d:18:34:69:89:89:
                    7c:f7:bf:2e:f4:f8:43:6d:73:31:e8:b5:e9:0e:7b:
                    15:8e:c8:7e:9c:4c:ec:1b:5a:15:1f:47:48:99:62:
                    3b:b4:de:98:7d:ff:ba:1d:05:73:fb:c2:ee:a9:cb:
                    3c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:92:65:05:07:CA:74:1A:B7:83:52:3E:B1:02:22:79:94:A6:40:DB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8c9de37c-42d1-4f92-b7ba-0d863ad24665.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:75:64:4a:4a:6b:4d:c0:dd:cd:ef:62:10:1f:be:19:90:ab:
         30:8b:47:a7:eb:30:eb:6a:28:22:7b:02:a8:43:b4:13:71:f8:
         6f:03:4b:32:61:5b:ba:b0:8d:e4:f9:3c:3f:c4:ec:5b:ec:d4:
         4a:68:01:05:be:d9:98:b4:45:a3:ab:60:a8:8e:dd:7d:4a:a0:
         90:c6:ea:f1:53:c3:c4:d1:25:6a:8b:90:e3:e4:4f:88:b3:cc:
         75:42:98:91:1b:e7:86:66:68:65:6c:cf:9e:2d:0f:55:41:6f:
         33:1f:19:63:74:32:17:3e:e2:16:1e:92:da:2b:3b:e2:09:8b:
         f6:b6:fd:e1:c4:05:b2:49:e7:e1:20:12:0b:aa:7d:a0:01:dd:
         9c:f0:c2:26:4a:a8:fa:32:6b:f1:d4:b0:ca:7d:4a:8e:a0:b9:
         b9:72:bc:1b:ee:87:1e:ce:9c:49:4a:5c:2c:9a:25:e9:ff:18:
         39:77:22:af:f5:07:c4:c0:0c:6b:f7:0a:70:f3:dd:f4:e4:1c:
         f1:ad:6a:38:75:94:f8:d3:5c:c8:2e:31:82:5b:46:e3:af:78:
         bc:33:a3:4b:47:cd:36:e7:ec:45:94:75:16:df:af:8f:09:c9:
         3e:76:88:cb:69:7a:e5:90:79:7b:a7:63:b8:e8:a6:b4:36:d6:
         dd:c5:57:63
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUefA6aA3RuWPDjBXWT1Nxp8sX+LYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIxMDAwMDAwWhcNMjMwMzI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTg4ODhmM2ViY2EyOWM4MTc1M2U2MmU0MWYzMzlmZjQ5
MjU4MTkwMWIyYzEzNGViMjE3OTMxZDBiNmQxZWJmNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALyTZS5NxXurgTpq5ovE4DwCCTIA+scVTEYQPuX5ztWv4GN5en8Q
JrFO9ELLFj7jUfWhBgozcbuNHD+zR0HG8+pnQBHQ9vJBc7eT47sAooWGQoPYToUa
JHB8hsYvV6y8FrgQXbtqzqZY8FhAPH9K2eDQCCTteoZ3U6giz2dex5oOpegKWlEw
7ny/VtpM8xc9aZFWKmFAa2e0ekGlq6ivvyyxqv3e8alGquoNesrFwP62txNBqYcq
5wM8e1t/01rwAtm51mLsLHtover5XRg0aYmJfPe/LvT4Q21zMei16Q57FY7IfpxM
7BtaFR9HSJliO7TemH3/uh0Fc/vC7qnLPOsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQdkmUFB8p0GreDUj6xAiJ5lKZA2zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGM5ZGUzN2MtNDJkMS00ZjkyLWI3YmEtMGQ4NjNhZDI0NjY1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHx1ZEpKa03A3c3v
YhAfvhmQqzCLR6frMOtqKCJ7AqhDtBNx+G8DSzJhW7qwjeT5PD/E7Fvs1EpoAQW+
2Zi0RaOrYKiO3X1KoJDG6vFTw8TRJWqLkOPkT4izzHVCmJEb54ZmaGVsz54tD1VB
bzMfGWN0Mhc+4hYektorO+IJi/a2/eHEBbJJ5+EgEguqfaAB3ZzwwiZKqPoya/HU
sMp9So6gublyvBvuhx7OnElKXCyaJen/GDl3Iq/1B8TADGv3CnDz3fTkHPGtajh1
lPjTXMguMYJbRuOveLwzo0tHzTbn7EWUdRbfr48JyT52iMtpeuWQeXunY7joprQ2
1t3FV2M=
-----END CERTIFICATE-----