Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9a0f5d5b-d980-4d72-ae7f-253066e91ac7.roa
File:                     9a0f5d5b-d980-4d72-ae7f-253066e91ac7.roa (raw, json)
Hash identifier:          sETXx0kaCs7PcFvVzvZCVBtBjY2zPb6jHHyp+LRYpuA=
Subject key identifier:   A1:12:B2:0D:AD:E6:07:DA:9B:18:B8:49:38:53:4E:77:20:87:EC:6A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       13E82FDCD2C064A339BFA53F8C239F297203DBE0
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9a0f5d5b-d980-4d72-ae7f-253066e91ac7.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:e8:2f:dc:d2:c0:64:a3:39:bf:a5:3f:8c:23:9f:29:72:03:db:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=87bab551dc63d2c8b35d3589396bad09694c5ecf3deafdfd1fc31704ce58ce2e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:20:2d:eb:d5:63:a3:ba:2e:a8:67:de:d7:04:
                    1d:19:fd:34:66:2d:78:44:1a:4b:ee:ce:cc:1f:a3:
                    03:0d:cb:86:62:a6:6e:fa:02:b3:2c:3d:ef:6c:91:
                    3b:6f:17:39:58:eb:92:44:df:5e:9d:e8:4e:db:d5:
                    b0:ea:9d:07:d3:2f:4b:02:9c:20:91:3c:d7:cb:7e:
                    f1:f1:ea:f8:eb:96:c1:1d:90:f6:6c:cb:b7:36:c8:
                    78:17:80:52:fe:33:01:59:82:7c:31:34:3e:6a:53:
                    ec:80:e4:1e:80:b3:39:b2:a5:37:08:fa:67:32:de:
                    74:09:34:9d:8f:64:d5:71:00:f6:6a:26:94:b5:af:
                    8b:8f:67:b2:3a:cd:3a:a1:b4:e7:50:e0:e3:36:6a:
                    f3:c1:6c:a7:2b:a0:29:cf:af:a2:c1:22:13:70:5a:
                    de:03:08:49:db:d3:46:53:70:30:54:d7:ed:dd:9f:
                    b5:8d:ef:24:b0:37:32:8c:22:18:16:da:40:fc:24:
                    05:8a:98:20:9d:7f:b4:cb:26:31:19:ee:0b:6b:21:
                    65:51:21:e1:4a:4e:02:f6:47:26:c1:f5:23:b9:29:
                    ae:86:2f:5b:69:ec:4f:91:6c:85:42:b1:16:f6:7c:
                    f5:23:fd:92:3f:f4:27:3d:2e:c6:5e:56:b8:e0:ff:
                    59:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:12:B2:0D:AD:E6:07:DA:9B:18:B8:49:38:53:4E:77:20:87:EC:6A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9a0f5d5b-d980-4d72-ae7f-253066e91ac7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:b3:2a:8a:8b:43:b6:02:13:fb:3a:63:64:87:01:a1:ad:46:
         33:31:4a:73:83:b3:08:1a:36:c0:11:3f:7c:ea:1d:f8:08:b2:
         b9:2d:ff:95:2a:90:a9:96:ae:f7:cf:28:28:76:54:38:6d:5e:
         0b:e7:fc:2f:a5:fa:1c:aa:dd:cd:0d:58:68:63:93:f9:d3:07:
         69:fa:11:87:cf:2f:b3:b0:6e:2b:c0:0d:4d:95:61:de:ec:00:
         05:24:eb:ba:bf:31:93:68:66:bd:d8:bc:59:72:14:5f:e5:f3:
         12:a1:1b:9c:62:24:b2:8c:f1:33:c6:fb:c6:29:30:75:fe:5c:
         bc:45:46:4d:02:1f:7b:0c:75:17:3d:1a:82:ef:37:12:3a:12:
         6e:fc:2d:7e:17:4d:2c:8d:14:61:b0:ef:8a:d2:6a:ed:2b:12:
         cc:7e:d6:ff:34:7a:59:e7:2f:e4:79:af:25:12:d4:c0:f1:18:
         07:b3:ec:92:34:9f:2b:85:b9:28:27:1b:4f:f0:91:94:67:a3:
         39:74:00:40:d5:db:f8:fb:b4:7d:f9:95:ba:9c:ee:84:0a:e7:
         ef:be:15:3a:6c:05:9f:6e:09:17:78:04:08:5c:ed:71:7e:6b:
         64:d2:4e:ab:f3:92:82:5f:d6:24:42:5f:a0:10:68:f2:d4:35:
         4b:0f:48:d4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUE+gv3NLAZKM5v6U/jCOfKXID2+AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODdiYWI1NTFkYzYzZDJjOGIzNWQzNTg5Mzk2YmFkMDk2
OTRjNWVjZjNkZWFmZGZkMWZjMzE3MDRjZTU4Y2UyZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ8gLevVY6O6Lqhn3tcEHRn9NGYteEQaS+7OzB+jAw3LhmKmbvoC
syw972yRO28XOVjrkkTfXp3oTtvVsOqdB9MvSwKcIJE818t+8fHq+OuWwR2Q9mzL
tzbIeBeAUv4zAVmCfDE0PmpT7IDkHoCzObKlNwj6ZzLedAk0nY9k1XEA9momlLWv
i49nsjrNOqG051Dg4zZq88FspyugKc+vosEiE3Ba3gMISdvTRlNwMFTX7d2ftY3v
JLA3MowiGBbaQPwkBYqYIJ1/tMsmMRnuC2shZVEh4UpOAvZHJsH1I7kproYvW2ns
T5FshUKxFvZ89SP9kj/0Jz0uxl5WuOD/WWsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBShErINreYH2psYuEk4U053IIfsajAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOWEwZjVkNWItZDk4MC00ZDcyLWFlN2YtMjUzMDY2ZTkxYWM3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIizKoqLQ7YCE/s6
Y2SHAaGtRjMxSnODswgaNsARP3zqHfgIsrkt/5UqkKmWrvfPKCh2VDhtXgvn/C+l
+hyq3c0NWGhjk/nTB2n6EYfPL7OwbivADU2VYd7sAAUk67q/MZNoZr3YvFlyFF/l
8xKhG5xiJLKM8TPG+8YpMHX+XLxFRk0CH3sMdRc9GoLvNxI6Em78LX4XTSyNFGGw
74rSau0rEsx+1v80elnnL+R5ryUS1MDxGAez7JI0nyuFuSgnG0/wkZRnozl0AEDV
2/j7tH35lbqc7oQK5+++FTpsBZ9uCRd4BAhc7XF+a2TSTqvzkoJf1iRCX6AQaPLU
NUsPSNQ=
-----END CERTIFICATE-----