Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9dec8690-9782-445d-838a-7bf95ab608dc.roa
File:                     9dec8690-9782-445d-838a-7bf95ab608dc.roa (raw, json)
Hash identifier:          zQxf0STqmm3888MD/pSRVMVzriKN5HXOjWKXCbj2i24=
Subject key identifier:   00:07:F8:B6:5D:0C:B4:4C:7A:2A:51:24:19:41:BA:01:8E:E5:A6:D8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       67DDDEC0E52C8EEC63EABF6D403C04EA5B48C309
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9dec8690-9782-445d-838a-7bf95ab608dc.roa
Signing time:             Tue 14 Feb 2023 00:00:00 +0000
ROA not before:           Tue 14 Feb 2023 00:00:00 +0000
ROA not after:            Fri 17 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:dd:de:c0:e5:2c:8e:ec:63:ea:bf:6d:40:3c:04:ea:5b:48:c3:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 14 00:00:00 2023 GMT
            Not After : Feb 17 23:59:59 2023 GMT
        Subject: serialNumber=9f16f31b1e40c84f88ab86cb58d95bcbbe99aa038afc5901d97473c61c2d06a6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:17:93:bf:64:4e:5d:ef:22:7d:2c:a9:27:eb:
                    5a:53:97:72:be:8b:c3:60:a7:7b:bf:d3:df:ec:43:
                    c6:8c:79:de:7e:d5:d4:77:32:19:9d:78:f3:7c:42:
                    da:df:02:f9:24:59:b5:7c:a0:5d:69:97:e9:2f:9a:
                    ec:2a:a1:4f:a0:1d:e1:e1:e6:67:46:ef:63:d7:4d:
                    59:dd:03:8c:45:7d:f7:83:8e:ba:ff:09:9c:61:d0:
                    b2:2e:e4:0c:02:29:09:0f:a9:71:b1:94:51:d3:a5:
                    65:d8:ec:b4:66:94:d3:e9:b2:e6:c7:6e:91:61:d0:
                    80:b9:ad:11:d2:f1:54:7d:80:e2:e8:36:61:f8:07:
                    b3:d4:b9:38:0b:07:ab:4a:c7:2a:3e:57:7c:f4:7c:
                    fd:40:70:55:2b:4f:5a:b4:a9:c9:83:0a:3e:20:75:
                    1b:bc:b5:2a:63:98:ff:dd:77:fa:31:88:63:27:bb:
                    b3:f1:7d:f7:7d:46:cb:8e:30:91:8f:0f:17:37:7e:
                    d5:e1:a0:e4:05:2a:25:11:e1:22:9f:07:0d:6a:f8:
                    f7:75:1c:59:7a:de:74:83:26:1d:3d:41:30:55:f9:
                    10:3b:4f:c4:ce:9f:9c:dc:c2:51:22:56:9f:56:1d:
                    42:74:51:27:9d:67:93:2a:87:4f:ac:3b:a9:07:c8:
                    16:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:07:F8:B6:5D:0C:B4:4C:7A:2A:51:24:19:41:BA:01:8E:E5:A6:D8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9dec8690-9782-445d-838a-7bf95ab608dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:3c:b8:2a:73:1c:b2:45:23:00:08:86:e4:c9:5b:e5:69:17:
         85:eb:01:48:32:a0:9b:45:0d:9c:a9:68:41:47:fb:d6:39:5a:
         c1:ee:96:3d:50:87:17:21:53:38:61:5b:97:da:53:15:01:0c:
         0b:6c:c1:5a:44:e4:dc:39:6c:2b:7b:22:8a:87:5c:3a:3b:d2:
         da:29:f7:f3:59:04:ae:d9:22:31:1c:f9:4d:46:ed:a7:e3:c3:
         3b:20:f9:81:54:bc:47:6f:16:4e:24:a6:29:0e:ab:13:a9:2a:
         3f:0a:04:ee:d8:cb:8c:21:85:3a:42:ca:5e:36:45:35:02:19:
         03:15:55:31:21:11:86:10:4c:03:bf:09:1f:a4:37:ef:ee:b2:
         31:60:51:9e:41:37:05:e4:c4:00:72:08:85:02:37:3c:20:a7:
         71:e7:11:54:be:db:35:30:08:e6:9c:19:ee:a9:af:07:96:14:
         3b:2b:b7:3d:57:79:bc:9c:92:d8:bc:ed:af:c7:0f:64:9e:24:
         b3:e3:d8:a9:0b:b3:4f:fa:2c:a6:6e:b4:c0:d2:59:da:d4:58:
         06:62:44:36:d6:fe:fc:12:f1:b1:01:1c:4c:5f:5b:ee:97:87:
         0c:2d:83:65:ed:0f:97:0f:e2:86:25:ee:f7:be:91:d6:18:a8:
         9d:ef:27:03
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZ93ewOUsjuxj6r9tQDwE6ltIwwkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE0MDAwMDAwWhcNMjMwMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOWYxNmYzMWIxZTQwYzg0Zjg4YWI4NmNiNThkOTViY2Ji
ZTk5YWEwMzhhZmM1OTAxZDk3NDczYzYxYzJkMDZhNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK0Xk79kTl3vIn0sqSfrWlOXcr6Lw2Cne7/T3+xDxox53n7V1Hcy
GZ1483xC2t8C+SRZtXygXWmX6S+a7CqhT6Ad4eHmZ0bvY9dNWd0DjEV994OOuv8J
nGHQsi7kDAIpCQ+pcbGUUdOlZdjstGaU0+my5sdukWHQgLmtEdLxVH2A4ug2YfgH
s9S5OAsHq0rHKj5XfPR8/UBwVStPWrSpyYMKPiB1G7y1KmOY/913+jGIYye7s/F9
931Gy44wkY8PFzd+1eGg5AUqJRHhIp8HDWr493UcWXredIMmHT1BMFX5EDtPxM6f
nNzCUSJWn1YdQnRRJ51nkyqHT6w7qQfIFmsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQAB/i2XQy0THoqUSQZQboBjuWm2DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOWRlYzg2OTAtOTc4Mi00NDVkLTgzOGEtN2JmOTVhYjYwOGRjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK88uCpzHLJFIwAI
huTJW+VpF4XrAUgyoJtFDZypaEFH+9Y5WsHulj1QhxchUzhhW5faUxUBDAtswVpE
5Nw5bCt7IoqHXDo70top9/NZBK7ZIjEc+U1G7afjwzsg+YFUvEdvFk4kpikOqxOp
Kj8KBO7Yy4whhTpCyl42RTUCGQMVVTEhEYYQTAO/CR+kN+/usjFgUZ5BNwXkxABy
CIUCNzwgp3HnEVS+2zUwCOacGe6prweWFDsrtz1Xebyckti87a/HD2SeJLPj2KkL
s0/6LKZutMDSWdrUWAZiRDbW/vwS8bEBHExfW+6Xhwwtg2XtD5cP4oYl7ve+kdYY
qJ3vJwM=
-----END CERTIFICATE-----