Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b526645e-d789-48f5-9881-46fd089be9ed.roa
File:                     b526645e-d789-48f5-9881-46fd089be9ed.roa (raw, json)
Hash identifier:          UCeTa2gs3tlOj0oEcnMxJPzOUk9rg5lkaZM1CoEZljo=
Subject key identifier:   FA:63:A2:1F:3A:1F:76:12:3B:9D:AB:41:A1:D7:A4:8D:64:D3:C3:DE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       35495895D9177E5363923EE129145DBAB6B5F96C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b526645e-d789-48f5-9881-46fd089be9ed.roa
Signing time:             Tue 09 May 2023 00:00:00 +0000
ROA not before:           Tue 09 May 2023 00:00:00 +0000
ROA not after:            Fri 12 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:49:58:95:d9:17:7e:53:63:92:3e:e1:29:14:5d:ba:b6:b5:f9:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May  9 00:00:00 2023 GMT
            Not After : May 12 23:59:59 2023 GMT
        Subject: serialNumber=9f9a1dae1dd3e888de1e8eef2847b87230d7e94b75bd5e67449dc82bb0284348, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:70:3c:79:2b:f8:30:2d:6a:4e:03:24:a8:4a:
                    52:21:4c:3a:3d:f0:6e:5f:52:9a:0a:57:6e:31:63:
                    81:a4:9c:e8:de:c2:31:31:2d:bf:40:3b:4e:cd:68:
                    ea:c6:a8:59:6f:45:94:db:0e:af:bc:fe:8b:8a:c3:
                    09:c6:95:33:b3:21:d8:30:28:6b:86:b3:34:4c:ee:
                    a4:76:be:10:cd:74:bf:95:f5:cc:30:71:53:43:c4:
                    6f:e1:87:b3:96:55:3b:f2:cc:b3:c9:bc:36:60:bf:
                    03:db:ef:93:a1:43:f5:db:0b:9f:7c:8d:4d:6b:73:
                    ec:73:8c:89:54:4d:c4:30:0a:16:47:9f:9a:90:0d:
                    49:f8:39:56:86:1e:65:fa:b6:a1:28:65:13:3a:c8:
                    87:a9:4b:e9:f6:1e:2b:46:b1:a4:97:47:00:23:ef:
                    9d:56:a4:c2:06:7c:e0:96:be:35:1f:ea:54:5b:e8:
                    35:98:c2:a3:60:b7:09:19:63:2c:82:21:c9:c5:c1:
                    c7:01:a6:ba:1d:72:2a:b0:5c:89:a7:dd:4b:69:0c:
                    62:d4:79:d3:e2:2e:08:c6:ad:eb:51:ff:82:e3:7a:
                    c5:63:87:07:86:34:39:1b:ca:ba:9e:7a:af:19:1a:
                    96:04:b2:e3:60:43:5d:02:ea:33:bc:21:7e:06:f8:
                    83:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:63:A2:1F:3A:1F:76:12:3B:9D:AB:41:A1:D7:A4:8D:64:D3:C3:DE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b526645e-d789-48f5-9881-46fd089be9ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:93:47:d8:0f:10:51:bb:a8:1b:d9:10:b2:7f:08:ec:f4:a7:
         0a:4c:d3:7a:8a:49:fa:1f:55:76:48:12:3c:63:bf:00:00:c4:
         0c:a3:0e:d0:bc:46:42:2c:be:21:73:63:54:4f:c7:92:85:48:
         d3:d1:47:6d:0f:1f:f1:1f:fb:4b:a4:ff:b9:83:bb:5d:10:f0:
         18:7e:08:55:b8:17:13:c7:9b:ca:38:50:ba:06:2d:d9:bc:8c:
         e4:62:e8:09:e6:01:47:86:47:4a:0b:62:c7:1b:90:d5:ba:16:
         c3:00:5c:98:b8:3d:8b:a7:fc:82:90:17:1c:00:95:6d:cd:92:
         fa:19:8a:08:a9:51:93:bf:aa:70:64:f9:d1:5d:e2:33:86:78:
         de:51:52:20:1a:7e:07:fa:82:43:f9:13:16:a4:96:38:03:8d:
         92:76:2e:8c:65:23:f7:aa:1b:f6:44:25:b8:e4:a2:37:1e:f9:
         4a:83:cd:c1:0d:3a:91:01:98:da:05:5f:6c:95:fe:84:25:eb:
         05:5d:76:81:0a:e4:d4:47:ea:11:ef:0c:e4:04:c7:cf:b9:65:
         d0:ad:a7:4a:f0:4f:cc:9f:58:48:c7:eb:22:14:15:7a:4e:b9:
         ef:b0:99:9b:0d:f4:d7:16:9c:bd:e9:a3:fd:9b:57:7d:5f:a3:
         ff:a5:2d:fe
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNUlYldkXflNjkj7hKRRdura1+WwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTA5MDAwMDAwWhcNMjMwNTEyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOWY5YTFkYWUxZGQzZTg4OGRlMWU4ZWVmMjg0N2I4NzIz
MGQ3ZTk0Yjc1YmQ1ZTY3NDQ5ZGM4MmJiMDI4NDM0ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKVwPHkr+DAtak4DJKhKUiFMOj3wbl9SmgpXbjFjgaSc6N7CMTEt
v0A7Ts1o6saoWW9FlNsOr7z+i4rDCcaVM7Mh2DAoa4azNEzupHa+EM10v5X1zDBx
U0PEb+GHs5ZVO/LMs8m8NmC/A9vvk6FD9dsLn3yNTWtz7HOMiVRNxDAKFkefmpAN
Sfg5VoYeZfq2oShlEzrIh6lL6fYeK0axpJdHACPvnVakwgZ84Ja+NR/qVFvoNZjC
o2C3CRljLIIhycXBxwGmuh1yKrBciafdS2kMYtR50+IuCMat61H/guN6xWOHB4Y0
ORvKup56rxkalgSy42BDXQLqM7whfgb4g6ECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT6Y6IfOh92Ejudq0Gh16SNZNPD3jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjUyNjY0NWUtZDc4OS00OGY1LTk4ODEtNDZmZDA4OWJlOWVkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAByTR9gPEFG7qBvZ
ELJ/COz0pwpM03qKSfofVXZIEjxjvwAAxAyjDtC8RkIsviFzY1RPx5KFSNPRR20P
H/Ef+0uk/7mDu10Q8Bh+CFW4FxPHm8o4ULoGLdm8jORi6AnmAUeGR0oLYscbkNW6
FsMAXJi4PYun/IKQFxwAlW3NkvoZigipUZO/qnBk+dFd4jOGeN5RUiAafgf6gkP5
ExakljgDjZJ2LoxlI/eqG/ZEJbjkojce+UqDzcENOpEBmNoFX2yV/oQl6wVddoEK
5NRH6hHvDOQEx8+5ZdCtp0rwT8yfWEjH6yIUFXpOue+wmZsN9NcWnL3po/2bV31f
o/+lLf4=
-----END CERTIFICATE-----