Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bb2ed080-5140-490f-b3e8-171359c75600.roa
File:                     bb2ed080-5140-490f-b3e8-171359c75600.roa (raw, json)
Hash identifier:          jya9ziBFVoKMAR63p4RBl0sYE0iiIYHIuB2Potgz6O8=
Subject key identifier:   69:64:AE:53:E7:57:B9:C1:D9:A9:56:E5:08:44:5C:A6:EC:8B:F5:E6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5FEB712A9BC13EC684BCF992E57EE5BCB9DAD401
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bb2ed080-5140-490f-b3e8-171359c75600.roa
Signing time:             Fri 17 Feb 2023 00:00:00 +0000
ROA not before:           Fri 17 Feb 2023 00:00:00 +0000
ROA not after:            Mon 20 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:eb:71:2a:9b:c1:3e:c6:84:bc:f9:92:e5:7e:e5:bc:b9:da:d4:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 17 00:00:00 2023 GMT
            Not After : Feb 20 23:59:59 2023 GMT
        Subject: serialNumber=2bbaf3cedb61bd4f980bd86009a7e6e3956a95df8f47078a20f7e078044c8446, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d5:86:84:f1:f9:a2:9a:d1:bd:97:82:71:7e:
                    29:26:72:81:56:75:98:d1:99:27:6e:e9:b3:58:cc:
                    f2:03:9a:13:49:ea:cb:ef:43:c9:ce:d7:92:a3:6b:
                    6b:ac:82:7b:51:b1:4e:5d:66:c4:60:ef:a7:6f:38:
                    1a:a2:69:8d:1b:1d:e3:a7:6f:f5:82:c9:c2:09:c9:
                    d1:f8:eb:19:28:c5:d3:ac:76:1d:f5:a7:55:8f:3f:
                    da:8f:f6:ab:6e:56:d6:1f:1c:55:be:2f:a0:b4:a7:
                    b2:7a:dd:ab:64:17:84:19:99:dc:c9:c2:0f:84:43:
                    80:23:ca:52:6c:4c:93:15:4c:51:e6:2c:4f:cd:0c:
                    79:de:06:77:ea:a1:e7:f6:95:12:99:fa:05:85:db:
                    8e:6b:ad:a6:29:70:3b:82:50:3c:61:a1:f7:f9:b3:
                    82:38:d1:32:d1:f8:72:54:4c:2b:f0:72:9b:9d:fc:
                    14:73:bc:e9:06:1b:8f:c7:65:3d:ef:14:3c:1d:be:
                    05:1b:86:88:d1:25:1a:1a:2c:fa:c0:da:dc:07:3c:
                    76:44:61:c6:99:a6:2b:12:16:7f:ee:f8:66:d3:28:
                    2f:50:93:f5:da:92:07:23:93:c9:d3:a4:9c:18:00:
                    05:39:cc:5e:f5:86:1b:96:17:9f:f5:60:2e:7b:56:
                    3c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:64:AE:53:E7:57:B9:C1:D9:A9:56:E5:08:44:5C:A6:EC:8B:F5:E6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bb2ed080-5140-490f-b3e8-171359c75600.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:b1:62:51:3c:b8:c0:b8:87:2c:39:d1:a8:26:25:76:04:7f:
         42:2f:f6:8d:c3:7b:21:fe:fd:a4:62:c0:8e:93:45:54:e7:65:
         fa:d2:c8:42:df:49:4d:1b:67:49:f1:0b:f5:22:1c:a9:e8:51:
         bb:7c:27:e4:29:05:2c:81:e2:f7:54:5c:26:2f:c7:25:e6:d3:
         20:ae:44:60:87:29:12:26:e3:b4:c9:1e:2d:fd:78:20:94:1a:
         3f:ba:55:fa:63:dd:68:3d:cc:fb:d3:46:3d:6b:16:25:b6:2e:
         32:c7:0a:2f:52:e1:87:bb:c0:8d:76:25:16:d2:56:48:85:ee:
         c1:16:4a:74:05:a3:0f:f3:26:ef:9b:b6:a6:8a:36:ad:c6:90:
         80:82:22:6a:16:49:fc:2b:d1:d7:c8:09:1b:53:4b:04:41:ee:
         0c:b0:78:29:c4:0b:74:96:b1:32:ff:45:9e:35:1d:58:3a:de:
         02:f6:b1:f9:9d:df:33:4f:c3:70:95:03:ba:3f:b2:c2:80:75:
         b9:27:ed:d8:86:fc:f0:47:63:5e:ca:6e:a8:1a:31:e9:b2:b4:
         5e:3f:cb:32:46:84:55:b9:d2:57:75:76:9b:7d:81:39:08:68:
         16:ec:b1:e3:63:bc:a0:38:f7:0c:3f:44:a1:cd:bc:b0:7e:9f:
         7e:3c:97:39
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUX+txKpvBPsaEvPmS5X7lvLna1AEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE3MDAwMDAwWhcNMjMwMjIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmJiYWYzY2VkYjYxYmQ0Zjk4MGJkODYwMDlhN2U2ZTM5
NTZhOTVkZjhmNDcwNzhhMjBmN2UwNzgwNDRjODQ0NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM7VhoTx+aKa0b2XgnF+KSZygVZ1mNGZJ27ps1jM8gOaE0nqy+9D
yc7XkqNra6yCe1GxTl1mxGDvp284GqJpjRsd46dv9YLJwgnJ0fjrGSjF06x2HfWn
VY8/2o/2q25W1h8cVb4voLSnsnrdq2QXhBmZ3MnCD4RDgCPKUmxMkxVMUeYsT80M
ed4Gd+qh5/aVEpn6BYXbjmutpilwO4JQPGGh9/mzgjjRMtH4clRMK/Bym538FHO8
6QYbj8dlPe8UPB2+BRuGiNElGhos+sDa3Ac8dkRhxpmmKxIWf+74ZtMoL1CT9dqS
ByOTydOknBgABTnMXvWGG5YXn/VgLntWPIsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRpZK5T51e5wdmpVuUIRFym7Iv15jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmIyZWQwODAtNTE0MC00OTBmLWIzZTgtMTcxMzU5Yzc1NjAwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADuxYlE8uMC4hyw5
0agmJXYEf0Iv9o3DeyH+/aRiwI6TRVTnZfrSyELfSU0bZ0nxC/UiHKnoUbt8J+Qp
BSyB4vdUXCYvxyXm0yCuRGCHKRIm47TJHi39eCCUGj+6Vfpj3Wg9zPvTRj1rFiW2
LjLHCi9S4Ye7wI12JRbSVkiF7sEWSnQFow/zJu+btqaKNq3GkICCImoWSfwr0dfI
CRtTSwRB7gyweCnEC3SWsTL/RZ41HVg63gL2sfmd3zNPw3CVA7o/ssKAdbkn7diG
/PBHY17KbqgaMemytF4/yzJGhFW50ld1dpt9gTkIaBbsseNjvKA49ww/RKHNvLB+
n348lzk=
-----END CERTIFICATE-----