Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bdf2aa26-f099-41fe-ad22-f2d39558c6f1.roa
File:                     bdf2aa26-f099-41fe-ad22-f2d39558c6f1.roa (raw, json)
Hash identifier:          1GMF4ZccHE29jQDFA6xn72Z0kcPUKMlV++T6+BO/4Z8=
Subject key identifier:   0A:14:0A:99:2A:C0:3B:12:5F:70:5A:5C:F4:89:F5:92:A6:E0:16:59
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7A0597F9F12462171C713FDE90B9A136644AFF47
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bdf2aa26-f099-41fe-ad22-f2d39558c6f1.roa
Signing time:             Tue 28 Mar 2023 00:00:00 +0000
ROA not before:           Tue 28 Mar 2023 00:00:00 +0000
ROA not after:            Fri 31 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:05:97:f9:f1:24:62:17:1c:71:3f:de:90:b9:a1:36:64:4a:ff:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 28 00:00:00 2023 GMT
            Not After : Mar 31 23:59:59 2023 GMT
        Subject: serialNumber=c904a81994e5055c7e05c79f917ce5d08b989173b61f24810d3688d982c84275, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6e:88:7e:a9:e0:c0:85:b7:5a:b4:12:b5:08:
                    8c:cb:e5:0d:91:b4:aa:27:9b:38:6d:26:74:df:c6:
                    8b:23:9f:f8:38:52:62:bd:64:51:62:d2:62:83:e0:
                    ed:05:b0:ee:31:e1:8e:24:d4:2c:c8:c1:21:11:29:
                    2b:f6:3a:2f:b0:58:c3:87:80:9f:99:3c:20:98:cb:
                    19:ba:e1:28:35:97:5a:7e:f0:cf:11:c0:44:1d:a4:
                    b0:e4:b0:7a:c5:2d:e2:9c:8b:1c:9b:56:37:bb:ab:
                    11:30:b1:cf:2e:a1:e7:8a:aa:ac:b7:36:72:ef:db:
                    ec:61:31:d4:f0:d5:3b:ef:51:47:30:1c:82:84:1c:
                    92:6c:03:5e:3b:16:c6:cf:4d:a4:8d:b8:81:a1:a0:
                    ad:f9:8b:06:e7:c3:72:6a:cf:a7:3d:9a:c6:90:f3:
                    53:60:62:63:27:f7:6e:f5:55:a4:d2:2e:73:cd:50:
                    56:29:80:1f:b5:63:95:71:bc:1c:f1:9c:42:28:57:
                    41:5e:0e:1c:f1:4d:4b:9f:1d:a2:1d:20:a5:2b:58:
                    47:9f:f4:41:41:e4:c3:11:61:d5:5e:96:2a:35:bc:
                    83:b1:7f:8b:70:8f:bc:8f:92:f1:71:34:b6:42:01:
                    0f:ed:a5:e2:9e:27:13:22:d3:5b:23:af:2d:de:5f:
                    20:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:14:0A:99:2A:C0:3B:12:5F:70:5A:5C:F4:89:F5:92:A6:E0:16:59
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bdf2aa26-f099-41fe-ad22-f2d39558c6f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:ad:21:e1:02:a3:ad:99:73:a1:aa:60:df:61:40:c4:cd:d8:
         3a:85:e5:45:73:4f:29:b9:5f:f6:38:57:4e:56:41:29:2f:22:
         82:5a:9c:fb:de:a1:f7:65:0f:96:e2:91:ac:f9:fd:73:eb:40:
         be:a8:b2:c1:68:2c:78:53:a7:58:b0:62:64:a5:47:2d:d9:e1:
         4b:0c:0c:95:7c:97:66:76:21:5b:6c:95:b6:64:00:12:10:80:
         95:9f:be:13:2f:80:b9:60:d3:b8:ab:33:f0:05:54:a3:a7:8a:
         92:6f:c0:48:21:4a:9c:2d:91:93:e5:51:af:75:ed:d0:dc:36:
         a0:6f:9c:32:db:0e:50:7b:de:2d:2f:4e:de:7e:de:45:01:88:
         22:61:ff:92:b8:fa:a8:0a:ed:25:19:0b:93:b1:3f:ac:bf:5e:
         06:cc:eb:8d:62:84:a5:27:07:4c:8a:04:bd:4b:68:ea:de:b5:
         f7:49:78:05:89:b3:f5:c4:58:57:c4:29:93:bc:ec:92:24:73:
         b9:83:9f:a4:e6:88:dd:1c:f2:c4:0b:7c:bc:d7:1c:9e:80:28:
         f2:87:dc:a5:4a:f5:81:68:f6:42:35:00:c7:03:da:2f:23:47:
         02:56:00:e2:06:b2:31:f9:b1:f4:f4:6f:8d:45:8e:f6:ee:f7:
         da:01:44:7e
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUegWX+fEkYhcccT/ekLmhNmRK/0cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI4MDAwMDAwWhcNMjMwMzMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzkwNGE4MTk5NGU1MDU1YzdlMDVjNzlmOTE3Y2U1ZDA4
Yjk4OTE3M2I2MWYyNDgxMGQzNjg4ZDk4MmM4NDI3NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL9uiH6p4MCFt1q0ErUIjMvlDZG0qiebOG0mdN/GiyOf+DhSYr1k
UWLSYoPg7QWw7jHhjiTULMjBIREpK/Y6L7BYw4eAn5k8IJjLGbrhKDWXWn7wzxHA
RB2ksOSwesUt4pyLHJtWN7urETCxzy6h54qqrLc2cu/b7GEx1PDVO+9RRzAcgoQc
kmwDXjsWxs9NpI24gaGgrfmLBufDcmrPpz2axpDzU2BiYyf3bvVVpNIuc81QVimA
H7VjlXG8HPGcQihXQV4OHPFNS58doh0gpStYR5/0QUHkwxFh1V6WKjW8g7F/i3CP
vI+S8XE0tkIBD+2l4p4nEyLTWyOvLd5fIH0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQKFAqZKsA7El9wWlz0ifWSpuAWWTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmRmMmFhMjYtZjA5OS00MWZlLWFkMjItZjJkMzk1NThjNmYxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAitIeECo62Zc6Gq
YN9hQMTN2DqF5UVzTym5X/Y4V05WQSkvIoJanPveofdlD5bikaz5/XPrQL6ossFo
LHhTp1iwYmSlRy3Z4UsMDJV8l2Z2IVtslbZkABIQgJWfvhMvgLlg07irM/AFVKOn
ipJvwEghSpwtkZPlUa917dDcNqBvnDLbDlB73i0vTt5+3kUBiCJh/5K4+qgK7SUZ
C5OxP6y/XgbM641ihKUnB0yKBL1LaOretfdJeAWJs/XEWFfEKZO87JIkc7mDn6Tm
iN0c8sQLfLzXHJ6AKPKH3KVK9YFo9kI1AMcD2i8jRwJWAOIGsjH5sfT0b41Fjvbu
99oBRH4=
-----END CERTIFICATE-----