Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cc59c23c-edc1-4bb1-82c7-252a3fe28e7b.roa
File:                     cc59c23c-edc1-4bb1-82c7-252a3fe28e7b.roa (raw, json)
Hash identifier:          n/yFxucNvyOxW9kVtOJhjrHZjMqFRMXtAv76e5PleVA=
Subject key identifier:   A9:61:82:A3:F4:3A:9D:43:81:6A:91:46:89:86:21:30:72:5A:01:78
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0C33738498926E8C6977504408C39376BE460A5D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cc59c23c-edc1-4bb1-82c7-252a3fe28e7b.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:33:73:84:98:92:6e:8c:69:77:50:44:08:c3:93:76:be:46:0a:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=ddd958dc70c3f45064bd3ccbc80d18be30d67dbc786ab72964347e4e6b9cb10b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:14:b4:ff:4c:a9:c1:af:aa:f3:0b:fb:28:1a:
                    17:f7:d0:31:2e:d7:db:a5:86:59:ff:5e:b8:83:b0:
                    23:3d:fa:93:1b:96:04:c0:e8:2e:cc:cb:13:79:b8:
                    47:86:5d:01:b5:2b:73:60:2e:4b:ee:1f:e4:69:a5:
                    a6:67:47:90:56:6c:b4:9b:bd:e8:16:2f:0e:0d:0f:
                    49:20:b6:e3:8c:91:85:0b:f2:56:c7:d0:d3:32:85:
                    b2:b3:d4:9a:14:cf:66:3c:56:a7:a4:24:17:5d:be:
                    5a:e6:af:64:ac:9d:cf:fa:df:58:95:80:92:63:df:
                    7b:ab:37:14:9b:65:33:3d:92:b4:ff:52:35:6d:2d:
                    94:01:d0:ea:38:5d:fc:ce:5b:6b:99:5e:87:4a:64:
                    88:d4:29:4f:b2:0a:d1:26:64:db:82:7e:8e:0d:b8:
                    69:a2:b3:df:57:bc:78:b8:13:67:a8:b1:a2:74:70:
                    d7:e2:b6:9c:0a:0a:e0:4f:3f:5d:a5:1e:01:da:16:
                    66:35:62:21:8a:fb:23:28:19:4c:7f:a7:a0:9b:df:
                    ab:69:52:29:17:08:fc:dd:43:66:1b:1e:8f:51:a5:
                    32:cd:d8:72:7f:c5:36:27:2a:0c:70:d8:8c:24:01:
                    26:33:a3:b8:e0:73:2c:a1:71:a5:88:1b:65:83:73:
                    8d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:61:82:A3:F4:3A:9D:43:81:6A:91:46:89:86:21:30:72:5A:01:78
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cc59c23c-edc1-4bb1-82c7-252a3fe28e7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:39:fe:f3:34:66:bf:3b:3f:58:15:ae:d2:a8:61:4e:22:f1:
         2e:83:8b:6c:59:02:7b:34:5e:b7:54:ae:9c:8f:00:9b:5c:94:
         02:d2:d3:63:c6:80:13:e5:90:79:56:07:45:08:bf:63:e2:99:
         29:b4:ae:8a:c5:cf:5b:2f:4d:69:e3:6c:40:f0:5f:e3:be:c1:
         0c:a1:ae:1a:bc:92:eb:8e:01:38:47:be:e0:78:2c:2a:29:25:
         6a:ed:5e:10:b5:31:24:6f:87:72:85:c9:f2:02:5b:37:48:ef:
         ae:6e:45:be:27:c4:28:76:bf:e6:f6:40:e0:4f:2d:56:a9:80:
         5d:95:35:3c:1f:70:64:85:e3:36:a4:44:a1:a9:3a:98:0f:a1:
         82:9f:4c:c4:01:51:df:c6:4c:11:c9:08:ec:d8:2a:20:72:71:
         fe:04:c5:b4:98:dc:1b:dd:d6:3f:17:6d:d7:c1:ea:a0:29:eb:
         fe:11:6a:e2:ad:ff:25:b8:17:77:28:84:3d:0d:50:dd:3d:b8:
         47:3d:1c:c2:ee:bf:9a:43:4f:8e:f5:61:ed:d3:42:2e:a6:96:
         f3:6d:32:44:04:9e:f8:25:1b:92:da:8d:38:bf:2c:b3:37:fc:
         d9:6e:a3:ac:47:7d:f1:55:b5:ea:4b:8f:6b:c4:58:09:f4:ea:
         bd:9c:b5:34
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDDNzhJiSboxpd1BECMOTdr5GCl0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGRkOTU4ZGM3MGMzZjQ1MDY0YmQzY2NiYzgwZDE4YmUz
MGQ2N2RiYzc4NmFiNzI5NjQzNDdlNGU2YjljYjEwYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN0UtP9MqcGvqvML+ygaF/fQMS7X26WGWf9euIOwIz36kxuWBMDo
LszLE3m4R4ZdAbUrc2AuS+4f5GmlpmdHkFZstJu96BYvDg0PSSC244yRhQvyVsfQ
0zKFsrPUmhTPZjxWp6QkF12+WuavZKydz/rfWJWAkmPfe6s3FJtlMz2StP9SNW0t
lAHQ6jhd/M5ba5leh0pkiNQpT7IK0SZk24J+jg24aaKz31e8eLgTZ6ixonRw1+K2
nAoK4E8/XaUeAdoWZjViIYr7IygZTH+noJvfq2lSKRcI/N1DZhsej1GlMs3Ycn/F
NicqDHDYjCQBJjOjuOBzLKFxpYgbZYNzja8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSpYYKj9DqdQ4FqkUaJhiEwcloBeDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2M1OWMyM2MtZWRjMS00YmIxLTgyYzctMjUyYTNmZTI4ZTdiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC45/vM0Zr87P1gV
rtKoYU4i8S6Di2xZAns0XrdUrpyPAJtclALS02PGgBPlkHlWB0UIv2PimSm0rorF
z1svTWnjbEDwX+O+wQyhrhq8kuuOAThHvuB4LCopJWrtXhC1MSRvh3KFyfICWzdI
765uRb4nxCh2v+b2QOBPLVapgF2VNTwfcGSF4zakRKGpOpgPoYKfTMQBUd/GTBHJ
COzYKiBycf4ExbSY3Bvd1j8XbdfB6qAp6/4RauKt/yW4F3cohD0NUN09uEc9HMLu
v5pDT471Ye3TQi6mlvNtMkQEnvglG5LajTi/LLM3/Nluo6xHffFVtepLj2vEWAn0
6r2ctTQ=
-----END CERTIFICATE-----