Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cdeab95a-bb02-4c02-bf2d-4bc8491bd785.roa
File:                     cdeab95a-bb02-4c02-bf2d-4bc8491bd785.roa (raw, json)
Hash identifier:          JL4pWENIzuCCCtnvtlSshDkPfYxknRID295WBNA2xJU=
Subject key identifier:   07:70:E5:71:D1:79:93:33:BA:8A:17:46:C4:C1:0A:07:08:F0:5A:F7
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       12DA10A7088495EBFDE39CB5CBA0F70264FC65E4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cdeab95a-bb02-4c02-bf2d-4bc8491bd785.roa
Signing time:             Tue 14 Mar 2023 00:00:00 +0000
ROA not before:           Tue 14 Mar 2023 00:00:00 +0000
ROA not after:            Fri 17 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:da:10:a7:08:84:95:eb:fd:e3:9c:b5:cb:a0:f7:02:64:fc:65:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 14 00:00:00 2023 GMT
            Not After : Mar 17 23:59:59 2023 GMT
        Subject: serialNumber=daf1f5a880380c92b5e163b1c9f83ca72f78bc91743fb11aee82401a6ccb68d6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d8:e9:7e:26:f8:78:36:fe:7f:f1:6e:26:ca:
                    86:23:cf:0e:0d:3c:43:c8:fd:1f:64:28:f7:92:2d:
                    5e:d7:23:34:ac:15:3b:48:09:94:02:e2:56:6f:23:
                    7d:39:38:3b:16:9f:94:42:37:3a:ec:0c:60:06:5e:
                    fe:61:83:c7:5e:a4:c3:90:19:1b:9d:1c:7a:13:b0:
                    df:ad:97:77:0c:40:65:e6:07:9f:18:d1:34:6a:57:
                    06:08:e6:db:3e:20:e6:f7:9c:50:e6:c6:f1:2c:6b:
                    52:e2:3b:dc:d1:03:ef:3c:e8:7d:b1:70:93:e5:4e:
                    07:49:1d:eb:1b:54:d0:d0:25:4e:c7:49:19:25:18:
                    a2:88:f4:62:05:eb:20:f3:d3:ea:64:e4:c6:bd:5a:
                    e0:41:7f:c8:18:50:08:2b:85:c4:ca:38:25:65:42:
                    2b:4b:29:66:19:73:67:d2:cc:a8:78:fd:db:22:db:
                    33:8e:00:e6:54:01:c8:16:31:10:35:93:d8:23:94:
                    15:46:d1:27:ea:86:26:64:1b:2b:28:07:72:a5:6d:
                    1e:ad:43:86:fe:f6:72:75:ac:2d:a4:e0:e7:9f:1f:
                    76:8e:0c:1c:3b:c1:cb:40:61:55:52:f4:aa:f5:4e:
                    ae:eb:6b:4b:82:ce:bd:3f:87:61:ca:88:f4:74:6e:
                    03:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:70:E5:71:D1:79:93:33:BA:8A:17:46:C4:C1:0A:07:08:F0:5A:F7
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cdeab95a-bb02-4c02-bf2d-4bc8491bd785.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:9e:19:ac:c7:8e:5b:27:60:e6:87:c6:69:59:03:33:23:13:
         2b:d6:a4:44:40:c3:2d:8a:1b:fc:18:69:e1:5a:63:2b:de:95:
         ee:6c:80:7a:48:94:57:b0:fc:ed:4b:19:6f:db:27:e2:b8:43:
         9f:a6:26:17:58:ee:48:06:45:04:af:ae:78:f0:fc:ba:95:92:
         8e:8c:0a:14:d1:ef:68:2e:66:88:ff:50:be:1e:87:86:2c:8d:
         de:cc:ab:aa:b5:9d:d8:08:70:bf:2b:c0:0d:53:0d:db:be:e2:
         52:e7:63:53:3d:5c:e8:4d:e5:c7:a9:32:51:64:b1:9b:1d:2e:
         5d:43:d9:af:fa:cc:95:e2:df:be:ff:7e:95:6a:08:7a:8f:c0:
         da:a5:8b:73:0f:29:cd:e2:52:23:fe:ec:25:f9:4f:15:55:c3:
         98:8a:a5:82:4f:a8:28:3d:f4:cf:c0:19:0b:aa:3e:84:57:fc:
         3a:73:de:ec:21:d4:f8:29:87:e0:09:55:48:45:8d:73:c3:d7:
         e2:db:63:56:eb:bf:af:f4:24:46:d8:ae:8a:19:b9:33:70:05:
         31:75:6b:b0:1a:fb:10:32:90:92:e0:d9:7c:61:ab:d2:57:ae:
         11:ac:c6:81:de:fd:79:5b:21:ab:8f:8a:93:93:56:7c:57:e4:
         a8:2e:69:31
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEtoQpwiElev945y1y6D3AmT8ZeQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE0MDAwMDAwWhcNMjMwMzE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGFmMWY1YTg4MDM4MGM5MmI1ZTE2M2IxYzlmODNjYTcy
Zjc4YmM5MTc0M2ZiMTFhZWU4MjQwMWE2Y2NiNjhkNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKrY6X4m+Hg2/n/xbibKhiPPDg08Q8j9H2Qo95ItXtcjNKwVO0gJ
lALiVm8jfTk4OxaflEI3OuwMYAZe/mGDx16kw5AZG50cehOw362XdwxAZeYHnxjR
NGpXBgjm2z4g5vecUObG8SxrUuI73NED7zzofbFwk+VOB0kd6xtU0NAlTsdJGSUY
ooj0YgXrIPPT6mTkxr1a4EF/yBhQCCuFxMo4JWVCK0spZhlzZ9LMqHj92yLbM44A
5lQByBYxEDWT2COUFUbRJ+qGJmQbKygHcqVtHq1Dhv72cnWsLaTg558fdo4MHDvB
y0BhVVL0qvVOrutrS4LOvT+HYcqI9HRuA9kCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQHcOVx0XmTM7qKF0bEwQoHCPBa9zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2RlYWI5NWEtYmIwMi00YzAyLWJmMmQtNGJjODQ5MWJkNzg1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJGeGazHjlsnYOaH
xmlZAzMjEyvWpERAwy2KG/wYaeFaYyvele5sgHpIlFew/O1LGW/bJ+K4Q5+mJhdY
7kgGRQSvrnjw/LqVko6MChTR72guZoj/UL4eh4Ysjd7Mq6q1ndgIcL8rwA1TDdu+
4lLnY1M9XOhN5cepMlFksZsdLl1D2a/6zJXi377/fpVqCHqPwNqli3MPKc3iUiP+
7CX5TxVVw5iKpYJPqCg99M/AGQuqPoRX/Dpz3uwh1Pgph+AJVUhFjXPD1+LbY1br
v6/0JEbYrooZuTNwBTF1a7Aa+xAykJLg2Xxhq9JXrhGsxoHe/XlbIauPipOTVnxX
5KguaTE=
-----END CERTIFICATE-----