Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d221fb58-4dc0-45cc-971c-a14baec29289.roa
File:                     d221fb58-4dc0-45cc-971c-a14baec29289.roa (raw, json)
Hash identifier:          Ek8CL4BC/G357s2AVke1cLP9Rav+HIvDI9igNdIE/DQ=
Subject key identifier:   26:BC:5F:E8:9B:C1:BA:0A:C6:D4:04:6D:FF:6E:F4:4A:97:42:59:BC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4A367A667FE9A3FFF0F5143E4842617314826D65
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d221fb58-4dc0-45cc-971c-a14baec29289.roa
Signing time:             Mon 10 Apr 2023 00:00:00 +0000
ROA not before:           Mon 10 Apr 2023 00:00:00 +0000
ROA not after:            Thu 13 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:36:7a:66:7f:e9:a3:ff:f0:f5:14:3e:48:42:61:73:14:82:6d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 10 00:00:00 2023 GMT
            Not After : Apr 13 23:59:59 2023 GMT
        Subject: serialNumber=da55500f0a88b4eee85746903b39623eed30c05c2f47810db04f0bd2d4387319, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e4:7c:0f:78:e6:a9:fb:52:48:de:c3:67:93:
                    c7:e1:76:5c:d3:ff:2f:62:f4:c6:f6:3e:07:97:43:
                    44:3e:e9:a9:47:9f:0f:d4:d0:4e:2b:9b:26:a9:ac:
                    62:12:a0:5a:a6:6b:e0:9c:d4:fc:cb:ca:85:9e:56:
                    92:67:6c:ef:16:ce:21:6b:b0:56:7c:3a:15:16:b1:
                    01:a9:1b:de:29:89:86:02:91:9a:08:23:5e:c3:78:
                    2d:50:65:b6:e4:25:c2:53:fc:e0:4f:1a:38:95:c4:
                    ae:79:5f:6c:e3:da:46:bd:c7:53:34:a2:57:05:e8:
                    f1:f7:1a:aa:fa:13:ae:5c:e6:56:f4:a9:9e:dd:ac:
                    32:f9:72:d1:6e:ca:30:f1:00:cc:d0:ef:87:f3:a1:
                    26:10:46:94:c2:10:67:41:cf:ba:57:a9:6f:26:06:
                    0e:e5:05:e5:7e:20:44:a0:f7:ce:88:39:3d:a2:11:
                    1e:df:15:d8:8f:d0:41:8a:7f:af:a6:d4:d6:b9:98:
                    10:fd:4c:1f:5b:dc:ca:7f:db:48:6d:35:58:85:c0:
                    5e:b8:11:f9:e7:64:06:d9:75:2b:c9:63:c3:6b:de:
                    94:f9:9a:47:d2:e5:3e:83:56:79:1e:c5:c7:36:ae:
                    fc:ac:d3:5f:12:cd:ba:10:86:60:b9:ab:68:d6:de:
                    d8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:BC:5F:E8:9B:C1:BA:0A:C6:D4:04:6D:FF:6E:F4:4A:97:42:59:BC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d221fb58-4dc0-45cc-971c-a14baec29289.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:1e:7f:83:4c:2d:92:ec:7f:10:72:e4:48:d1:74:5c:da:e7:
         7e:60:61:09:70:e3:a8:02:84:37:4f:75:f6:ae:78:05:9d:b4:
         1a:d5:a0:09:fe:1f:5b:ec:e9:dc:52:8d:1b:ff:ff:c8:08:4d:
         ad:dd:d5:7a:12:d2:ba:eb:3a:de:55:e8:d2:e8:f8:b0:c1:f4:
         c2:ca:98:dd:b7:29:ba:0d:d8:be:45:0b:71:79:b0:36:e9:3a:
         a6:08:b1:5c:73:25:f9:62:35:1a:78:a0:7c:15:f4:3c:f5:38:
         50:b8:fc:08:04:3b:c7:be:e5:34:ce:15:5b:97:8e:1d:9a:90:
         67:cc:d9:8b:9e:6d:f8:9d:70:6b:26:60:04:c8:d7:12:d6:9e:
         17:a8:53:a8:e8:1b:a2:9f:08:14:bc:3c:80:f0:a0:88:36:7f:
         c9:02:3e:79:0c:73:a3:a2:25:bb:af:60:92:fd:ec:bd:81:00:
         eb:6f:70:a3:8f:1e:44:95:9a:40:f7:5d:32:03:c3:68:a1:93:
         a2:d9:c9:41:06:5c:0f:65:e3:18:a6:18:42:13:52:80:87:ef:
         b9:76:3d:0d:fb:ad:cc:de:da:99:cb:f4:f3:f3:99:cd:2e:d6:
         3a:cf:f9:fc:a1:86:98:a2:5c:78:c4:4c:04:98:9f:07:0b:b5:
         ad:54:ac:13
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUSjZ6Zn/po//w9RQ+SEJhcxSCbWUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEwMDAwMDAwWhcNMjMwNDEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGE1NTUwMGYwYTg4YjRlZWU4NTc0NjkwM2IzOTYyM2Vl
ZDMwYzA1YzJmNDc4MTBkYjA0ZjBiZDJkNDM4NzMxOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALLkfA945qn7Ukjew2eTx+F2XNP/L2L0xvY+B5dDRD7pqUefD9TQ
TiubJqmsYhKgWqZr4JzU/MvKhZ5Wkmds7xbOIWuwVnw6FRaxAakb3imJhgKRmggj
XsN4LVBltuQlwlP84E8aOJXErnlfbOPaRr3HUzSiVwXo8fcaqvoTrlzmVvSpnt2s
Mvly0W7KMPEAzNDvh/OhJhBGlMIQZ0HPulepbyYGDuUF5X4gRKD3zog5PaIRHt8V
2I/QQYp/r6bU1rmYEP1MH1vcyn/bSG01WIXAXrgR+edkBtl1K8ljw2velPmaR9Ll
PoNWeR7Fxzau/KzTXxLNuhCGYLmraNbe2AsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQmvF/om8G6CsbUBG3/bvRKl0JZvDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDIyMWZiNTgtNGRjMC00NWNjLTk3MWMtYTE0YmFlYzI5Mjg5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEMef4NMLZLsfxBy
5EjRdFza535gYQlw46gChDdPdfaueAWdtBrVoAn+H1vs6dxSjRv//8gITa3d1XoS
0rrrOt5V6NLo+LDB9MLKmN23KboN2L5FC3F5sDbpOqYIsVxzJfliNRp4oHwV9Dz1
OFC4/AgEO8e+5TTOFVuXjh2akGfM2YuebfidcGsmYATI1xLWnheoU6joG6KfCBS8
PIDwoIg2f8kCPnkMc6OiJbuvYJL97L2BAOtvcKOPHkSVmkD3XTIDw2ihk6LZyUEG
XA9l4ximGEITUoCH77l2PQ37rcze2pnL9PPzmc0u1jrP+fyhhpiiXHjETASYnwcL
ta1UrBM=
-----END CERTIFICATE-----