Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d30e3ac3-efb2-48e7-804e-a1a5fdb9d804.roa
File:                     d30e3ac3-efb2-48e7-804e-a1a5fdb9d804.roa (raw, json)
Hash identifier:          PvVDeCL3vxvkisnAeJ9RfldtveJUpxMt9UQrZoqjt6g=
Subject key identifier:   61:B2:59:F2:6A:32:AB:08:D3:FE:14:B3:23:DE:14:85:AD:0C:7D:3A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4417F920839DC3307DD70330A5DB4196A1B7B9B3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d30e3ac3-efb2-48e7-804e-a1a5fdb9d804.roa
Signing time:             Sat 11 Mar 2023 00:00:00 +0000
ROA not before:           Sat 11 Mar 2023 00:00:00 +0000
ROA not after:            Tue 14 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:17:f9:20:83:9d:c3:30:7d:d7:03:30:a5:db:41:96:a1:b7:b9:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 11 00:00:00 2023 GMT
            Not After : Mar 14 23:59:59 2023 GMT
        Subject: serialNumber=e81d0754eb737abfe5bf4c33bc31981e233056d2d8e9f0082eab289a369db603, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:6d:e3:b0:08:e9:95:c4:9d:ea:96:fe:42:d2:
                    2a:91:cc:f4:7b:3a:4f:ef:32:f0:c2:a2:4d:18:ce:
                    ef:c9:0a:75:39:3f:eb:2a:46:c5:eb:d7:b7:cd:99:
                    6b:b4:f6:e4:9d:d9:02:78:05:a2:8b:bc:c9:93:df:
                    db:f0:cc:ac:35:38:1f:6d:83:bc:36:ff:1c:03:aa:
                    0d:b1:87:a1:9a:62:d1:3d:58:3b:ad:31:3d:fc:5c:
                    9d:85:74:d0:fc:da:f9:d8:4e:35:de:48:26:8f:3e:
                    f0:73:d6:94:bb:ab:d7:ab:0e:ff:2a:e5:ab:79:9b:
                    74:96:d4:6e:2f:86:67:4d:f6:84:d5:bd:4c:65:db:
                    a1:98:a0:20:b2:f4:75:2e:24:d5:01:c1:8b:a7:82:
                    88:ca:7d:ea:c3:ad:4a:83:15:e7:68:39:db:71:90:
                    01:3d:86:e6:36:34:ca:42:ef:2f:3c:aa:a3:d5:59:
                    74:e4:b5:9c:b2:83:b8:7b:4b:f1:e8:cd:d1:61:b8:
                    29:d3:ea:83:e7:d4:cc:3b:61:9b:78:60:d6:d3:af:
                    e2:60:b5:19:f4:e1:c9:b8:06:4c:56:ef:7b:21:43:
                    54:4a:c4:a5:31:ae:c3:1d:ed:6b:d9:ea:fb:6a:19:
                    b3:41:07:44:9b:fb:a5:0f:4e:0e:26:dc:0d:69:70:
                    72:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:B2:59:F2:6A:32:AB:08:D3:FE:14:B3:23:DE:14:85:AD:0C:7D:3A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d30e3ac3-efb2-48e7-804e-a1a5fdb9d804.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:e8:86:09:f6:dd:c4:08:67:89:72:74:73:d6:68:9a:6a:50:
         d4:88:6a:5f:34:ba:ac:06:c2:f7:e9:61:55:5a:0a:a3:b6:81:
         fb:b2:c9:32:f2:5b:81:ae:74:72:89:7d:e6:7b:6a:73:16:5d:
         7c:f4:81:8d:a6:b7:48:42:a4:62:87:0e:18:d8:8d:a3:a3:65:
         df:97:7b:51:2c:89:1f:ba:c4:e9:45:5f:e8:3f:bd:e1:40:96:
         f9:59:32:b4:b0:96:f1:23:2c:07:0c:01:71:39:8c:5a:f1:5a:
         01:29:4c:f0:d5:af:66:b5:72:35:38:4d:cc:77:0a:e3:87:30:
         39:b3:d8:7e:98:95:44:ef:e5:80:f2:fa:b0:c5:c7:3c:76:ed:
         21:cf:ba:c3:43:16:8c:84:b7:40:01:c2:d3:da:eb:08:84:15:
         3d:bf:5f:81:bf:25:3a:dd:3a:52:e5:c0:9e:ac:ec:92:08:00:
         5f:10:43:9f:4a:a2:56:db:e9:96:f3:79:43:9d:e5:74:bd:93:
         33:1a:21:aa:b5:f7:23:fb:cf:69:b5:fd:8f:f5:20:31:42:c2:
         88:c2:7d:09:f9:ad:f2:89:2a:24:62:59:d6:91:fb:fd:c7:cd:
         9e:06:ed:cd:62:73:f5:85:b3:40:0f:1d:b1:8e:f8:65:cb:84:
         e6:e1:60:70
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURBf5IIOdwzB91wMwpdtBlqG3ubMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzExMDAwMDAwWhcNMjMwMzE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTgxZDA3NTRlYjczN2FiZmU1YmY0YzMzYmMzMTk4MWUy
MzMwNTZkMmQ4ZTlmMDA4MmVhYjI4OWEzNjlkYjYwMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANxt47AI6ZXEneqW/kLSKpHM9Hs6T+8y8MKiTRjO78kKdTk/6ypG
xevXt82Za7T25J3ZAngFoou8yZPf2/DMrDU4H22DvDb/HAOqDbGHoZpi0T1YO60x
PfxcnYV00Pza+dhONd5IJo8+8HPWlLur16sO/yrlq3mbdJbUbi+GZ032hNW9TGXb
oZigILL0dS4k1QHBi6eCiMp96sOtSoMV52g523GQAT2G5jY0ykLvLzyqo9VZdOS1
nLKDuHtL8ejN0WG4KdPqg+fUzDthm3hg1tOv4mC1GfThybgGTFbveyFDVErEpTGu
wx3ta9nq+2oZs0EHRJv7pQ9ODibcDWlwcoUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRhslnyajKrCNP+FLMj3hSFrQx9OjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDMwZTNhYzMtZWZiMi00OGU3LTgwNGUtYTFhNWZkYjlkODA0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALDohgn23cQIZ4ly
dHPWaJpqUNSIal80uqwGwvfpYVVaCqO2gfuyyTLyW4GudHKJfeZ7anMWXXz0gY2m
t0hCpGKHDhjYjaOjZd+Xe1EsiR+6xOlFX+g/veFAlvlZMrSwlvEjLAcMAXE5jFrx
WgEpTPDVr2a1cjU4Tcx3CuOHMDmz2H6YlUTv5YDy+rDFxzx27SHPusNDFoyEt0AB
wtPa6wiEFT2/X4G/JTrdOlLlwJ6s7JIIAF8QQ59Kolbb6ZbzeUOd5XS9kzMaIaq1
9yP7z2m1/Y/1IDFCwojCfQn5rfKJKiRiWdaR+/3HzZ4G7c1ic/WFs0APHbGO+GXL
hObhYHA=
-----END CERTIFICATE-----