Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d4db6964-87aa-4133-ae7a-91a68ac6062d.roa
File:                     d4db6964-87aa-4133-ae7a-91a68ac6062d.roa (raw, json)
Hash identifier:          pTYMkLoMiTq2QFh+4HEemqyFsoji0LCp5JTzaVqHnCY=
Subject key identifier:   ED:61:0E:F7:8D:2E:9E:CB:8C:3C:4B:D5:71:5A:94:1C:94:D2:1E:0A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       044C2323679D4B85B4101ACC4084DB6F1520CCD8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d4db6964-87aa-4133-ae7a-91a68ac6062d.roa
Signing time:             Thu 15 Dec 2022 00:00:00 +0000
ROA not before:           Thu 15 Dec 2022 00:00:00 +0000
ROA not after:            Sun 18 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:4c:23:23:67:9d:4b:85:b4:10:1a:cc:40:84:db:6f:15:20:cc:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 15 00:00:00 2022 GMT
            Not After : Dec 18 23:59:59 2022 GMT
        Subject: serialNumber=dd29723d359984264e673d55d3a6df4d5690466f404ebba837e25c0fa34fc9e5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:84:93:da:e5:8b:b6:8a:32:8a:80:38:4f:32:
                    c7:b1:50:0e:9c:f3:ed:c5:ad:e7:be:d0:dc:94:45:
                    5d:ca:fc:81:f2:83:bb:81:65:bf:f4:3c:9c:93:35:
                    2d:04:15:bb:99:4f:10:ef:3d:ce:a8:6b:63:d2:2f:
                    0b:e6:af:4b:7f:7d:0e:8a:b6:d0:76:a3:7a:57:f6:
                    ef:c9:ce:16:0d:d2:0c:87:85:1c:ef:30:97:34:13:
                    e6:cd:00:c3:e0:27:2d:b0:8f:c2:c4:2c:23:e4:ee:
                    87:85:54:90:6c:76:86:ec:08:fa:27:13:f0:46:a7:
                    a6:db:e3:47:40:c4:7e:c1:da:8d:c6:fa:bb:3f:cd:
                    91:dd:94:a1:f5:4d:32:16:cf:0e:a5:bf:1f:b8:ba:
                    1f:0f:91:40:62:1d:b5:6b:5f:6d:63:48:e6:4e:3b:
                    32:9a:0b:79:09:ec:22:b4:33:a8:c7:7d:03:92:e2:
                    0d:5b:7f:dc:32:79:32:1b:24:4c:d3:90:5f:7a:19:
                    3a:e5:0f:d5:91:66:6b:02:57:30:27:5b:87:ce:58:
                    ca:bb:f3:02:b7:40:d8:24:42:48:d7:b7:ff:bb:ca:
                    0e:26:c1:ad:67:6a:53:f7:f6:e1:20:a1:06:d1:4d:
                    06:62:ff:5b:d8:63:00:a8:54:73:da:1a:1e:24:b5:
                    f2:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:61:0E:F7:8D:2E:9E:CB:8C:3C:4B:D5:71:5A:94:1C:94:D2:1E:0A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d4db6964-87aa-4133-ae7a-91a68ac6062d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:52:68:03:af:64:c2:61:36:0b:5f:bd:f4:46:86:ca:01:12:
         4f:96:46:61:39:64:50:3d:7b:d3:f9:c8:74:af:2d:98:7c:51:
         8c:43:b1:bf:07:39:b8:6d:46:a2:f4:16:b5:fd:c1:c7:89:5c:
         6e:34:50:d7:55:c0:37:72:6d:ea:36:c0:6b:14:85:7b:4c:76:
         8a:d8:4a:a3:4d:69:33:03:f4:48:35:d8:f1:a8:57:07:3d:db:
         37:2c:61:f1:41:82:e7:73:6f:29:62:36:96:45:4a:d2:74:f8:
         b1:e2:4f:1d:4c:bd:99:3c:5d:9b:5e:eb:d0:57:3c:73:bf:3c:
         14:2d:3e:cc:bb:18:de:f4:6b:0d:4e:d6:32:88:d9:4d:bf:e0:
         12:eb:cc:8e:b0:ff:97:5c:69:9b:38:63:21:d0:14:1c:0a:03:
         d7:c7:80:e6:e3:7d:b8:f7:0d:49:5f:99:f8:cd:90:c5:df:1d:
         1a:e6:0e:ff:e9:42:44:ac:3d:f3:21:67:47:08:56:e5:19:fd:
         b0:a5:a3:50:aa:89:95:e1:52:a8:94:d0:a6:41:07:ad:00:9d:
         6c:a3:55:9a:59:fc:76:6d:7b:f2:ce:5d:ce:94:11:76:cd:67:
         e1:58:1c:df:db:f9:20:02:7c:74:2c:2a:49:4b:b3:a4:c8:39:
         ac:47:2e:2a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBEwjI2edS4W0EBrMQITbbxUgzNgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjE1MDAwMDAwWhcNMjIxMjE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGQyOTcyM2QzNTk5ODQyNjRlNjczZDU1ZDNhNmRmNGQ1
NjkwNDY2ZjQwNGViYmE4MzdlMjVjMGZhMzRmYzllNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPuEk9rli7aKMoqAOE8yx7FQDpzz7cWt577Q3JRFXcr8gfKDu4Fl
v/Q8nJM1LQQVu5lPEO89zqhrY9IvC+avS399Doq20Hajelf278nOFg3SDIeFHO8w
lzQT5s0Aw+AnLbCPwsQsI+Tuh4VUkGx2huwI+icT8EanptvjR0DEfsHajcb6uz/N
kd2UofVNMhbPDqW/H7i6Hw+RQGIdtWtfbWNI5k47MpoLeQnsIrQzqMd9A5LiDVt/
3DJ5MhskTNOQX3oZOuUP1ZFmawJXMCdbh85YyrvzArdA2CRCSNe3/7vKDibBrWdq
U/f24SChBtFNBmL/W9hjAKhUc9oaHiS18pMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTtYQ73jS6ey4w8S9VxWpQclNIeCjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDRkYjY5NjQtODdhYS00MTMzLWFlN2EtOTFhNjhhYzYwNjJkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJlSaAOvZMJhNgtf
vfRGhsoBEk+WRmE5ZFA9e9P5yHSvLZh8UYxDsb8HObhtRqL0FrX9wceJXG40UNdV
wDdybeo2wGsUhXtMdorYSqNNaTMD9Eg12PGoVwc92zcsYfFBgudzbyliNpZFStJ0
+LHiTx1MvZk8XZte69BXPHO/PBQtPsy7GN70aw1O1jKI2U2/4BLrzI6w/5dcaZs4
YyHQFBwKA9fHgObjfbj3DUlfmfjNkMXfHRrmDv/pQkSsPfMhZ0cIVuUZ/bClo1Cq
iZXhUqiU0KZBB60AnWyjVZpZ/HZte/LOXc6UEXbNZ+FYHN/b+SACfHQsKklLs6TI
OaxHLio=
-----END CERTIFICATE-----