Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d5d230ab-aa47-42fc-b172-85f2db13055d.roa
File:                     d5d230ab-aa47-42fc-b172-85f2db13055d.roa (raw, json)
Hash identifier:          ljaPKNTHVJpdiOLBcv4oEHNdO7KNbtLKxWzOVes0UV0=
Subject key identifier:   61:47:1B:8A:1F:F6:D6:C0:34:E8:B3:A6:29:2B:ED:2B:24:8D:2B:F2
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0ED53ECAF003973AC05103E757109E98C4EBA00A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d5d230ab-aa47-42fc-b172-85f2db13055d.roa
Signing time:             Fri 03 Mar 2023 00:00:00 +0000
ROA not before:           Fri 03 Mar 2023 00:00:00 +0000
ROA not after:            Mon 06 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:d5:3e:ca:f0:03:97:3a:c0:51:03:e7:57:10:9e:98:c4:eb:a0:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  3 00:00:00 2023 GMT
            Not After : Mar  6 23:59:59 2023 GMT
        Subject: serialNumber=7fce9670d5c8c4653071df3d51f457406775df27b36aed8cdf0ef5c47b8dfe96, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9d:f3:18:e4:cf:49:67:3c:52:da:56:69:22:
                    d7:fd:42:9c:77:7d:10:0b:7b:c7:d3:d5:73:26:b2:
                    91:37:9d:10:cf:59:95:55:1a:ed:1f:d2:07:cb:ff:
                    34:f2:2c:a0:42:76:58:c2:e5:68:50:47:e2:35:5e:
                    cf:67:e0:4c:e9:ff:bb:89:40:a2:f3:fe:70:5c:c6:
                    47:7f:9c:3b:ad:e1:b2:6b:ec:f7:ae:7c:75:0c:21:
                    8a:33:77:25:c1:0e:f1:28:fe:6f:8e:98:26:45:40:
                    7c:8a:2f:28:bc:4b:60:00:39:d3:bb:fe:d9:50:16:
                    85:d1:bb:f8:86:dc:f3:77:c9:f4:9e:1e:8b:e9:06:
                    48:4e:10:50:d9:df:ba:4a:3c:da:36:18:d2:1b:f6:
                    4e:b0:38:08:da:a1:42:b2:77:db:b2:95:ec:5f:a3:
                    8e:cd:76:ae:4f:82:d2:a3:f7:94:33:4d:90:32:31:
                    3e:cd:7b:52:47:02:a6:c8:a9:5a:54:71:33:4c:8c:
                    09:b0:ba:81:f2:86:a0:32:16:76:12:dc:c8:2b:c4:
                    a4:b7:c4:a3:7e:5a:96:47:b4:76:c2:97:3a:21:cf:
                    01:cd:89:49:ba:92:7d:e8:ed:64:e3:2a:ca:d4:67:
                    6d:3c:4a:1e:1f:a0:b8:25:cf:60:be:eb:f1:ba:be:
                    c1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:47:1B:8A:1F:F6:D6:C0:34:E8:B3:A6:29:2B:ED:2B:24:8D:2B:F2
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d5d230ab-aa47-42fc-b172-85f2db13055d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:d8:47:6b:36:6a:12:56:68:34:24:24:5f:0e:09:2d:74:df:
         5a:e3:19:0b:84:bc:0c:c1:8b:b4:d3:bb:4e:95:dc:ef:f3:fe:
         f0:e9:a4:63:ef:2c:bb:76:95:74:c9:9d:27:03:9d:d6:ba:7d:
         bc:54:7e:85:da:b7:af:ab:f5:3e:7a:c5:dd:22:ff:2d:e8:71:
         c8:70:f0:86:38:eb:46:59:13:96:dc:d8:29:91:e0:c4:54:ff:
         b2:1e:dc:06:1d:72:0a:c0:ee:23:4b:c0:26:56:16:a4:fa:9e:
         4a:85:64:ce:cc:60:42:d7:da:15:36:0f:19:24:0f:29:b6:50:
         ba:1b:16:ea:d2:6c:66:89:2d:ab:88:d8:35:c8:ee:2c:d6:c1:
         26:b7:0c:67:1a:4b:4c:6f:fe:31:d9:65:af:ad:fb:76:2e:22:
         83:88:32:61:27:ad:a4:9d:12:81:75:bc:48:78:af:11:fb:33:
         3a:3b:ee:be:d9:34:90:90:ad:fc:99:9c:a7:83:e4:81:d8:83:
         6b:99:17:35:37:cd:27:4f:30:92:02:7b:81:da:ff:8d:86:de:
         d4:31:2a:a9:5e:cf:dc:98:ca:10:4c:81:0c:7c:c6:99:03:f3:
         20:4b:d6:a2:77:53:f5:49:7a:f2:7c:de:a7:0a:e0:5e:f7:8f:
         75:cb:34:81
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDtU+yvADlzrAUQPnVxCemMTroAowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzAzMDAwMDAwWhcNMjMwMzA2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAN2ZjZTk2NzBkNWM4YzQ2NTMwNzFkZjNkNTFmNDU3NDA2
Nzc1ZGYyN2IzNmFlZDhjZGYwZWY1YzQ3YjhkZmU5NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJmd8xjkz0lnPFLaVmki1/1CnHd9EAt7x9PVcyaykTedEM9ZlVUa
7R/SB8v/NPIsoEJ2WMLlaFBH4jVez2fgTOn/u4lAovP+cFzGR3+cO63hsmvs9658
dQwhijN3JcEO8Sj+b46YJkVAfIovKLxLYAA507v+2VAWhdG7+Ibc83fJ9J4ei+kG
SE4QUNnfuko82jYY0hv2TrA4CNqhQrJ327KV7F+jjs12rk+C0qP3lDNNkDIxPs17
UkcCpsipWlRxM0yMCbC6gfKGoDIWdhLcyCvEpLfEo35alke0dsKXOiHPAc2JSbqS
fejtZOMqytRnbTxKHh+guCXPYL7r8bq+wZECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRhRxuKH/bWwDTos6YpK+0rJI0r8jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDVkMjMwYWItYWE0Ny00MmZjLWIxNzItODVmMmRiMTMwNTVkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADPYR2s2ahJWaDQk
JF8OCS1031rjGQuEvAzBi7TTu06V3O/z/vDppGPvLLt2lXTJnScDnda6fbxUfoXa
t6+r9T56xd0i/y3occhw8IY460ZZE5bc2CmR4MRU/7Ie3AYdcgrA7iNLwCZWFqT6
nkqFZM7MYELX2hU2DxkkDym2ULobFurSbGaJLauI2DXI7izWwSa3DGcaS0xv/jHZ
Za+t+3YuIoOIMmEnraSdEoF1vEh4rxH7Mzo77r7ZNJCQrfyZnKeD5IHYg2uZFzU3
zSdPMJICe4Ha/42G3tQxKqlez9yYyhBMgQx8xpkD8yBL1qJ3U/VJevJ83qcK4F73
j3XLNIE=
-----END CERTIFICATE-----