Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e3a08aa3-69b5-4b37-b6e2-eb7a6329cf40.roa
File:                     e3a08aa3-69b5-4b37-b6e2-eb7a6329cf40.roa (raw, json)
Hash identifier:          FEORlPcp/hYUhvXCYDkT67i+R3TiwRiUTre7OL3wzZw=
Subject key identifier:   2E:B7:72:ED:B5:B8:29:AC:EB:19:A7:83:29:D3:85:35:A9:28:6F:8A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5A53E8E0F6897D695B5D5F29B953F8CCB702A3B1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e3a08aa3-69b5-4b37-b6e2-eb7a6329cf40.roa
Signing time:             Sun 02 Apr 2023 00:00:00 +0000
ROA not before:           Sun 02 Apr 2023 00:00:00 +0000
ROA not after:            Wed 05 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:53:e8:e0:f6:89:7d:69:5b:5d:5f:29:b9:53:f8:cc:b7:02:a3:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  2 00:00:00 2023 GMT
            Not After : Apr  5 23:59:59 2023 GMT
        Subject: serialNumber=156620931973995dd26866c6bf7f8eb245e004b01124c065ed821d91bd87687b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:43:3b:21:9e:8a:99:fd:96:44:3d:b7:71:1e:
                    26:b1:e2:88:2c:2d:7d:f5:01:0f:a5:50:71:cf:75:
                    44:61:25:2b:2e:f8:96:18:fe:05:eb:c4:41:bd:b0:
                    76:f4:44:55:96:51:46:12:79:4e:b9:9f:d3:dc:44:
                    18:ac:cd:2e:a3:89:d2:94:07:69:95:60:4b:29:27:
                    e0:9a:f9:9f:47:58:61:42:2d:c4:05:8c:7f:e4:5e:
                    1a:ec:e9:54:a6:95:d2:d3:48:2a:b3:0a:e3:a2:79:
                    67:1d:81:ab:fe:2c:0f:fb:b3:10:d8:24:4c:85:ac:
                    25:3c:18:df:68:53:6b:47:7b:9f:eb:84:b9:c8:7a:
                    8e:d2:7f:22:73:ec:aa:4e:ea:04:f6:53:6c:f3:d1:
                    1a:b8:36:81:55:2f:e2:6a:ae:a9:02:c8:31:0c:d7:
                    94:94:4b:64:29:a8:52:c3:8b:a0:98:94:bf:85:7c:
                    20:97:5e:fa:5a:b0:c7:87:25:cc:21:ee:77:c0:c3:
                    de:3d:e9:01:22:ac:93:41:d7:af:97:9d:bf:1c:0c:
                    65:00:ac:f6:36:be:34:a1:68:96:88:fd:34:c8:9d:
                    35:57:b0:71:ce:bb:52:b6:49:8f:64:7c:e8:c6:a0:
                    54:98:09:1b:db:b8:26:56:a5:0f:5f:68:75:69:9e:
                    60:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B7:72:ED:B5:B8:29:AC:EB:19:A7:83:29:D3:85:35:A9:28:6F:8A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e3a08aa3-69b5-4b37-b6e2-eb7a6329cf40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:2a:d7:03:11:5b:7a:eb:f6:57:9b:b9:a5:c8:f4:90:77:05:
         18:85:1c:4d:5a:55:db:a8:77:70:c8:ed:7f:d3:20:6a:92:58:
         4c:b9:04:2e:05:42:90:16:65:ca:85:94:c8:94:da:42:25:7a:
         02:dc:93:49:1c:09:75:59:28:d5:a5:7c:83:86:77:a1:ee:e7:
         3a:98:74:fa:96:e9:2c:a0:79:ce:4b:3a:5e:64:b6:08:41:5d:
         5a:5b:f2:99:c9:39:f0:34:80:9b:07:33:42:a9:14:32:54:41:
         e1:02:78:7b:57:70:d2:51:48:64:6e:98:1a:d4:f7:8d:3f:96:
         a8:da:55:71:10:a8:a5:83:d9:48:13:c5:2d:30:22:cf:8e:da:
         bc:ae:1d:da:2d:48:ac:a0:ad:6a:d0:37:72:b3:85:1d:fe:22:
         2a:aa:93:ac:59:61:d1:e5:1d:3f:34:21:37:cd:2b:1a:b0:fd:
         62:a9:10:84:64:d7:2b:73:5d:55:52:1e:92:3a:6a:9e:ee:b9:
         0f:92:6e:3b:31:ba:29:f0:db:d3:88:db:ac:18:b6:98:19:ec:
         66:8b:c3:78:52:32:1a:16:50:a1:db:92:a6:1d:b2:92:cc:db:
         08:34:42:2c:27:8f:9b:9d:58:e8:27:6a:76:31:fd:90:d8:d8:
         bb:93:c9:cd
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUWlPo4PaJfWlbXV8puVP4zLcCo7EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDAyMDAwMDAwWhcNMjMwNDA1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTU2NjIwOTMxOTczOTk1ZGQyNjg2NmM2YmY3ZjhlYjI0
NWUwMDRiMDExMjRjMDY1ZWQ4MjFkOTFiZDg3Njg3YjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJFDOyGeipn9lkQ9t3EeJrHiiCwtffUBD6VQcc91RGElKy74lhj+
BevEQb2wdvREVZZRRhJ5Trmf09xEGKzNLqOJ0pQHaZVgSykn4Jr5n0dYYUItxAWM
f+ReGuzpVKaV0tNIKrMK46J5Zx2Bq/4sD/uzENgkTIWsJTwY32hTa0d7n+uEuch6
jtJ/InPsqk7qBPZTbPPRGrg2gVUv4mquqQLIMQzXlJRLZCmoUsOLoJiUv4V8IJde
+lqwx4clzCHud8DD3j3pASKsk0HXr5edvxwMZQCs9ja+NKFoloj9NMidNVewcc67
UrZJj2R86MagVJgJG9u4JlalD19odWmeYK0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQut3LttbgprOsZp4Mp04U1qShvijAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTNhMDhhYTMtNjliNS00YjM3LWI2ZTItZWI3YTYzMjljZjQwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKIq1wMRW3rr9leb
uaXI9JB3BRiFHE1aVduod3DI7X/TIGqSWEy5BC4FQpAWZcqFlMiU2kIlegLck0kc
CXVZKNWlfIOGd6Hu5zqYdPqW6Sygec5LOl5ktghBXVpb8pnJOfA0gJsHM0KpFDJU
QeECeHtXcNJRSGRumBrU940/lqjaVXEQqKWD2UgTxS0wIs+O2ryuHdotSKygrWrQ
N3KzhR3+Iiqqk6xZYdHlHT80ITfNKxqw/WKpEIRk1ytzXVVSHpI6ap7uuQ+Sbjsx
uinw29OI26wYtpgZ7GaLw3hSMhoWUKHbkqYdspLM2wg0Qiwnj5udWOgnanYx/ZDY
2LuTyc0=
-----END CERTIFICATE-----