Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e40c11dc-b711-4040-bf79-fff1e3a61c5d.roa
File:                     e40c11dc-b711-4040-bf79-fff1e3a61c5d.roa (raw, json)
Hash identifier:          0O8T0UeyeI9ca5+Pr5I5OWYVmBO2G5/I3wofF4w+uDY=
Subject key identifier:   6B:17:9D:95:F4:76:3B:BF:2E:13:E8:05:6E:27:74:4F:CA:44:8B:DB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7278CDEB47D4CA31EAC8A1061B87D8AAD8376692
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e40c11dc-b711-4040-bf79-fff1e3a61c5d.roa
Signing time:             Thu 28 Jul 2022 00:00:00 +0000
ROA not before:           Thu 28 Jul 2022 00:00:00 +0000
ROA not after:            Sun 31 Jul 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:78:cd:eb:47:d4:ca:31:ea:c8:a1:06:1b:87:d8:aa:d8:37:66:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jul 28 00:00:00 2022 GMT
            Not After : Jul 31 23:59:59 2022 GMT
        Subject: serialNumber=56322a852a9e62148a940cca84e3a1a05b7d55e5a3478d3b5f452de733dbce86, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7c:4f:41:c9:f8:1d:ce:dd:38:a5:c1:71:dd:
                    3b:3d:62:a5:72:b2:55:05:34:5b:71:df:4c:cf:88:
                    3a:7f:a8:2e:ec:d3:73:de:f8:7c:98:0f:49:f5:50:
                    2b:9e:e0:88:ac:3b:38:59:9a:c5:8a:3c:97:93:99:
                    6f:b8:7e:83:f8:1e:5f:a1:31:31:ae:b5:0a:b4:89:
                    eb:6f:bd:66:de:10:c0:79:89:4c:fe:6b:53:55:2c:
                    c0:0a:bb:06:7c:9c:a0:d5:13:7c:99:ea:c6:1d:82:
                    7a:dc:01:34:b0:f5:99:06:2d:31:b0:d3:f1:bb:ea:
                    20:ca:b0:f2:76:7d:5f:fb:14:5e:17:fb:e3:49:17:
                    3f:54:12:2c:2d:18:06:2b:78:be:ad:1f:87:e6:84:
                    a4:fa:ab:5f:c1:4d:d1:80:36:ae:f6:2e:cb:24:91:
                    7b:5e:b5:02:7a:ca:c3:a8:c0:20:02:09:a5:20:97:
                    c7:2c:cc:8c:e3:69:69:ff:f3:63:13:90:71:92:65:
                    29:f1:0a:ac:da:9a:5c:49:a9:73:20:ba:64:b6:b3:
                    27:e2:62:51:33:c9:fc:e1:93:10:23:46:f5:fa:2e:
                    e4:26:66:5c:d3:38:70:a2:46:2d:f0:aa:ce:f4:2f:
                    7d:d8:30:72:70:ab:a0:18:c8:78:bc:44:56:cc:64:
                    41:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:17:9D:95:F4:76:3B:BF:2E:13:E8:05:6E:27:74:4F:CA:44:8B:DB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e40c11dc-b711-4040-bf79-fff1e3a61c5d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:5f:1f:66:ba:4f:e9:7f:75:5d:df:92:c2:5d:db:66:e6:ee:
         78:a5:fd:39:52:dc:1b:bb:c4:cd:02:56:1f:95:cb:7c:11:df:
         1f:b6:3c:e8:b4:d8:b0:75:1a:c6:92:67:c0:04:de:b7:30:0d:
         6b:d2:b8:10:61:ad:2c:5d:cf:90:8c:71:4d:8f:4e:f3:15:26:
         d1:56:7b:58:d2:19:4b:ce:f3:34:cd:f9:21:41:90:f2:8c:a1:
         41:77:ee:6f:66:63:90:dd:eb:aa:0b:a8:88:33:d2:9b:61:ed:
         5f:ea:b6:6e:59:36:d4:2c:53:7d:e5:a4:c4:e9:4d:b6:43:e7:
         cd:15:57:2a:f7:b1:be:c4:74:a8:6e:e1:b1:20:bb:50:c7:8b:
         cb:54:00:6c:74:80:64:53:87:3a:70:38:d0:12:b6:cd:66:9f:
         c5:ea:6f:84:94:f5:5a:08:92:96:5a:78:75:af:2a:02:b1:f8:
         1f:76:ae:a3:a4:93:dc:19:02:3a:54:46:19:a0:5e:43:18:18:
         e6:2a:fc:90:69:cd:b9:10:68:3d:7e:13:fc:0f:86:3b:66:86:
         c1:35:3c:c9:16:8f:b9:05:8f:d5:75:77:6c:9c:d7:8e:5a:59:
         45:e9:85:4b:62:83:41:1c:a1:9f:08:c2:0c:31:09:fa:4c:4e:
         e2:23:25:34
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcnjN60fUyjHqyKEGG4fYqtg3ZpIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIwNzI4MDAwMDAwWhcNMjIwNzMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANTYzMjJhODUyYTllNjIxNDhhOTQwY2NhODRlM2ExYTA1
YjdkNTVlNWEzNDc4ZDNiNWY0NTJkZTczM2RiY2U4NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMV8T0HJ+B3O3TilwXHdOz1ipXKyVQU0W3HfTM+IOn+oLuzTc974
fJgPSfVQK57giKw7OFmaxYo8l5OZb7h+g/geX6ExMa61CrSJ62+9Zt4QwHmJTP5r
U1UswAq7BnycoNUTfJnqxh2CetwBNLD1mQYtMbDT8bvqIMqw8nZ9X/sUXhf740kX
P1QSLC0YBit4vq0fh+aEpPqrX8FN0YA2rvYuyySRe161AnrKw6jAIAIJpSCXxyzM
jONpaf/zYxOQcZJlKfEKrNqaXEmpcyC6ZLazJ+JiUTPJ/OGTECNG9fou5CZmXNM4
cKJGLfCqzvQvfdgwcnCroBjIeLxEVsxkQRsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRrF52V9HY7vy4T6AVuJ3RPykSL2zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTQwYzExZGMtYjcxMS00MDQwLWJmNzktZmZmMWUzYTYxYzVkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI5fH2a6T+l/dV3f
ksJd22bm7nil/TlS3Bu7xM0CVh+Vy3wR3x+2POi02LB1GsaSZ8AE3rcwDWvSuBBh
rSxdz5CMcU2PTvMVJtFWe1jSGUvO8zTN+SFBkPKMoUF37m9mY5Dd66oLqIgz0pth
7V/qtm5ZNtQsU33lpMTpTbZD580VVyr3sb7EdKhu4bEgu1DHi8tUAGx0gGRThzpw
ONASts1mn8Xqb4SU9VoIkpZaeHWvKgKx+B92rqOkk9wZAjpURhmgXkMYGOYq/JBp
zbkQaD1+E/wPhjtmhsE1PMkWj7kFj9V1d2yc145aWUXphUtig0EcoZ8IwgwxCfpM
TuIjJTQ=
-----END CERTIFICATE-----