Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f146f24b-467a-4f47-b886-e0a62d34bccb.roa
File:                     f146f24b-467a-4f47-b886-e0a62d34bccb.roa (raw, json)
Hash identifier:          0kw97EVEQcvUqeafQPGWb1/2JRNdHZ7lDatYbEP/R+g=
Subject key identifier:   F4:D2:E3:45:1D:83:11:84:27:26:88:31:7B:E3:78:E6:B2:D1:B2:E3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       28FBB11B5A34D5A2AD05C3EFE81CE97E0C5DEDCE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f146f24b-467a-4f47-b886-e0a62d34bccb.roa
Signing time:             Thu 23 Mar 2023 00:00:00 +0000
ROA not before:           Thu 23 Mar 2023 00:00:00 +0000
ROA not after:            Sun 26 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:fb:b1:1b:5a:34:d5:a2:ad:05:c3:ef:e8:1c:e9:7e:0c:5d:ed:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 23 00:00:00 2023 GMT
            Not After : Mar 26 23:59:59 2023 GMT
        Subject: serialNumber=53c69ff8f5429924da91ff9780c563e717a3a68c12bff3cd761108c4278275cd, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d0:a0:d3:ff:3a:5a:5b:dd:31:7b:a6:10:5e:
                    03:87:52:95:77:46:aa:4e:7c:61:65:83:dc:ac:80:
                    86:d0:13:a1:05:de:58:73:88:e5:6d:18:7d:0c:90:
                    f7:49:31:6d:13:46:3b:52:7d:e5:99:c0:51:c3:be:
                    cd:63:06:59:93:71:dd:97:55:e9:b6:6d:9b:5b:4e:
                    93:c0:e1:15:32:6e:16:5d:e3:52:16:d8:ef:9f:98:
                    87:2e:41:f2:5a:a6:c1:ba:e2:ad:f9:a9:5e:5f:0e:
                    98:9f:ac:9c:56:5a:f5:5b:08:ab:99:29:31:9d:f0:
                    9a:3a:11:ea:54:17:be:99:ae:cb:fb:d0:14:37:fe:
                    40:e5:f3:00:60:c6:16:16:db:b2:5f:a4:b2:66:1d:
                    fd:8c:48:90:3d:93:61:52:9a:c2:cd:e6:6e:bf:05:
                    a7:f5:81:b5:72:e6:1b:b1:f4:71:b8:c8:7d:8e:11:
                    f3:99:c6:a2:31:16:a3:fa:ec:60:23:af:c0:01:46:
                    c4:02:48:d8:95:f7:06:70:80:ba:f2:74:17:ba:62:
                    02:d8:27:48:c8:12:8e:08:65:9f:14:0d:8b:97:6e:
                    a5:72:7d:5f:7f:cb:22:ad:b3:6c:c9:06:9f:46:ef:
                    e2:4e:e4:d0:4d:95:61:50:ac:0f:b6:ae:a1:2c:57:
                    b5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D2:E3:45:1D:83:11:84:27:26:88:31:7B:E3:78:E6:B2:D1:B2:E3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f146f24b-467a-4f47-b886-e0a62d34bccb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:ca:2f:fb:04:02:15:f5:15:82:b5:18:6d:ee:e5:cd:52:9a:
         51:30:f6:90:7f:32:c8:bb:77:e3:b4:11:e2:7e:b1:d0:76:c9:
         9b:7d:c6:a2:32:07:be:bd:99:77:bd:45:72:ab:5e:43:a8:d9:
         f8:9a:e2:ab:9e:23:db:3a:21:53:fb:04:3f:9b:3c:c1:54:80:
         f7:2e:77:4a:58:78:49:71:c5:e0:54:cc:4e:32:70:4e:63:81:
         28:d9:78:1f:09:98:71:b2:d3:16:f8:34:c5:67:21:16:cc:91:
         12:67:9a:fe:b2:c8:75:2c:93:7e:6d:cc:5e:d9:ed:82:d3:42:
         c7:21:be:12:83:d8:5f:3a:ce:9c:f1:58:a1:b4:f2:31:87:93:
         e9:dc:71:5d:9e:de:ce:69:72:a6:33:06:89:54:cf:d6:13:01:
         e2:9c:04:b5:86:e2:65:c7:0a:76:2b:97:c0:a8:0c:1b:df:f9:
         89:0a:e2:fc:c8:f0:86:6e:4b:34:0b:e7:d7:c2:0c:bb:9e:d0:
         4d:5e:eb:53:ea:b9:f8:f5:ee:fe:f8:52:e5:7e:d5:ee:02:40:
         5d:7b:d7:a0:f3:4e:1f:01:b8:de:4a:9f:ac:b8:14:59:b1:ab:
         ec:ce:93:a5:a0:07:bc:10:50:a5:42:aa:3c:dc:ad:e1:3a:8a:
         d0:7e:30:a0
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKPuxG1o01aKtBcPv6Bzpfgxd7c4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIzMDAwMDAwWhcNMjMwMzI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTNjNjlmZjhmNTQyOTkyNGRhOTFmZjk3ODBjNTYzZTcx
N2EzYTY4YzEyYmZmM2NkNzYxMTA4YzQyNzgyNzVjZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK/QoNP/Olpb3TF7phBeA4dSlXdGqk58YWWD3KyAhtAToQXeWHOI
5W0YfQyQ90kxbRNGO1J95ZnAUcO+zWMGWZNx3ZdV6bZtm1tOk8DhFTJuFl3jUhbY
75+Yhy5B8lqmwbrirfmpXl8OmJ+snFZa9VsIq5kpMZ3wmjoR6lQXvpmuy/vQFDf+
QOXzAGDGFhbbsl+ksmYd/YxIkD2TYVKaws3mbr8Fp/WBtXLmG7H0cbjIfY4R85nG
ojEWo/rsYCOvwAFGxAJI2JX3BnCAuvJ0F7piAtgnSMgSjghlnxQNi5dupXJ9X3/L
Iq2zbMkGn0bv4k7k0E2VYVCsD7auoSxXtVcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT00uNFHYMRhCcmiDF743jmstGy4zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjE0NmYyNGItNDY3YS00ZjQ3LWI4ODYtZTBhNjJkMzRiY2NiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKnKL/sEAhX1FYK1
GG3u5c1SmlEw9pB/Msi7d+O0EeJ+sdB2yZt9xqIyB769mXe9RXKrXkOo2fia4que
I9s6IVP7BD+bPMFUgPcud0pYeElxxeBUzE4ycE5jgSjZeB8JmHGy0xb4NMVnIRbM
kRJnmv6yyHUsk35tzF7Z7YLTQschvhKD2F86zpzxWKG08jGHk+nccV2e3s5pcqYz
BolUz9YTAeKcBLWG4mXHCnYrl8CoDBvf+YkK4vzI8IZuSzQL59fCDLue0E1e61Pq
ufj17v74UuV+1e4CQF1716DzTh8BuN5Kn6y4FFmxq+zOk6WgB7wQUKVCqjzcreE6
itB+MKA=
-----END CERTIFICATE-----