Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f4db3797-8625-48fd-886d-3f71595e76f0.roa
File:                     f4db3797-8625-48fd-886d-3f71595e76f0.roa (raw, json)
Hash identifier:          nY0OWFZW7Mht2egNDw4ClCvRvilkFkIcbxqLf5K2hzw=
Subject key identifier:   E2:B1:CE:70:9C:9C:6F:76:EB:0C:8C:35:DB:CC:5C:E8:A4:3B:E9:6C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       418942E46CFCA752E4C413AFD8FAE5E741AE1959
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f4db3797-8625-48fd-886d-3f71595e76f0.roa
Signing time:             Thu 23 Feb 2023 00:00:00 +0000
ROA not before:           Thu 23 Feb 2023 00:00:00 +0000
ROA not after:            Sun 26 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:89:42:e4:6c:fc:a7:52:e4:c4:13:af:d8:fa:e5:e7:41:ae:19:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 23 00:00:00 2023 GMT
            Not After : Feb 26 23:59:59 2023 GMT
        Subject: serialNumber=16b9b1ebb7ab4142af8dde2eb27888aa1c6d03b1b51c8c9dea676d84ff3fff0d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c6:d9:64:a0:98:99:05:28:1d:45:35:1f:dd:
                    75:3d:ae:04:df:dc:ce:60:23:0e:e9:02:88:e2:58:
                    06:21:07:35:cc:c3:9c:53:aa:b9:04:8c:86:ec:9c:
                    e6:3c:2c:b3:db:4c:20:c2:c1:03:d4:77:ef:06:16:
                    d5:85:50:d8:fd:d2:60:db:72:90:02:66:54:75:8b:
                    0d:fe:b8:50:d0:86:b4:41:03:50:89:1f:6b:66:cd:
                    83:92:24:1e:8a:00:3e:bd:d6:d5:ad:03:83:00:ff:
                    ed:74:fe:ad:88:ed:7b:3e:4e:28:03:55:83:a4:17:
                    3c:b0:96:d2:d4:2b:7f:0b:96:50:38:11:ca:a0:ed:
                    51:f9:48:e3:85:13:02:30:c6:c9:c3:fc:bd:f6:08:
                    fd:c1:b9:1d:d0:1e:f4:3e:cc:23:d0:d6:70:10:39:
                    0a:a9:39:bc:96:3a:72:af:4c:a8:2f:22:ef:07:fe:
                    4b:1a:b0:45:1b:d8:5f:d6:70:42:b7:f2:48:88:83:
                    7c:b8:56:1d:b7:c8:65:35:c4:f3:73:6a:d1:37:5d:
                    b1:ed:7a:8f:89:08:85:37:f5:fc:71:fe:4e:29:2b:
                    d3:23:af:c5:76:89:54:43:57:85:56:cc:3c:b4:0d:
                    0d:c3:6c:5b:5e:28:db:42:94:63:4b:d5:80:6b:48:
                    7c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:B1:CE:70:9C:9C:6F:76:EB:0C:8C:35:DB:CC:5C:E8:A4:3B:E9:6C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f4db3797-8625-48fd-886d-3f71595e76f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:13:4d:f7:45:fe:00:5b:11:b1:ab:93:92:62:4f:a9:e7:a3:
         f9:42:13:81:46:8d:8a:e9:46:c6:67:d4:a7:3d:de:63:f1:25:
         91:b7:c8:eb:c5:c6:8b:d8:c3:52:ab:fa:e4:06:9e:e2:10:94:
         15:48:d1:fe:28:13:b7:92:87:1a:48:64:f7:ec:fc:9f:05:58:
         b7:47:b6:45:f0:2f:9e:13:0a:bb:5f:c3:b4:d5:8a:a1:84:4a:
         c0:ba:09:1b:e6:19:e8:99:bd:cd:69:a6:9e:43:c7:f2:a4:d1:
         5e:b8:62:87:ba:d8:d1:c3:d1:a9:b7:cc:c9:51:be:cc:6f:30:
         03:e0:9e:95:f2:6b:48:7e:0a:a8:06:04:b8:1e:91:dd:67:1e:
         34:92:2d:53:39:68:70:5e:0f:3d:d9:4a:1c:5a:88:a9:30:e0:
         7c:00:02:e4:ba:0d:70:01:3f:a8:3a:ee:c2:98:32:9b:7f:22:
         9c:cc:31:d6:13:34:18:6c:48:2b:f0:b6:18:47:b9:1e:2f:44:
         d1:b2:e1:ad:3e:8b:9d:ca:40:3d:23:f4:d3:c0:4a:0b:53:2b:
         80:52:c0:bc:0b:50:ec:1b:34:aa:d8:5d:82:f7:32:9e:bd:8e:
         a7:ba:94:a7:62:83:90:a3:f8:b3:d1:fc:d4:ef:f2:5d:19:38:
         80:95:3f:a0
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQYlC5Gz8p1LkxBOv2Prl50GuGVkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIzMDAwMDAwWhcNMjMwMjI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTZiOWIxZWJiN2FiNDE0MmFmOGRkZTJlYjI3ODg4YWEx
YzZkMDNiMWI1MWM4YzlkZWE2NzZkODRmZjNmZmYwZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJfG2WSgmJkFKB1FNR/ddT2uBN/czmAjDukCiOJYBiEHNczDnFOq
uQSMhuyc5jwss9tMIMLBA9R37wYW1YVQ2P3SYNtykAJmVHWLDf64UNCGtEEDUIkf
a2bNg5IkHooAPr3W1a0DgwD/7XT+rYjtez5OKANVg6QXPLCW0tQrfwuWUDgRyqDt
UflI44UTAjDGycP8vfYI/cG5HdAe9D7MI9DWcBA5Cqk5vJY6cq9MqC8i7wf+Sxqw
RRvYX9ZwQrfySIiDfLhWHbfIZTXE83Nq0Tddse16j4kIhTf1/HH+Tikr0yOvxXaJ
VENXhVbMPLQNDcNsW14o20KUY0vVgGtIfEsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTisc5wnJxvdusMjDXbzFzopDvpbDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjRkYjM3OTctODYyNS00OGZkLTg4NmQtM2Y3MTU5NWU3NmYwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADUTTfdF/gBbEbGr
k5JiT6nno/lCE4FGjYrpRsZn1Kc93mPxJZG3yOvFxovYw1Kr+uQGnuIQlBVI0f4o
E7eShxpIZPfs/J8FWLdHtkXwL54TCrtfw7TViqGESsC6CRvmGeiZvc1ppp5Dx/Kk
0V64Yoe62NHD0am3zMlRvsxvMAPgnpXya0h+CqgGBLgekd1nHjSSLVM5aHBeDz3Z
ShxaiKkw4HwAAuS6DXABP6g67sKYMpt/IpzMMdYTNBhsSCvwthhHuR4vRNGy4a0+
i53KQD0j9NPASgtTK4BSwLwLUOwbNKrYXYL3Mp69jqe6lKdig5Cj+LPR/NTv8l0Z
OICVP6A=
-----END CERTIFICATE-----