Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f57d8f01-5842-4b9c-a11d-17252da792ba.roa
File:                     f57d8f01-5842-4b9c-a11d-17252da792ba.roa (raw, json)
Hash identifier:          dHcxfppiZpJEToD40a+piHwRkb4jwUPu6b4YyUtx3mg=
Subject key identifier:   E0:AC:9E:5D:55:32:13:7B:F5:22:0B:D9:2B:07:03:E1:6D:E9:5B:FE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       48E72D87467D95D13D2B1ABA2603BDE45F55DEA9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f57d8f01-5842-4b9c-a11d-17252da792ba.roa
Signing time:             Fri 17 Feb 2023 00:00:00 +0000
ROA not before:           Fri 17 Feb 2023 00:00:00 +0000
ROA not after:            Mon 20 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:e7:2d:87:46:7d:95:d1:3d:2b:1a:ba:26:03:bd:e4:5f:55:de:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 17 00:00:00 2023 GMT
            Not After : Feb 20 23:59:59 2023 GMT
        Subject: serialNumber=873e5a57aacb10a9afe16a24af0ead3c1ae828c3260dc50b5b212b887cac15ee, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9b:76:2c:46:d9:d1:8d:94:e0:72:8a:02:44:
                    56:d9:35:dd:ba:09:b7:7a:4e:df:e7:9d:a4:86:07:
                    46:55:c2:62:8f:fb:82:49:96:3e:0a:67:ad:50:a4:
                    6c:ca:dc:4a:95:31:d1:34:28:42:9c:15:2d:35:39:
                    5a:7d:4e:7b:ca:01:5c:66:fa:df:a2:6e:be:8e:0e:
                    fc:14:5f:12:ee:cf:c4:b5:03:29:61:db:6d:9c:9b:
                    c5:ec:9a:b1:ae:fd:55:d2:61:ac:24:a4:13:3c:ab:
                    6e:7f:04:3b:7c:51:95:2a:40:12:4a:91:8d:3e:32:
                    6c:bf:84:54:92:7a:a7:17:2a:02:2b:5a:1b:cf:52:
                    61:7f:2a:13:d9:cb:c8:a7:f0:54:11:43:bb:db:bc:
                    ce:3b:eb:9c:ce:98:63:99:d3:74:f1:68:40:af:3d:
                    18:f2:12:52:6d:44:72:3b:8b:65:27:51:fe:54:1d:
                    15:b4:4e:19:bb:5f:45:88:f2:ed:e8:31:29:31:a6:
                    19:55:5e:e9:aa:89:f3:76:fd:a7:3a:b3:73:a7:88:
                    1d:c6:5a:02:c2:b0:03:d2:b5:b0:aa:70:c7:18:e7:
                    50:59:ce:87:f5:5a:68:96:62:c1:e6:8e:ff:61:02:
                    ea:49:b4:c7:5c:53:6c:c9:2e:31:66:f3:25:c1:d7:
                    8d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:AC:9E:5D:55:32:13:7B:F5:22:0B:D9:2B:07:03:E1:6D:E9:5B:FE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f57d8f01-5842-4b9c-a11d-17252da792ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:da:39:2e:ef:4c:2b:73:ac:2d:1c:49:06:93:07:06:7e:54:
         8e:f0:d2:d2:74:d9:69:50:a8:0e:52:d1:17:79:c6:9f:a7:f9:
         60:8a:f1:73:86:b0:5e:b8:fd:4a:1b:93:f2:2e:4a:84:73:ad:
         34:ff:cc:b7:8c:da:9f:45:c9:6e:c1:54:1a:ce:13:fb:de:5a:
         15:a8:d0:5b:41:67:c3:fd:a1:6a:8a:c9:26:5e:b7:86:7c:b1:
         3c:22:d9:95:a8:f2:cd:38:1e:67:25:ec:2d:65:65:77:c4:da:
         2a:ef:94:43:71:90:04:6d:a1:3f:a6:ce:70:d5:a9:9b:a1:f0:
         e0:72:aa:b9:d3:d9:ec:5a:27:b0:68:c4:da:2d:d7:6b:40:c3:
         fd:b2:7d:0b:7c:7b:9e:eb:5f:03:da:76:30:5e:19:4c:75:ec:
         e1:a0:e9:04:35:1b:85:ef:51:46:5f:06:fa:25:85:60:a9:d3:
         86:78:e9:a7:36:8c:44:19:29:e7:87:49:b8:0b:6e:8c:f4:5e:
         f0:1c:c0:b7:81:98:08:c8:a3:29:16:65:de:02:31:fa:ea:84:
         74:ce:c9:94:8b:76:00:29:9e:e7:e2:42:70:97:7a:e6:1d:27:
         01:76:87:b4:05:8e:a2:85:6d:f0:71:f0:18:ba:e1:82:21:56:
         2c:92:57:30
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUSOcth0Z9ldE9Kxq6JgO95F9V3qkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE3MDAwMDAwWhcNMjMwMjIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAODczZTVhNTdhYWNiMTBhOWFmZTE2YTI0YWYwZWFkM2Mx
YWU4MjhjMzI2MGRjNTBiNWIyMTJiODg3Y2FjMTVlZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL+bdixG2dGNlOByigJEVtk13boJt3pO3+edpIYHRlXCYo/7gkmW
PgpnrVCkbMrcSpUx0TQoQpwVLTU5Wn1Oe8oBXGb636Juvo4O/BRfEu7PxLUDKWHb
bZybxeyasa79VdJhrCSkEzyrbn8EO3xRlSpAEkqRjT4ybL+EVJJ6pxcqAitaG89S
YX8qE9nLyKfwVBFDu9u8zjvrnM6YY5nTdPFoQK89GPISUm1EcjuLZSdR/lQdFbRO
GbtfRYjy7egxKTGmGVVe6aqJ83b9pzqzc6eIHcZaAsKwA9K1sKpwxxjnUFnOh/Va
aJZiweaO/2EC6km0x1xTbMkuMWbzJcHXja0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTgrJ5dVTITe/UiC9krBwPhbelb/jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjU3ZDhmMDEtNTg0Mi00YjljLWExMWQtMTcyNTJkYTc5MmJhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEraOS7vTCtzrC0c
SQaTBwZ+VI7w0tJ02WlQqA5S0Rd5xp+n+WCK8XOGsF64/Uobk/IuSoRzrTT/zLeM
2p9FyW7BVBrOE/veWhWo0FtBZ8P9oWqKySZet4Z8sTwi2ZWo8s04Hmcl7C1lZXfE
2irvlENxkARtoT+mznDVqZuh8OByqrnT2exaJ7BoxNot12tAw/2yfQt8e57rXwPa
djBeGUx17OGg6QQ1G4XvUUZfBvolhWCp04Z46ac2jEQZKeeHSbgLboz0XvAcwLeB
mAjIoykWZd4CMfrqhHTOyZSLdgApnufiQnCXeuYdJwF2h7QFjqKFbfBx8Bi64YIh
ViySVzA=
-----END CERTIFICATE-----