Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f64e3753-a2f2-4e30-9d88-0c4d3bf556f2.roa
File:                     f64e3753-a2f2-4e30-9d88-0c4d3bf556f2.roa (raw, json)
Hash identifier:          t7m6iSSKbsbSDeMIbtE6rdvsKKoNttnb4Ug2UXJaX68=
Subject key identifier:   00:C8:25:22:35:24:7B:93:34:4A:61:04:86:04:37:47:62:E4:1F:BB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       498D17F5265CE0254926C1B04B3EF0BA45093C9B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f64e3753-a2f2-4e30-9d88-0c4d3bf556f2.roa
Signing time:             Sat 25 Feb 2023 00:00:00 +0000
ROA not before:           Sat 25 Feb 2023 00:00:00 +0000
ROA not after:            Tue 28 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:8d:17:f5:26:5c:e0:25:49:26:c1:b0:4b:3e:f0:ba:45:09:3c:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 25 00:00:00 2023 GMT
            Not After : Feb 28 23:59:59 2023 GMT
        Subject: serialNumber=9260c18c7d1b9d723830837a8070fc7dc8f67ad1ee1895eaa4e7923a0d5899b4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:05:0d:b7:31:b8:aa:d0:8e:ba:16:74:76:d2:
                    e6:51:fd:51:b2:fe:26:88:3c:ca:2d:28:a3:51:2b:
                    9b:9b:db:49:c0:2a:95:4d:d3:61:9c:7b:bf:49:2d:
                    31:3e:e5:10:33:5b:93:01:92:31:76:22:d2:ff:8f:
                    d2:8f:3b:25:07:67:bd:28:ca:c5:55:8d:fe:c7:d3:
                    81:47:e0:f1:6b:f1:60:b3:04:e7:72:e6:a6:5a:b1:
                    a4:96:2a:8f:65:3a:f8:8b:f2:6e:6f:1d:df:83:e0:
                    fc:40:4e:80:19:2e:3e:93:2f:86:51:81:11:0b:93:
                    2a:50:9a:ea:86:9b:18:70:42:21:e8:07:62:36:d3:
                    d7:56:b8:dc:d4:25:8c:78:ad:7c:9d:32:c2:6c:0f:
                    ec:22:10:52:70:c8:e0:de:b0:73:a9:ba:ba:0f:36:
                    d7:3c:03:59:7b:96:a4:d5:44:18:5c:a9:5b:ca:12:
                    0b:81:66:60:c4:46:d1:38:a0:98:d7:85:6c:82:73:
                    d6:ee:38:c8:09:e8:a8:91:1a:a9:ac:d0:f3:10:f3:
                    cf:b4:1c:81:31:9d:45:5e:ee:ac:38:84:c0:86:9c:
                    48:e7:27:2e:39:05:30:fb:97:2d:49:9d:1a:51:05:
                    e5:56:2c:3e:ca:d2:e7:fd:e9:5a:96:2c:96:08:81:
                    e6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:C8:25:22:35:24:7B:93:34:4A:61:04:86:04:37:47:62:E4:1F:BB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f64e3753-a2f2-4e30-9d88-0c4d3bf556f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:47:ae:ec:68:42:12:17:89:36:2e:2b:30:89:c6:88:2b:f2:
         3b:6c:85:1e:4f:8d:49:43:e8:2e:9d:92:1d:e4:f7:86:b7:fd:
         4f:92:a2:eb:4d:f0:71:9b:1e:b7:3b:14:3f:f1:d3:8e:bb:d0:
         64:4a:d1:3e:c9:7c:de:a0:5f:42:03:7d:20:2c:6a:89:7c:5e:
         30:cc:1f:0e:c2:87:96:e7:21:a3:8d:4d:9a:60:29:44:25:b5:
         53:dc:7f:d4:c5:aa:10:65:45:ab:1a:24:47:36:b5:9a:82:97:
         dc:57:f8:34:70:7e:8d:87:a6:f2:25:4a:1f:cf:51:bb:eb:cf:
         86:7f:71:57:4a:fb:f5:f6:97:b6:41:46:db:2f:ad:a8:06:cb:
         ef:06:5d:76:19:dc:c6:2d:34:61:e0:9c:b6:e6:17:74:7e:f3:
         4e:b6:06:c5:ac:d1:84:33:f2:20:ff:16:9a:f8:e1:31:eb:8e:
         6d:65:bd:36:d1:fc:9c:6d:72:1b:cc:a1:f1:01:a1:ba:8e:64:
         a6:5f:10:f8:d9:26:93:f7:e0:62:e1:86:f6:b9:bd:4a:16:07:
         9a:cb:23:e8:49:7d:3e:4c:ff:d5:13:0d:5e:07:a8:ae:af:6c:
         42:e5:54:e8:d5:89:08:94:4b:cf:a2:90:cd:06:49:be:81:f5:
         9c:b2:3f:3c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUSY0X9SZc4CVJJsGwSz7wukUJPJswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI1MDAwMDAwWhcNMjMwMjI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTI2MGMxOGM3ZDFiOWQ3MjM4MzA4MzdhODA3MGZjN2Rj
OGY2N2FkMWVlMTg5NWVhYTRlNzkyM2EwZDU4OTliNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKoFDbcxuKrQjroWdHbS5lH9UbL+Jog8yi0oo1Erm5vbScAqlU3T
YZx7v0ktMT7lEDNbkwGSMXYi0v+P0o87JQdnvSjKxVWN/sfTgUfg8WvxYLME53Lm
plqxpJYqj2U6+Ivybm8d34Pg/EBOgBkuPpMvhlGBEQuTKlCa6oabGHBCIegHYjbT
11a43NQljHitfJ0ywmwP7CIQUnDI4N6wc6m6ug821zwDWXuWpNVEGFypW8oSC4Fm
YMRG0TigmNeFbIJz1u44yAnoqJEaqazQ8xDzz7QcgTGdRV7urDiEwIacSOcnLjkF
MPuXLUmdGlEF5VYsPsrS5/3pWpYslgiB5g0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQAyCUiNSR7kzRKYQSGBDdHYuQfuzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjY0ZTM3NTMtYTJmMi00ZTMwLTlkODgtMGM0ZDNiZjU1NmYyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD5HruxoQhIXiTYu
KzCJxogr8jtshR5PjUlD6C6dkh3k94a3/U+SoutN8HGbHrc7FD/x04670GRK0T7J
fN6gX0IDfSAsaol8XjDMHw7Ch5bnIaONTZpgKUQltVPcf9TFqhBlRasaJEc2tZqC
l9xX+DRwfo2HpvIlSh/PUbvrz4Z/cVdK+/X2l7ZBRtsvragGy+8GXXYZ3MYtNGHg
nLbmF3R+8062BsWs0YQz8iD/Fpr44THrjm1lvTbR/JxtchvMofEBobqOZKZfEPjZ
JpP34GLhhva5vUoWB5rLI+hJfT5M/9UTDV4HqK6vbELlVOjViQiUS8+ikM0GSb6B
9ZyyPzw=
-----END CERTIFICATE-----