Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fc1d993c-bb93-4b38-ad7a-a09d287d1e83.roa
File:                     fc1d993c-bb93-4b38-ad7a-a09d287d1e83.roa (raw, json)
Hash identifier:          jNESR4DgYTjeudh07kDpxHa/Oqp054u+V23/zukeefM=
Subject key identifier:   64:65:17:9B:78:92:9B:E7:9E:0D:E2:B9:3E:E4:F7:75:D4:62:C3:A6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       60C82A6502188C875AC0D06D16DF4237BD8FF2CB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fc1d993c-bb93-4b38-ad7a-a09d287d1e83.roa
Signing time:             Sat 22 Apr 2023 00:00:00 +0000
ROA not before:           Sat 22 Apr 2023 00:00:00 +0000
ROA not after:            Tue 25 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:c8:2a:65:02:18:8c:87:5a:c0:d0:6d:16:df:42:37:bd:8f:f2:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 22 00:00:00 2023 GMT
            Not After : Apr 25 23:59:59 2023 GMT
        Subject: serialNumber=930385dff32da6ca175fc21016416597637bfbac0b2cff7003f9b16e021b467e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ec:e9:9a:7a:f0:08:6e:40:e6:4a:80:08:ac:
                    26:82:b5:fc:8f:85:66:3c:ab:62:53:7e:b2:d4:2c:
                    1d:5f:b6:bf:4e:1d:4f:5e:b7:64:38:f4:ab:e8:14:
                    34:af:b8:1f:f1:63:7d:4a:90:8a:ab:cf:d9:e6:0c:
                    58:68:f6:63:7b:f1:b6:11:d4:10:7a:75:48:18:d5:
                    62:a5:26:8c:5f:b5:be:22:29:83:9a:79:85:3d:9d:
                    1e:23:55:d8:21:ac:67:f0:50:c3:94:1c:9f:f1:5c:
                    86:38:b7:85:1b:5e:d0:fe:69:95:4e:6d:04:f1:ac:
                    f8:19:32:0f:89:74:51:01:c8:eb:69:a4:d3:ac:f6:
                    a5:34:84:18:fe:6b:36:de:58:a1:d4:06:81:99:4f:
                    9d:97:d6:5c:a0:32:2a:46:31:e0:63:9b:9b:0d:06:
                    2f:23:72:1c:73:35:81:ef:00:be:2b:35:2b:44:71:
                    ab:07:66:d8:b3:5f:fd:3b:87:8f:9f:52:c7:a9:34:
                    9a:88:7b:b7:f7:a9:42:bf:29:a1:8c:f5:6d:de:e6:
                    d9:fc:0d:16:a8:62:c0:71:3f:97:29:76:bf:66:d4:
                    4a:ce:a3:7d:56:3a:aa:ea:59:68:57:de:72:ab:9e:
                    08:10:a2:ea:c4:8c:d5:c4:0f:e7:a4:ac:d1:51:b3:
                    5c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:65:17:9B:78:92:9B:E7:9E:0D:E2:B9:3E:E4:F7:75:D4:62:C3:A6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fc1d993c-bb93-4b38-ad7a-a09d287d1e83.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:e6:54:c1:b9:97:76:c9:b2:8a:3b:fe:cb:b3:88:9a:11:00:
         3d:74:a2:cc:95:bd:8f:27:10:53:b1:12:58:1c:19:b8:6b:70:
         81:9e:78:90:2f:a6:de:47:00:20:2e:4e:a1:dc:94:4f:3c:c7:
         b9:45:51:db:38:7c:48:99:a3:8a:87:1e:26:93:34:7b:06:50:
         3c:bd:20:5e:4d:21:e0:85:78:cc:2b:fc:c2:fc:a3:13:48:20:
         92:90:ce:89:ae:ae:6a:cb:b3:8e:00:1c:f5:c3:86:67:43:00:
         a2:9d:d7:b4:43:94:9c:19:ae:7c:9d:97:ae:6b:13:27:b8:e8:
         17:f7:3f:59:24:44:1f:90:23:34:20:19:a0:20:35:ec:a2:0c:
         c8:57:d3:5e:51:97:cc:55:2a:fa:49:c5:09:17:d1:dd:03:1b:
         83:74:e2:54:04:3b:92:5a:f2:cf:cb:01:c1:d6:4a:b7:e8:31:
         14:88:ad:87:ac:e7:32:09:ed:43:20:d3:fd:ac:95:1d:e0:cb:
         da:6d:8a:ea:16:f4:4e:f8:5b:56:8a:16:20:1e:96:d1:15:99:
         36:2e:99:48:04:1a:f8:cd:60:70:d7:8c:fc:97:08:9c:87:b2:
         1a:43:60:c7:e6:93:7a:36:cf:fb:f1:5d:af:e3:ca:8b:da:40:
         c4:80:b1:bc
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYMgqZQIYjIdawNBtFt9CN72P8sswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIyMDAwMDAwWhcNMjMwNDI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTMwMzg1ZGZmMzJkYTZjYTE3NWZjMjEwMTY0MTY1OTc2
MzdiZmJhYzBiMmNmZjcwMDNmOWIxNmUwMjFiNDY3ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMXs6Zp68AhuQOZKgAisJoK1/I+FZjyrYlN+stQsHV+2v04dT163
ZDj0q+gUNK+4H/FjfUqQiqvP2eYMWGj2Y3vxthHUEHp1SBjVYqUmjF+1viIpg5p5
hT2dHiNV2CGsZ/BQw5Qcn/Fchji3hRte0P5plU5tBPGs+BkyD4l0UQHI62mk06z2
pTSEGP5rNt5YodQGgZlPnZfWXKAyKkYx4GObmw0GLyNyHHM1ge8Avis1K0Rxqwdm
2LNf/TuHj59Sx6k0moh7t/epQr8poYz1bd7m2fwNFqhiwHE/lyl2v2bUSs6jfVY6
qupZaFfecqueCBCi6sSM1cQP56Ss0VGzXIUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRkZRebeJKb554N4rk+5Pd11GLDpjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZmMxZDk5M2MtYmI5My00YjM4LWFkN2EtYTA5ZDI4N2QxZTgzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGzmVMG5l3bJsoo7
/suziJoRAD10osyVvY8nEFOxElgcGbhrcIGeeJAvpt5HACAuTqHclE88x7lFUds4
fEiZo4qHHiaTNHsGUDy9IF5NIeCFeMwr/ML8oxNIIJKQzomurmrLs44AHPXDhmdD
AKKd17RDlJwZrnydl65rEye46Bf3P1kkRB+QIzQgGaAgNeyiDMhX015Rl8xVKvpJ
xQkX0d0DG4N04lQEO5Ja8s/LAcHWSrfoMRSIrYes5zIJ7UMg0/2slR3gy9ptiuoW
9E74W1aKFiAeltEVmTYumUgEGvjNYHDXjPyXCJyHshpDYMfmk3o2z/vxXa/jyova
QMSAsbw=
-----END CERTIFICATE-----