Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0c661b80-de98-43d3-a682-788efbe462fe.roa
File:                     0c661b80-de98-43d3-a682-788efbe462fe.roa (raw, json)
Hash identifier:          MR2qd5FIzCpRm2TWa1BWmWlIQHhhwfe2ZoPY8zpMjkw=
Subject key identifier:   BC:E5:DB:3A:6B:78:DC:E6:F2:5D:C4:1B:94:1C:2B:A1:7F:1F:82:6A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       73F721C40B5380C849133219F8A19D9644825FFB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0c661b80-de98-43d3-a682-788efbe462fe.roa
Signing time:             Mon 11 Nov 2024 00:00:00 +0000
ROA not before:           Mon 11 Nov 2024 00:00:00 +0000
ROA not after:            Mon 16 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:f7:21:c4:0b:53:80:c8:49:13:32:19:f8:a1:9d:96:44:82:5f:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 11 00:00:00 2024 GMT
            Not After : Dec 16 23:59:59 2024 GMT
        Subject: serialNumber=b02d48a79bc11c4281f08118c1967ec17e8b83bc401f8b7dae77a08401b77c4e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:59:fa:78:b1:b7:93:b1:b3:87:b0:1b:c2:98:
                    82:69:4a:30:24:4a:1e:15:2e:f6:ce:7f:0f:21:98:
                    d9:ac:7e:f8:db:75:1f:86:2f:49:29:bc:b3:75:2f:
                    96:7b:87:5c:64:74:7b:9b:37:4e:4c:85:38:77:59:
                    d3:51:18:4d:86:84:40:7a:9a:fe:e1:df:b0:44:d2:
                    48:a8:f1:2d:ec:ae:b1:60:d1:a9:fa:d4:87:ce:b3:
                    09:66:09:fc:fe:eb:b3:02:7d:ee:a1:6d:1e:f5:96:
                    4f:2c:82:f2:fd:d2:28:56:f3:15:06:91:54:73:c7:
                    9b:85:83:d0:4e:0f:57:1a:60:5e:31:c7:e0:50:83:
                    77:9d:72:3b:ac:4f:95:94:c1:4a:ac:97:19:00:5a:
                    79:98:59:be:45:18:d5:88:e5:8b:1e:8a:87:79:0a:
                    b7:54:9d:c9:7f:35:e0:17:a1:e8:52:bc:f1:83:7c:
                    e8:b9:31:de:85:95:f9:c5:f3:da:9d:13:0e:10:a2:
                    66:c3:f4:66:93:6c:40:c6:73:76:7c:bd:03:bc:f2:
                    00:70:88:5a:ba:a9:90:78:84:48:c3:19:5c:b2:cc:
                    96:bd:e2:f3:01:ee:0b:5d:7e:aa:64:d6:ab:aa:14:
                    17:7b:28:ee:c8:d9:d3:c8:59:22:ef:7e:dd:14:50:
                    ed:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:E5:DB:3A:6B:78:DC:E6:F2:5D:C4:1B:94:1C:2B:A1:7F:1F:82:6A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0c661b80-de98-43d3-a682-788efbe462fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:36:80:bb:94:37:cc:dd:36:29:53:d5:70:17:28:3d:37:29:
         7c:2c:f3:ab:0b:0b:c8:5c:a5:96:fd:4e:5b:ca:ba:35:fd:37:
         ce:d2:16:53:5d:a9:09:77:3b:98:d6:8b:3e:a6:17:44:43:f6:
         74:82:e3:48:8f:f1:d0:44:a9:e6:01:86:b5:a2:06:34:01:20:
         3f:f2:dd:8c:2b:05:66:92:1e:34:9b:be:1f:ec:0e:57:bc:13:
         fd:03:cf:b1:dd:f9:69:de:79:53:70:ed:df:a9:06:7f:dc:61:
         ae:e5:86:35:58:1e:c6:b8:4c:b2:56:0e:5f:b9:e2:79:55:03:
         58:a3:b5:2a:2b:ad:5e:10:5c:4d:4a:84:5a:94:0f:c8:8a:eb:
         58:c0:51:87:82:27:98:46:2e:ef:91:2e:13:7f:1c:43:d2:5e:
         a1:f0:f5:b4:de:40:c4:b9:a9:0d:5a:51:05:87:bb:dd:72:97:
         c3:25:c3:75:07:9b:97:9b:3a:08:1c:5c:48:5f:61:57:41:ae:
         67:e3:94:36:85:c3:c0:9b:e4:8c:26:73:7a:21:0c:ac:e0:26:
         59:64:38:98:33:d8:52:a5:93:fd:e7:59:bd:ea:4b:5f:9d:ea:
         4d:3a:28:87:4b:bb:79:d5:ba:cb:c8:f0:8c:99:06:33:9f:e5:
         92:a0:c6:0a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc/chxAtTgMhJEzIZ+KGdlkSCX/swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTExMDAwMDAwWhcNMjQxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDJkNDhhNzliYzExYzQyODFmMDgxMThjMTk2N2VjMTdl
OGI4M2JjNDAxZjhiN2RhZTc3YTA4NDAxYjc3YzRlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtWfp4sbeTsbOHsBvCmIJpSjAkSh4VLvbOfw8hmNmsfvjb
dR+GL0kpvLN1L5Z7h1xkdHubN05MhTh3WdNRGE2GhEB6mv7h37BE0kio8S3srrFg
0an61IfOswlmCfz+67MCfe6hbR71lk8sgvL90ihW8xUGkVRzx5uFg9BOD1caYF4x
x+BQg3edcjusT5WUwUqslxkAWnmYWb5FGNWI5Yseiod5CrdUncl/NeAXoehSvPGD
fOi5Md6FlfnF89qdEw4QombD9GaTbEDGc3Z8vQO88gBwiFq6qZB4hEjDGVyyzJa9
4vMB7gtdfqpk1quqFBd7KO7I2dPIWSLvft0UUO0fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvOXbOmt43ObyXcQblBwroX8fgmowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBjNjYxYjgwLWRlOTgtNDNkMy1hNjgyLTc4OGVmYmU0NjJmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACE2gLuUN8zdNilT1XAXKD03KXws
86sLC8hcpZb9TlvKujX9N87SFlNdqQl3O5jWiz6mF0RD9nSC40iP8dBEqeYBhrWi
BjQBID/y3YwrBWaSHjSbvh/sDle8E/0Dz7Hd+WneeVNw7d+pBn/cYa7lhjVYHsa4
TLJWDl+54nlVA1ijtSorrV4QXE1KhFqUD8iK61jAUYeCJ5hGLu+RLhN/HEPSXqHw
9bTeQMS5qQ1aUQWHu91yl8Mlw3UHm5ebOggcXEhfYVdBrmfjlDaFw8Cb5Iwmc3oh
DKzgJllkOJgz2FKlk/3nWb3qS1+d6k06KIdLu3nVusvI8IyZBjOf5ZKgxgo=
-----END CERTIFICATE-----