Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/28be4211-9db4-4b32-8eba-61422b09af64.roa
File:                     28be4211-9db4-4b32-8eba-61422b09af64.roa (raw, json)
Hash identifier:          4UfUZMuALZYcKEjZL5TZDWt9/MhPmUr12A2NtZVA910=
Subject key identifier:   4E:AE:CA:BD:4F:AA:6A:E6:45:0E:9C:AC:13:C0:81:9C:72:E7:97:EF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       45E9A3DE1A8C94A6A850D0F33C75837A5B2BBB3B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/28be4211-9db4-4b32-8eba-61422b09af64.roa
Signing time:             Sun 28 Jan 2024 00:00:00 +0000
ROA not before:           Sun 28 Jan 2024 00:00:00 +0000
ROA not after:            Sun 03 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:e9:a3:de:1a:8c:94:a6:a8:50:d0:f3:3c:75:83:7a:5b:2b:bb:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 28 00:00:00 2024 GMT
            Not After : Mar  3 23:59:59 2024 GMT
        Subject: serialNumber=df3cc6a6d637dcb337056ab712c7d4b4d74d8c953989f519625ee3800a1fed5e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e9:ec:72:8a:d8:3c:67:a3:10:fc:26:7c:4b:
                    1b:14:06:fb:81:55:40:38:c7:80:9e:73:7b:ce:31:
                    88:cf:d0:60:80:77:e4:55:af:d7:5c:ae:e1:92:0a:
                    76:2a:93:55:4c:d5:da:96:7d:ba:98:39:de:77:d1:
                    ee:c7:01:5b:82:49:ca:c4:84:bc:8d:74:4f:86:1e:
                    e3:a5:a3:7c:df:7a:0d:0e:01:c3:86:8e:8b:86:e3:
                    77:b6:b3:ff:2c:44:f2:56:1a:50:54:4c:85:aa:48:
                    ff:ed:bc:94:9a:63:54:4c:a1:eb:1d:53:3e:be:6c:
                    bf:d1:7f:fa:fe:21:4a:ff:0a:6a:d2:cd:de:22:92:
                    de:34:8d:55:cf:22:7f:fb:ef:b3:ad:38:b8:21:ed:
                    bf:30:5f:72:3c:db:fc:55:c4:89:69:7c:20:f5:c4:
                    7b:53:da:fc:a8:9c:5a:84:fe:70:10:b0:44:19:2c:
                    83:ae:34:31:fc:bf:77:b0:6f:5a:16:8f:3c:7f:cd:
                    22:27:cd:c2:d2:4f:85:12:c0:fa:d4:af:6d:a5:50:
                    aa:30:92:23:99:f1:82:37:c7:9a:fe:ab:85:5d:bc:
                    30:b7:e0:a5:f7:50:cb:34:59:0b:8b:ef:cf:66:48:
                    67:eb:38:e2:a9:e5:e7:03:d3:a1:15:4a:5f:8e:e8:
                    e7:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:AE:CA:BD:4F:AA:6A:E6:45:0E:9C:AC:13:C0:81:9C:72:E7:97:EF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/28be4211-9db4-4b32-8eba-61422b09af64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:7b:ec:19:9f:26:38:0d:78:6b:2e:69:f4:ca:18:c9:15:6f:
         0c:4f:f7:9c:f6:fe:68:a4:18:c5:d0:85:e7:d4:8d:1e:26:15:
         92:23:85:1e:fb:3e:d3:39:51:f8:e6:c9:e4:e8:0e:4b:b2:38:
         fd:79:cf:c3:93:f0:55:eb:3a:0a:6b:f0:79:6c:ac:cd:e1:34:
         f6:fb:37:d3:6b:d5:ec:d2:08:52:3c:ff:1f:d3:a8:a0:b7:e0:
         56:f5:ff:36:78:ba:3b:c4:25:0f:72:9f:45:6b:89:6a:eb:60:
         0e:2b:76:de:81:cd:7a:a6:80:5f:ab:8e:00:13:8b:79:70:3d:
         f9:b9:e7:04:a9:22:24:e6:e0:21:96:3f:dc:26:90:e0:17:df:
         e5:68:53:74:11:83:45:fc:98:87:57:c3:a3:30:4e:0e:11:6f:
         5d:f3:53:33:e6:2b:d9:2b:79:d8:5d:29:32:f9:cd:6d:16:a8:
         af:7c:86:e2:01:3b:4c:1b:8d:ee:90:b2:d4:62:99:3b:c0:64:
         04:1e:89:53:ce:5b:0a:9f:e3:ef:68:10:d1:79:e0:62:05:d0:
         80:03:ee:bd:64:9c:d7:35:80:83:72:4e:db:2c:66:03:69:21:
         4b:a2:74:b7:79:5b:52:66:df:40:78:68:18:16:ab:d8:10:ab:
         84:c7:80:aa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURemj3hqMlKaoUNDzPHWDelsruzswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTI4MDAwMDAwWhcNMjQwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjNjYzZhNmQ2MzdkY2IzMzcwNTZhYjcxMmM3ZDRiNGQ3
NGQ4Yzk1Mzk4OWY1MTk2MjVlZTM4MDBhMWZlZDVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw6exyitg8Z6MQ/CZ8SxsUBvuBVUA4x4Cec3vOMYjP0GCA
d+RVr9dcruGSCnYqk1VM1dqWfbqYOd530e7HAVuCScrEhLyNdE+GHuOlo3zfeg0O
AcOGjouG43e2s/8sRPJWGlBUTIWqSP/tvJSaY1RMoesdUz6+bL/Rf/r+IUr/CmrS
zd4ikt40jVXPIn/777OtOLgh7b8wX3I82/xVxIlpfCD1xHtT2vyonFqE/nAQsEQZ
LIOuNDH8v3ewb1oWjzx/zSInzcLST4USwPrUr22lUKowkiOZ8YI3x5r+q4VdvDC3
4KX3UMs0WQuL789mSGfrOOKp5ecD06EVSl+O6Of7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTq7KvU+qauZFDpysE8CBnHLnl+8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI4YmU0MjExLTlkYjQtNGIzMi04ZWJhLTYxNDIyYjA5YWY2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABx77BmfJjgNeGsuafTKGMkVbwxP
95z2/mikGMXQhefUjR4mFZIjhR77PtM5UfjmyeToDkuyOP15z8OT8FXrOgpr8Hls
rM3hNPb7N9Nr1ezSCFI8/x/TqKC34Fb1/zZ4ujvEJQ9yn0VriWrrYA4rdt6BzXqm
gF+rjgATi3lwPfm55wSpIiTm4CGWP9wmkOAX3+VoU3QRg0X8mIdXw6MwTg4Rb13z
UzPmK9kredhdKTL5zW0WqK98huIBO0wbje6QstRimTvAZAQeiVPOWwqf4+9oENF5
4GIF0IAD7r1knNc1gINyTtssZgNpIUuidLd5W1Jm30B4aBgWq9gQq4THgKo=
-----END CERTIFICATE-----