Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3e74e991-5b13-4004-8c7f-173bed92eaac.roa
File:                     3e74e991-5b13-4004-8c7f-173bed92eaac.roa (raw, json)
Hash identifier:          bQMwGPOfLrBcT/Qe9VRuiOduKbGPohnR/WWfqdwVfpU=
Subject key identifier:   4E:43:F5:48:AE:4E:DA:36:9E:C4:1A:A5:8B:43:15:7E:6F:87:33:D0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0F6CFD6F8E62EFF985C8D88A0B7D3FB3CEF49E1C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3e74e991-5b13-4004-8c7f-173bed92eaac.roa
Signing time:             Sun 04 Feb 2024 00:00:00 +0000
ROA not before:           Sun 04 Feb 2024 00:00:00 +0000
ROA not after:            Sun 10 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:6c:fd:6f:8e:62:ef:f9:85:c8:d8:8a:0b:7d:3f:b3:ce:f4:9e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  4 00:00:00 2024 GMT
            Not After : Mar 10 23:59:59 2024 GMT
        Subject: serialNumber=0e6821a8833ab238678dcb46ebd47546af445b8a195cfc6db958dfc108f11bab, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:67:a3:0a:c1:ec:98:95:ca:f7:6e:aa:87:01:
                    d5:53:0a:48:b5:c7:72:e9:dc:1f:ed:26:6d:26:1f:
                    e6:55:32:c2:12:c3:26:a0:e4:66:01:1f:14:43:c4:
                    95:3b:62:eb:af:c5:9f:f8:0e:f3:43:50:4c:66:65:
                    8d:d4:42:62:73:1e:d6:87:6e:81:c7:c8:4c:ac:a7:
                    8d:4a:68:67:8f:6e:0a:bf:76:14:ed:49:78:7b:a2:
                    46:d2:bc:70:4c:bf:61:00:36:0a:4e:db:31:0a:30:
                    ab:41:4b:22:c6:36:0e:0e:0a:4b:c6:a3:85:28:e3:
                    51:a6:0e:aa:05:78:70:5a:47:73:bd:f6:5e:fc:01:
                    9b:88:e9:b2:91:92:e4:eb:d1:3c:a1:c1:d6:7b:ae:
                    ff:87:14:a8:95:c0:89:78:2b:f3:de:8a:c5:17:0d:
                    b1:c7:ea:6a:51:13:e2:01:35:eb:d9:cd:10:e1:7a:
                    74:b7:fa:50:73:1a:30:30:76:ee:65:65:70:b7:91:
                    9f:47:4a:a3:bd:7b:e8:66:ac:87:42:4f:09:27:1c:
                    0f:c8:7e:3c:7b:9d:f0:02:99:4d:e1:3f:6d:f4:90:
                    8d:83:ce:fc:6a:97:ee:60:fe:d3:3f:f4:0e:93:5a:
                    26:0f:16:aa:e1:ac:be:54:23:4e:c1:24:5d:24:bf:
                    c8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:43:F5:48:AE:4E:DA:36:9E:C4:1A:A5:8B:43:15:7E:6F:87:33:D0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3e74e991-5b13-4004-8c7f-173bed92eaac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:45:31:1b:cc:ad:a5:90:92:d9:ff:32:dd:ae:2a:13:e8:72:
         31:f9:40:26:2d:31:cf:1f:07:50:d3:92:9e:b8:d6:b6:9a:cd:
         56:2a:5b:72:88:3c:87:18:c5:58:a7:b9:57:53:49:ec:3d:34:
         e0:dd:5a:fd:0a:f4:0c:48:9e:c6:24:29:71:e3:20:1e:83:46:
         d4:b0:f2:cd:23:38:8f:06:e1:a3:38:cb:90:70:21:db:f7:ac:
         38:fa:f8:fc:e2:21:50:08:80:1f:ba:9f:54:88:91:ac:db:29:
         7a:3e:74:93:9d:38:2e:27:eb:72:e2:69:98:00:80:df:50:05:
         ce:64:5e:1d:d9:82:ca:b2:08:8e:2b:ab:06:d6:8a:92:8b:0c:
         a7:c5:db:62:bb:82:7d:40:a5:b5:69:be:f6:42:ec:33:73:ac:
         33:73:2b:18:bf:a9:26:0f:48:10:b8:52:2a:92:56:26:c4:1d:
         01:58:06:47:93:43:60:bf:8f:eb:c3:2e:41:f5:a8:b1:d3:f7:
         90:81:90:03:ea:6c:e8:c9:4e:1b:93:8a:e8:4c:a8:b7:a0:dd:
         0a:72:b8:90:5b:10:b1:43:e6:c8:23:24:fa:25:97:6a:6c:70:
         8b:77:f0:a0:0e:b7:6c:f9:91:e9:0e:6c:c0:e6:f4:59:47:6b:
         76:c3:9e:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD2z9b45i7/mFyNiKC30/s870nhwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjA0MDAwMDAwWhcNMjQwMzEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZTY4MjFhODgzM2FiMjM4Njc4ZGNiNDZlYmQ0NzU0NmFm
NDQ1YjhhMTk1Y2ZjNmRiOTU4ZGZjMTA4ZjExYmFiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8Z6MKweyYlcr3bqqHAdVTCki1x3Lp3B/tJm0mH+ZVMsIS
wyag5GYBHxRDxJU7YuuvxZ/4DvNDUExmZY3UQmJzHtaHboHHyEysp41KaGePbgq/
dhTtSXh7okbSvHBMv2EANgpO2zEKMKtBSyLGNg4OCkvGo4Uo41GmDqoFeHBaR3O9
9l78AZuI6bKRkuTr0TyhwdZ7rv+HFKiVwIl4K/PeisUXDbHH6mpRE+IBNevZzRDh
enS3+lBzGjAwdu5lZXC3kZ9HSqO9e+hmrIdCTwknHA/Ifjx7nfACmU3hP230kI2D
zvxql+5g/tM/9A6TWiYPFqrhrL5UI07BJF0kv8jfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTkP1SK5O2jaexBqli0MVfm+HM9AwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNlNzRlOTkxLTViMTMtNDAwNC04YzdmLTE3M2JlZDkyZWFhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK9FMRvMraWQktn/Mt2uKhPocjH5
QCYtMc8fB1DTkp641raazVYqW3KIPIcYxVinuVdTSew9NODdWv0K9AxInsYkKXHj
IB6DRtSw8s0jOI8G4aM4y5BwIdv3rDj6+PziIVAIgB+6n1SIkazbKXo+dJOdOC4n
63LiaZgAgN9QBc5kXh3ZgsqyCI4rqwbWipKLDKfF22K7gn1ApbVpvvZC7DNzrDNz
Kxi/qSYPSBC4UiqSVibEHQFYBkeTQ2C/j+vDLkH1qLHT95CBkAPqbOjJThuTiuhM
qLeg3QpyuJBbELFD5sgjJPoll2pscIt38KAOt2z5kekObMDm9FlHa3bDnlI=
-----END CERTIFICATE-----