Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5ed0b4aa-9e2b-4f4b-b149-5232774365f2.roa
File:                     5ed0b4aa-9e2b-4f4b-b149-5232774365f2.roa (raw, json)
Hash identifier:          gJzgQRBbV1KJQIWl7+pcKZj8gJnZEzVMwKtYws2eheA=
Subject key identifier:   37:6D:CC:13:75:4E:40:DA:EF:42:93:96:2D:B3:99:12:4F:71:3D:6B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       52356A2187FA55402F42BE48A345F5F4793F031F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5ed0b4aa-9e2b-4f4b-b149-5232774365f2.roa
Signing time:             Wed 09 Oct 2024 00:00:00 +0000
ROA not before:           Wed 09 Oct 2024 00:00:00 +0000
ROA not after:            Wed 13 Nov 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:35:6a:21:87:fa:55:40:2f:42:be:48:a3:45:f5:f4:79:3f:03:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  9 00:00:00 2024 GMT
            Not After : Nov 13 23:59:59 2024 GMT
        Subject: serialNumber=3762385145304d97ac0d6451c248c83e69499e67c59dec3442d019c1a6dbd0c3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:40:2a:d3:09:64:39:dd:cf:57:b9:19:cc:37:
                    ea:91:e5:8e:dd:f4:17:70:e7:d9:3d:94:24:84:33:
                    9f:65:12:26:89:69:68:0b:d5:27:86:56:ce:9b:9d:
                    f5:ef:29:5c:d1:84:66:2a:44:db:9f:60:d5:b4:f8:
                    76:8b:4f:57:08:c4:18:33:09:03:7e:d4:de:cd:75:
                    b8:69:08:61:6a:78:00:52:91:e8:46:be:19:a3:84:
                    b5:88:e3:ce:87:02:5b:c7:cd:f7:6c:8e:91:a7:bb:
                    4e:d3:e8:93:9d:b7:90:8b:33:20:87:9c:e7:dc:00:
                    00:2e:cd:9b:a8:1b:70:27:93:02:a4:cb:b4:a5:71:
                    5c:05:5c:2c:fd:b7:05:c9:d8:3a:77:6d:9b:f1:cc:
                    ea:ad:bf:cb:06:26:8d:1c:ef:b1:08:c9:4d:a0:14:
                    f1:3b:5b:85:92:60:fb:5b:84:f7:56:cc:30:a7:c5:
                    51:67:9d:32:b1:8e:26:e0:1f:5b:93:1a:c7:f1:5c:
                    2e:fc:77:2e:ff:48:3c:03:5e:34:19:be:a9:b8:2f:
                    d0:ac:af:2d:61:67:74:f5:14:d4:fd:21:55:80:cd:
                    ef:87:39:1a:76:92:3d:33:ed:0b:48:f3:19:15:f8:
                    ce:f0:f6:57:c1:82:27:d2:fa:8b:09:ab:22:46:38:
                    8f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6D:CC:13:75:4E:40:DA:EF:42:93:96:2D:B3:99:12:4F:71:3D:6B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5ed0b4aa-9e2b-4f4b-b149-5232774365f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:20:34:a7:8a:eb:d7:13:cc:93:28:82:d6:56:33:09:e4:4b:
         c7:ae:a3:d8:80:30:ff:82:fb:68:34:a2:87:2f:5d:a5:f5:f4:
         98:df:1c:d6:80:b1:c5:2e:f2:3a:17:e7:7b:90:0d:71:01:35:
         4e:8b:50:4e:cf:83:b7:b3:38:87:b5:84:9a:7d:ee:bc:50:ac:
         88:de:00:13:8f:53:9f:95:d8:f5:8b:a8:b2:fb:8b:85:c2:83:
         1d:fc:37:83:36:af:c6:d1:a8:db:80:a6:7b:46:9c:f5:b2:97:
         a9:f2:db:4d:38:10:a8:71:4a:88:2b:d0:a4:f7:06:30:c5:99:
         03:f1:f7:48:99:0b:40:7b:94:94:8a:39:b2:3c:7b:e9:77:3f:
         dd:5f:d7:89:70:63:6b:3b:47:4d:72:50:9d:6b:5f:3f:72:6d:
         6a:1e:fe:4f:d2:8f:cf:6f:2e:04:43:09:d5:b6:7a:a0:e3:ee:
         78:5b:d9:67:f9:f9:45:b6:29:18:21:32:57:58:62:4d:05:70:
         ab:ad:c6:8c:ab:bd:2c:0b:e2:e9:8a:e4:67:f1:b0:17:a5:d8:
         02:b2:8b:5e:8e:7d:e8:c9:c8:63:e8:1e:14:b9:fc:9b:16:9f:
         28:fa:ed:a2:3a:7e:72:e8:5b:98:ef:aa:19:08:64:e5:66:bd:
         d2:ad:3c:9c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUjVqIYf6VUAvQr5Io0X19Hk/Ax8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDA5MDAwMDAwWhcNMjQxMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzYyMzg1MTQ1MzA0ZDk3YWMwZDY0NTFjMjQ4YzgzZTY5
NDk5ZTY3YzU5ZGVjMzQ0MmQwMTljMWE2ZGJkMGMzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOQCrTCWQ53c9XuRnMN+qR5Y7d9Bdw59k9lCSEM59lEiaJ
aWgL1SeGVs6bnfXvKVzRhGYqRNufYNW0+HaLT1cIxBgzCQN+1N7NdbhpCGFqeABS
kehGvhmjhLWI486HAlvHzfdsjpGnu07T6JOdt5CLMyCHnOfcAAAuzZuoG3AnkwKk
y7SlcVwFXCz9twXJ2Dp3bZvxzOqtv8sGJo0c77EIyU2gFPE7W4WSYPtbhPdWzDCn
xVFnnTKxjibgH1uTGsfxXC78dy7/SDwDXjQZvqm4L9Csry1hZ3T1FNT9IVWAze+H
ORp2kj0z7QtI8xkV+M7w9lfBgifS+osJqyJGOI/jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUN23ME3VOQNrvQpOWLbOZEk9xPWswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVlZDBiNGFhLTllMmItNGY0Yi1iMTQ5LTUyMzI3NzQzNjVmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJsgNKeK69cTzJMogtZWMwnkS8eu
o9iAMP+C+2g0oocvXaX19JjfHNaAscUu8joX53uQDXEBNU6LUE7Pg7ezOIe1hJp9
7rxQrIjeABOPU5+V2PWLqLL7i4XCgx38N4M2r8bRqNuApntGnPWyl6ny2004EKhx
Sogr0KT3BjDFmQPx90iZC0B7lJSKObI8e+l3P91f14lwY2s7R01yUJ1rXz9ybWoe
/k/Sj89vLgRDCdW2eqDj7nhb2Wf5+UW2KRghMldYYk0FcKutxoyrvSwL4umK5Gfx
sBel2AKyi16OfejJyGPoHhS5/JsWnyj67aI6fnLoW5jvqhkIZOVmvdKtPJw=
-----END CERTIFICATE-----