Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6326e40c-72ed-4105-93bf-2a78d74fbf35.roa
File:                     6326e40c-72ed-4105-93bf-2a78d74fbf35.roa (raw, json)
Hash identifier:          omT0WT05Vi5y6aAeqe/vUJT0BzT9InzVu4IxUIT5Qn0=
Subject key identifier:   E5:BB:73:C8:A1:6B:6B:0F:F9:76:EB:14:76:4E:F5:BD:23:12:CF:CE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       761E5F3666DBBB610CF487F0461C94073D8A9B26
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6326e40c-72ed-4105-93bf-2a78d74fbf35.roa
Signing time:             Thu 11 Jan 2024 00:00:00 +0000
ROA not before:           Thu 11 Jan 2024 00:00:00 +0000
ROA not after:            Thu 15 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:1e:5f:36:66:db:bb:61:0c:f4:87:f0:46:1c:94:07:3d:8a:9b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 11 00:00:00 2024 GMT
            Not After : Feb 15 23:59:59 2024 GMT
        Subject: serialNumber=53fc3548e2ec3c981c636f77451c43f3310e1767398313393e8060a396c01111, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7b:f6:8c:39:1f:2c:a0:98:be:cd:c3:bb:e3:
                    62:ea:1a:ab:3a:bc:a9:8f:cc:2a:dc:e8:a9:31:c2:
                    4b:be:77:e6:6b:43:7e:4e:d5:d0:2d:77:79:57:bd:
                    16:0c:64:b3:e8:37:6d:4d:39:9a:a9:dd:5d:f2:f7:
                    33:28:c1:d1:72:d6:68:e0:66:da:02:26:d6:e3:69:
                    55:90:f4:bb:b9:e7:a5:c9:f5:8a:d3:b8:94:0b:9b:
                    12:0a:76:21:cf:5c:e9:be:4e:eb:17:5b:23:3a:0d:
                    df:31:1f:57:62:1e:6f:30:12:91:c7:a7:7e:5b:59:
                    8d:97:71:1a:53:25:5d:7e:41:75:1d:d6:98:1e:17:
                    0b:95:1b:e3:78:a1:a2:6b:51:55:5f:34:64:6d:74:
                    54:57:13:bd:59:14:46:e7:66:af:75:68:4f:90:2c:
                    eb:b6:48:72:f0:49:c6:71:ac:6b:80:dd:31:37:47:
                    52:1e:f1:f2:78:3a:65:5d:23:17:72:a8:be:7f:9e:
                    9a:82:73:15:84:62:a7:0d:0c:11:73:16:4d:16:2a:
                    c5:94:99:aa:f3:be:8c:a3:b6:4a:75:67:0f:10:bb:
                    32:37:99:32:10:d8:4c:df:11:fc:2c:21:8a:ad:aa:
                    74:57:1a:28:af:9f:f8:45:f8:81:99:a2:6c:53:4a:
                    13:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:BB:73:C8:A1:6B:6B:0F:F9:76:EB:14:76:4E:F5:BD:23:12:CF:CE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6326e40c-72ed-4105-93bf-2a78d74fbf35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:61:08:30:ee:f7:ab:d0:1a:5c:ef:a1:05:a4:7b:9a:7e:80:
         48:89:65:4c:2d:ff:e7:45:16:4b:6e:f7:51:29:88:da:56:44:
         46:43:7d:ba:aa:f5:94:0f:72:57:90:42:77:43:df:9f:bd:a5:
         a1:8c:bf:33:68:20:0c:8d:29:34:d2:72:b9:c0:b6:a0:cf:19:
         55:0e:36:ac:a3:17:b0:37:c6:38:c7:7d:cb:7d:be:ec:4b:94:
         00:a8:55:28:dd:9c:ea:a1:97:d7:7f:7c:86:a8:c3:36:21:64:
         33:e2:d3:92:6a:b0:76:ff:ed:cd:7b:b9:84:23:01:ca:92:ee:
         97:39:c7:68:c6:7e:51:de:8d:eb:98:d2:53:1e:5b:4c:c4:4d:
         b5:09:15:57:f4:87:4b:66:3f:d1:af:27:3a:45:90:85:27:a6:
         23:98:32:27:88:b2:22:ae:d5:22:7e:05:98:13:d1:29:33:ba:
         7b:25:5e:71:e8:23:a0:23:cd:52:e4:bb:93:47:ac:93:ad:d2:
         f1:9c:7c:21:eb:c4:00:a5:e0:29:68:49:7a:cc:5c:62:48:24:
         31:db:11:b4:d8:07:37:68:8f:77:2f:9a:62:92:73:ef:79:ff:
         60:de:82:6b:47:91:c7:1a:83:62:3f:d6:1f:65:45:dd:b1:6d:
         52:09:2f:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdh5fNmbbu2EM9IfwRhyUBz2KmyYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTExMDAwMDAwWhcNMjQwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1M2ZjMzU0OGUyZWMzYzk4MWM2MzZmNzc0NTFjNDNmMzMx
MGUxNzY3Mzk4MzEzMzkzZTgwNjBhMzk2YzAxMTExMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8e/aMOR8soJi+zcO742LqGqs6vKmPzCrc6Kkxwku+d+Zr
Q35O1dAtd3lXvRYMZLPoN21NOZqp3V3y9zMowdFy1mjgZtoCJtbjaVWQ9Lu556XJ
9YrTuJQLmxIKdiHPXOm+TusXWyM6Dd8xH1diHm8wEpHHp35bWY2XcRpTJV1+QXUd
1pgeFwuVG+N4oaJrUVVfNGRtdFRXE71ZFEbnZq91aE+QLOu2SHLwScZxrGuA3TE3
R1Ie8fJ4OmVdIxdyqL5/npqCcxWEYqcNDBFzFk0WKsWUmarzvoyjtkp1Zw8QuzI3
mTIQ2EzfEfwsIYqtqnRXGiivn/hF+IGZomxTShNXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5btzyKFraw/5dusUdk71vSMSz84wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYzMjZlNDBjLTcyZWQtNDEwNS05M2JmLTJhNzhkNzRmYmYzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHxhCDDu96vQGlzvoQWke5p+gEiJ
ZUwt/+dFFktu91EpiNpWREZDfbqq9ZQPcleQQndD35+9paGMvzNoIAyNKTTScrnA
tqDPGVUONqyjF7A3xjjHfct9vuxLlACoVSjdnOqhl9d/fIaowzYhZDPi05JqsHb/
7c17uYQjAcqS7pc5x2jGflHejeuY0lMeW0zETbUJFVf0h0tmP9GvJzpFkIUnpiOY
MieIsiKu1SJ+BZgT0SkzunslXnHoI6AjzVLku5NHrJOt0vGcfCHrxACl4CloSXrM
XGJIJDHbEbTYBzdoj3cvmmKSc+95/2DegmtHkccag2I/1h9lRd2xbVIJL9g=
-----END CERTIFICATE-----