Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/63fb9a1b-d4b1-4377-8f1e-2cd2ac8bfe2e.roa
File:                     63fb9a1b-d4b1-4377-8f1e-2cd2ac8bfe2e.roa (raw, json)
Hash identifier:          UN+hlNC7kPmW/tXEzi1VqKqC5W83B/TsdNz3kbojK9I=
Subject key identifier:   CE:D1:46:EF:0E:A0:0E:CC:C4:CA:E7:3B:80:20:27:C4:30:03:5E:72
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4C5DF6DBEBC038801844C7F2C73B2A52F0642303
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/63fb9a1b-d4b1-4377-8f1e-2cd2ac8bfe2e.roa
Signing time:             Sun 02 Jun 2024 00:00:00 +0000
ROA not before:           Sun 02 Jun 2024 00:00:00 +0000
ROA not after:            Sun 07 Jul 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:5d:f6:db:eb:c0:38:80:18:44:c7:f2:c7:3b:2a:52:f0:64:23:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun  2 00:00:00 2024 GMT
            Not After : Jul  7 23:59:59 2024 GMT
        Subject: serialNumber=0432706d99176d94abde04e66794b558c17632d3b13a4fd352c872b2efa75e34, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a6:78:17:1f:00:31:1b:3c:e0:66:86:72:ac:
                    74:ec:7c:83:b2:eb:96:cb:5e:61:17:23:d9:17:8d:
                    c9:a6:63:fc:ca:ec:2e:ac:58:2d:3a:62:dc:e8:02:
                    6e:e9:c6:e8:59:d2:e8:15:ec:8c:44:45:bb:9e:af:
                    c4:18:40:91:dd:e1:68:6e:e8:17:4e:eb:0b:3b:c5:
                    64:7f:2a:6e:f9:c8:53:d9:42:56:78:f7:4e:bb:76:
                    c6:72:b1:f3:37:f7:8a:e1:6b:e4:38:72:48:0d:9b:
                    cf:50:bc:25:57:54:c2:a2:d5:2d:e6:86:6b:5e:6d:
                    09:cd:93:75:5c:af:a4:81:52:16:4a:a7:89:87:a3:
                    89:ca:44:95:db:6d:e8:ec:73:78:b0:9c:ab:ef:de:
                    fb:df:db:90:5a:2a:34:0c:c9:54:fc:59:ac:30:42:
                    ab:9c:1e:be:e0:79:a2:6e:74:40:d8:69:9a:12:d9:
                    58:ac:5c:03:bb:b6:99:b9:90:eb:85:15:90:7f:1d:
                    3e:59:94:b1:c1:fa:a7:01:27:ec:83:25:10:2d:57:
                    41:f9:db:ea:24:ed:a5:3d:25:fb:17:9c:cc:63:08:
                    64:1d:8b:65:ba:7e:da:da:0d:a6:bd:1e:ba:2d:8f:
                    d4:d6:9a:7e:78:c0:85:f0:7a:bf:8b:54:30:40:d2:
                    a2:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:D1:46:EF:0E:A0:0E:CC:C4:CA:E7:3B:80:20:27:C4:30:03:5E:72
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/63fb9a1b-d4b1-4377-8f1e-2cd2ac8bfe2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:a0:61:6a:3d:7f:ac:32:20:11:35:d4:7b:d8:a6:f7:3b:05:
         53:4c:0e:da:8f:7c:34:1e:a6:b8:30:27:f4:6d:5d:c0:ca:32:
         71:0c:3d:ad:2f:ad:2d:35:4f:75:73:14:a5:21:36:29:99:78:
         37:17:bc:b5:49:23:f1:d3:27:fa:62:bf:86:f6:8a:b5:55:02:
         bd:29:41:a5:23:0f:a3:bd:11:13:61:22:42:8e:a8:93:5a:d3:
         f7:14:f7:5f:af:4a:d0:34:72:7b:b7:b6:c3:ad:08:e4:4f:ec:
         68:34:33:75:67:e8:35:4b:5f:d5:4a:b6:2e:58:fd:46:6b:6c:
         7a:ae:33:f9:e5:7b:08:d1:a2:7f:ff:26:a0:89:77:c8:ed:b5:
         fe:57:49:21:65:42:24:3c:d8:19:aa:1f:b2:75:8a:3d:06:b8:
         06:cf:17:95:bd:62:4d:9b:aa:3a:a9:b3:1e:08:a6:55:0a:8a:
         51:c3:78:8a:6d:b9:e2:44:28:7c:bb:f0:ee:43:d7:85:84:75:
         75:81:0a:34:23:0a:fb:e9:22:f3:e1:f0:bf:61:ff:f0:d3:3e:
         90:c5:86:28:31:17:20:08:a3:ca:23:b0:ae:f3:9c:5a:16:71:
         c2:9f:1c:b8:52:f6:7e:27:2c:0d:eb:a9:ed:39:c2:3e:85:b1:
         a7:7e:9c:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTF322+vAOIAYRMfyxzsqUvBkIwMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNjAyMDAwMDAwWhcNMjQwNzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDMyNzA2ZDk5MTc2ZDk0YWJkZTA0ZTY2Nzk0YjU1OGMx
NzYzMmQzYjEzYTRmZDM1MmM4NzJiMmVmYTc1ZTM0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2pngXHwAxGzzgZoZyrHTsfIOy65bLXmEXI9kXjcmmY/zK
7C6sWC06YtzoAm7pxuhZ0ugV7IxERbuer8QYQJHd4Whu6BdO6ws7xWR/Km75yFPZ
QlZ49067dsZysfM394rha+Q4ckgNm89QvCVXVMKi1S3mhmtebQnNk3Vcr6SBUhZK
p4mHo4nKRJXbbejsc3iwnKvv3vvf25BaKjQMyVT8WawwQqucHr7geaJudEDYaZoS
2VisXAO7tpm5kOuFFZB/HT5ZlLHB+qcBJ+yDJRAtV0H52+ok7aU9JfsXnMxjCGQd
i2W6ftraDaa9Hrotj9TWmn54wIXwer+LVDBA0qKjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUztFG7w6gDszEyuc7gCAnxDADXnIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYzZmI5YTFiLWQ0YjEtNDM3Ny04ZjFlLTJjZDJhYzhiZmUyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALegYWo9f6wyIBE11HvYpvc7BVNM
DtqPfDQeprgwJ/RtXcDKMnEMPa0vrS01T3VzFKUhNimZeDcXvLVJI/HTJ/piv4b2
irVVAr0pQaUjD6O9ERNhIkKOqJNa0/cU91+vStA0cnu3tsOtCORP7Gg0M3Vn6DVL
X9VKti5Y/UZrbHquM/nlewjRon//JqCJd8jttf5XSSFlQiQ82BmqH7J1ij0GuAbP
F5W9Yk2bqjqpsx4IplUKilHDeIptueJEKHy78O5D14WEdXWBCjQjCvvpIvPh8L9h
//DTPpDFhigxFyAIo8ojsK7znFoWccKfHLhS9n4nLA3rqe05wj6Fsad+nE4=
-----END CERTIFICATE-----