Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/692cf3d1-bc61-4a2c-ace3-4623197736ae.roa
File:                     692cf3d1-bc61-4a2c-ace3-4623197736ae.roa (raw, json)
Hash identifier:          w241Alp/TeFBngEZmAg9C5uI7iqhlJKd9O/AnFUVhfc=
Subject key identifier:   E3:70:CD:99:73:F0:63:BE:13:E0:5F:21:5A:56:60:D9:4E:26:76:20
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2623F2302EB600008B814B29620247C8A67AF88C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/692cf3d1-bc61-4a2c-ace3-4623197736ae.roa
Signing time:             Sun 03 Mar 2024 00:00:00 +0000
ROA not before:           Sun 03 Mar 2024 00:00:00 +0000
ROA not after:            Sun 07 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:23:f2:30:2e:b6:00:00:8b:81:4b:29:62:02:47:c8:a6:7a:f8:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  3 00:00:00 2024 GMT
            Not After : Apr  7 23:59:59 2024 GMT
        Subject: serialNumber=d4075a649de0ba930f6aa6f6f3ded3b0192087f95bca6ba1a99ec7daf990ad7f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:82:9a:a6:c8:ce:f9:94:89:53:53:c0:f7:33:
                    02:d4:bc:d2:8e:a5:ca:35:a8:de:03:af:02:a2:e5:
                    71:84:e3:54:9a:c5:fa:3f:00:d0:77:8e:a6:21:1b:
                    9b:17:43:0d:0d:a2:79:ae:10:81:b1:ec:ff:2d:8e:
                    81:4b:f7:c7:c7:b2:cb:72:c4:b0:f8:51:d2:88:83:
                    59:59:a2:36:6f:07:b5:b6:07:1a:d2:46:27:78:6f:
                    1a:63:66:7e:30:47:76:c3:01:c4:42:52:a6:45:27:
                    b8:8c:87:51:29:49:db:54:b7:50:b8:87:83:5e:8e:
                    25:67:e3:4d:e6:a5:c7:81:ae:ab:64:0b:ad:b9:dc:
                    c8:00:a5:65:ba:0c:9d:ac:16:be:83:1e:10:72:cb:
                    c6:03:c6:01:0b:31:9b:4d:0d:07:c9:e6:e1:39:5e:
                    24:24:6a:13:29:b7:17:a5:14:ef:74:bb:c6:c8:28:
                    80:ad:f5:0f:fe:02:0e:59:78:c5:34:4d:ed:93:c9:
                    8a:75:46:8a:2d:43:db:0f:34:d8:bd:5e:5e:90:79:
                    d6:51:e0:c9:0f:d0:10:a6:89:67:a5:2c:61:e7:1c:
                    88:ad:be:ed:ff:45:ff:44:9a:bb:26:74:47:c0:6a:
                    ce:33:c1:e9:bb:74:4c:a8:c4:ca:2a:17:06:5c:eb:
                    dd:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:70:CD:99:73:F0:63:BE:13:E0:5F:21:5A:56:60:D9:4E:26:76:20
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/692cf3d1-bc61-4a2c-ace3-4623197736ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:29:c3:90:94:96:9c:a2:0b:64:4f:bf:0e:a6:09:2f:9f:b8:
         39:d2:63:18:7f:11:0b:fd:17:89:26:05:32:f0:0b:3d:f2:31:
         09:19:9e:2f:2c:1e:71:53:6b:c2:d9:2f:c3:93:89:8a:75:16:
         cd:de:96:b6:ce:7d:36:85:b1:07:44:3b:8e:a5:ee:13:f8:12:
         34:5e:5a:51:cf:e3:df:12:01:88:a8:23:d3:b8:14:0b:08:df:
         65:b9:23:81:c7:19:7a:5d:6e:7a:6d:3c:6d:c5:e7:45:7e:7e:
         00:8e:8c:41:f3:c2:34:34:6d:ab:cc:cc:c4:05:e2:7d:ef:93:
         b7:0b:8f:8b:bf:e3:5f:59:31:88:37:f3:9f:38:2c:bc:df:44:
         62:68:99:bc:b0:24:2a:6d:3a:c0:20:b7:a6:cd:2a:31:00:7c:
         4c:fe:f7:27:68:47:0d:d0:07:27:e1:ec:8d:79:46:fb:d8:40:
         86:94:8e:36:63:74:0b:96:6f:dc:35:9d:22:76:e8:a0:68:9b:
         83:5e:62:b3:99:1f:db:eb:bc:74:d7:ae:01:62:55:93:77:22:
         dd:7d:a5:2e:c1:29:92:3b:22:91:ee:55:8a:77:e1:de:c1:9c:
         0b:44:50:58:ab:99:a2:eb:00:7e:a5:f1:95:74:bf:1f:6c:c4:
         4f:69:32:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJiPyMC62AACLgUspYgJHyKZ6+IwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzAzMDAwMDAwWhcNMjQwNDA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNDA3NWE2NDlkZTBiYTkzMGY2YWE2ZjZmM2RlZDNiMDE5
MjA4N2Y5NWJjYTZiYTFhOTllYzdkYWY5OTBhZDdmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChgpqmyM75lIlTU8D3MwLUvNKOpco1qN4DrwKi5XGE41Sa
xfo/ANB3jqYhG5sXQw0NonmuEIGx7P8tjoFL98fHsstyxLD4UdKIg1lZojZvB7W2
BxrSRid4bxpjZn4wR3bDAcRCUqZFJ7iMh1EpSdtUt1C4h4NejiVn403mpceBrqtk
C6253MgApWW6DJ2sFr6DHhByy8YDxgELMZtNDQfJ5uE5XiQkahMptxelFO90u8bI
KICt9Q/+Ag5ZeMU0Te2TyYp1RootQ9sPNNi9Xl6QedZR4MkP0BCmiWelLGHnHIit
vu3/Rf9EmrsmdEfAas4zwem7dEyoxMoqFwZc690jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU43DNmXPwY74T4F8hWlZg2U4mdiAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY5MmNmM2QxLWJjNjEtNGEyYy1hY2UzLTQ2MjMxOTc3MzZhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFIpw5CUlpyiC2RPvw6mCS+fuDnS
Yxh/EQv9F4kmBTLwCz3yMQkZni8sHnFTa8LZL8OTiYp1Fs3elrbOfTaFsQdEO46l
7hP4EjReWlHP498SAYioI9O4FAsI32W5I4HHGXpdbnptPG3F50V+fgCOjEHzwjQ0
bavMzMQF4n3vk7cLj4u/419ZMYg38584LLzfRGJombywJCptOsAgt6bNKjEAfEz+
9ydoRw3QByfh7I15RvvYQIaUjjZjdAuWb9w1nSJ26KBom4NeYrOZH9vrvHTXrgFi
VZN3It19pS7BKZI7IpHuVYp34d7BnAtEUFirmaLrAH6l8ZV0vx9sxE9pMgw=
-----END CERTIFICATE-----