Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7297019d-7666-40d7-99f5-62e8fcd2df6a.roa
File:                     7297019d-7666-40d7-99f5-62e8fcd2df6a.roa (raw, json)
Hash identifier:          e+wIwffQYul99M+0YMFyRH+bQagJvAM/jVi/trU11Ts=
Subject key identifier:   B3:9E:FB:33:A4:3C:76:45:3D:74:B7:3F:37:A6:9C:35:57:EF:7D:D1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7B0612B5535B0642473D854E34546057244BA77D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7297019d-7666-40d7-99f5-62e8fcd2df6a.roa
Signing time:             Wed 26 Jun 2024 00:00:00 +0000
ROA not before:           Wed 26 Jun 2024 00:00:00 +0000
ROA not after:            Wed 31 Jul 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:06:12:b5:53:5b:06:42:47:3d:85:4e:34:54:60:57:24:4b:a7:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 26 00:00:00 2024 GMT
            Not After : Jul 31 23:59:59 2024 GMT
        Subject: serialNumber=4ec30f8ddab961a06df9f6270735b1053c3081871948aa4616decc14d9de1eb7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:10:d0:68:b4:f8:61:f4:bc:f1:7f:b0:33:ea:
                    61:3e:d0:cb:f9:8d:43:d2:d4:1a:56:0f:ed:9b:5d:
                    d3:92:b4:c1:f4:02:7e:ee:4d:22:fa:66:bb:77:8e:
                    b7:9e:01:6e:3d:a8:43:aa:c2:bf:10:94:ff:83:f8:
                    09:d6:9e:90:4e:c7:ca:b9:53:32:75:69:6a:bc:79:
                    70:d7:3b:9a:ef:0c:c4:f4:f4:19:e7:f2:6f:81:ee:
                    6c:a8:22:90:3b:a1:6b:bd:bc:7b:e1:5b:07:9a:b3:
                    e7:77:9d:43:c1:ec:1f:af:37:55:fe:2e:de:53:e8:
                    99:70:c4:10:0d:9f:f7:b0:f6:3e:c0:23:8a:96:84:
                    22:b8:92:a8:70:73:cb:3f:d4:76:bc:32:b1:8d:2e:
                    a3:96:61:9b:65:43:b4:e8:62:0b:bf:46:00:63:14:
                    09:d4:3e:9c:22:84:22:61:ca:2c:09:4a:18:40:81:
                    e1:4a:45:6b:07:62:29:7e:dc:94:0a:aa:c0:90:59:
                    a7:1c:48:81:98:8e:93:20:06:1c:79:34:e7:19:34:
                    f4:63:0b:46:b0:2a:84:88:bb:f3:e7:19:b0:7d:e1:
                    5f:a9:bc:57:92:bc:e4:26:cd:0f:bd:8f:ed:aa:e5:
                    4d:2e:30:34:78:0c:f1:7e:e7:e6:d8:81:1c:7f:e1:
                    00:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:9E:FB:33:A4:3C:76:45:3D:74:B7:3F:37:A6:9C:35:57:EF:7D:D1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7297019d-7666-40d7-99f5-62e8fcd2df6a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:ef:ff:ba:e3:d2:30:24:8b:d4:40:99:8d:e5:eb:de:ad:b9:
         11:a2:20:56:bf:f5:f4:a8:8d:b8:6b:ec:61:e2:9c:d0:8e:d4:
         4b:30:da:e7:94:5c:2e:1e:66:50:82:e0:bd:98:2d:ce:94:da:
         95:1b:bf:22:55:58:03:e9:77:bb:ba:10:1f:fb:cd:0d:52:57:
         6c:90:71:f4:26:5c:c2:22:3f:a4:35:33:a9:c0:e4:97:6f:48:
         b8:7b:fe:27:e7:32:d0:23:24:f3:ef:1d:57:5e:b5:94:46:b6:
         c3:83:ff:77:34:e4:86:99:4b:17:48:af:5f:b8:62:97:92:97:
         66:d5:e6:f6:2a:4f:d1:de:81:7c:19:3a:f6:ec:47:12:b5:c9:
         16:88:60:ae:f3:9a:67:2e:c6:ff:2c:b2:3b:e9:4a:d2:35:fa:
         4d:fd:42:a5:a6:47:b0:52:a8:17:98:72:ea:e6:ae:5e:b7:14:
         e6:94:11:77:1f:a6:3f:70:4f:cb:75:40:cb:31:c6:d6:9f:2c:
         9d:6f:9b:50:c2:62:a2:1d:97:06:60:f5:d1:04:7b:c5:86:46:
         47:dd:d2:25:3a:40:2d:f1:0b:20:c6:8b:ff:8e:58:47:1a:b5:
         05:bc:36:83:a7:39:40:61:79:d2:03:23:97:42:da:df:a4:5d:
         96:13:06:d9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUewYStVNbBkJHPYVONFRgVyRLp30wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNjI2MDAwMDAwWhcNMjQwNzMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZWMzMGY4ZGRhYjk2MWEwNmRmOWY2MjcwNzM1YjEwNTNj
MzA4MTg3MTk0OGFhNDYxNmRlY2MxNGQ5ZGUxZWI3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHENBotPhh9Lzxf7Az6mE+0Mv5jUPS1BpWD+2bXdOStMH0
An7uTSL6Zrt3jreeAW49qEOqwr8QlP+D+AnWnpBOx8q5UzJ1aWq8eXDXO5rvDMT0
9Bnn8m+B7myoIpA7oWu9vHvhWweas+d3nUPB7B+vN1X+Lt5T6JlwxBANn/ew9j7A
I4qWhCK4kqhwc8s/1Ha8MrGNLqOWYZtlQ7ToYgu/RgBjFAnUPpwihCJhyiwJShhA
geFKRWsHYil+3JQKqsCQWaccSIGYjpMgBhx5NOcZNPRjC0awKoSIu/PnGbB94V+p
vFeSvOQmzQ+9j+2q5U0uMDR4DPF+5+bYgRx/4QCJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUs577M6Q8dkU9dLc/N6acNVfvfdEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcyOTcwMTlkLTc2NjYtNDBkNy05OWY1LTYyZThmY2QyZGY2YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADfv/7rj0jAki9RAmY3l696tuRGi
IFa/9fSojbhr7GHinNCO1Esw2ueUXC4eZlCC4L2YLc6U2pUbvyJVWAPpd7u6EB/7
zQ1SV2yQcfQmXMIiP6Q1M6nA5JdvSLh7/ifnMtAjJPPvHVdetZRGtsOD/3c05IaZ
SxdIr1+4YpeSl2bV5vYqT9HegXwZOvbsRxK1yRaIYK7zmmcuxv8ssjvpStI1+k39
QqWmR7BSqBeYcurmrl63FOaUEXcfpj9wT8t1QMsxxtafLJ1vm1DCYqIdlwZg9dEE
e8WGRkfd0iU6QC3xCyDGi/+OWEcatQW8NoOnOUBhedIDI5dC2t+kXZYTBtk=
-----END CERTIFICATE-----