Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/74ff579b-2a88-46e4-b1f1-539136888ad1.roa
File:                     74ff579b-2a88-46e4-b1f1-539136888ad1.roa (raw, json)
Hash identifier:          o3BQ+CUxk9JYA7Kx2vo0oAqYaIV6VNS9BAGoLktzBKQ=
Subject key identifier:   46:8E:90:A7:B8:16:A1:B8:12:E7:B2:A1:C0:65:B3:C2:76:89:A7:7A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       069B799B6453F8AFEB087BE7E2DB4162198F9023
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/74ff579b-2a88-46e4-b1f1-539136888ad1.roa
Signing time:             Tue 28 May 2024 00:00:00 +0000
ROA not before:           Tue 28 May 2024 00:00:00 +0000
ROA not after:            Tue 02 Jul 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:9b:79:9b:64:53:f8:af:eb:08:7b:e7:e2:db:41:62:19:8f:90:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 28 00:00:00 2024 GMT
            Not After : Jul  2 23:59:59 2024 GMT
        Subject: serialNumber=df3596f42aeb95e69c7fe3ae47552ff21cf2cac595b68f30986745a7ec4d2638, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ba:b2:18:26:86:8b:53:b5:3d:56:c8:d9:3d:
                    52:6a:57:ca:09:e5:b4:eb:53:b2:9f:7d:08:fe:41:
                    dc:19:e8:1e:03:5e:2d:be:a8:9a:5c:0f:c2:1c:89:
                    64:a2:9b:33:97:87:0a:7c:1d:71:64:80:43:e5:64:
                    d1:25:6e:d8:e8:c6:2f:30:34:ff:18:ba:0d:0b:24:
                    8d:ea:b8:2a:d5:bf:b1:0b:58:23:87:f2:26:25:96:
                    9d:ad:41:5a:f6:61:a4:de:db:94:0e:0c:c5:5f:53:
                    11:ba:fa:36:f3:d1:7b:e4:d1:d7:ae:f2:a8:7a:6f:
                    5d:55:51:16:c9:9c:f7:78:ad:f7:ed:9d:94:ec:a3:
                    53:99:cf:2c:83:29:e2:54:8f:ef:6c:a0:b0:8e:5e:
                    b9:f4:ca:e7:d4:ba:cb:83:50:6d:dc:2e:b2:3a:63:
                    6f:21:ef:95:16:6c:35:b1:f5:7c:ae:53:c3:0c:e2:
                    40:c4:c9:86:1e:d9:4a:cd:e2:d3:17:75:8a:cc:65:
                    c6:fc:ef:f2:cd:73:b3:34:74:0b:95:06:b4:0a:6e:
                    17:49:33:4a:d2:1a:57:c5:af:03:a4:49:58:c3:ad:
                    56:14:df:c7:e4:8b:d5:dd:15:61:6a:34:35:4f:01:
                    65:24:52:b4:c6:ac:1d:4a:c5:42:84:6f:f3:0d:71:
                    72:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8E:90:A7:B8:16:A1:B8:12:E7:B2:A1:C0:65:B3:C2:76:89:A7:7A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/74ff579b-2a88-46e4-b1f1-539136888ad1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:6d:1c:9f:86:7c:82:ba:af:7d:f1:cd:5c:e3:00:a8:6e:79:
         cd:4e:92:aa:99:61:37:20:50:f7:67:14:28:b5:19:e5:4d:09:
         35:97:f2:a5:38:82:36:0a:84:4e:1f:b4:e0:e0:3f:49:72:ed:
         f5:42:64:81:bb:ef:97:f8:69:d9:52:a2:0e:8d:4a:c4:26:86:
         e1:20:71:e4:25:32:21:35:2c:12:74:0c:81:d8:e2:6c:e4:b9:
         23:f5:e7:ca:59:f9:3f:3b:1b:cb:33:9a:9d:d4:ee:8b:b2:c7:
         73:42:88:d6:bf:09:77:82:1b:e0:ea:be:2a:db:6e:51:37:99:
         0b:de:38:8d:f2:af:7b:d6:64:10:d8:5f:b2:a2:1a:3a:6d:2b:
         95:7d:67:4d:68:b3:0d:c0:3b:cb:85:54:db:fc:b7:31:03:78:
         82:e0:44:56:7c:24:c9:02:26:f4:61:d1:32:6f:7d:38:56:ec:
         40:89:37:bd:73:87:63:01:32:6b:37:bb:c2:e2:85:70:77:75:
         6d:1c:e4:05:27:50:bf:b9:11:e7:d6:a7:d8:1d:37:6d:18:59:
         98:a3:54:a7:1d:7c:d8:af:79:6a:4c:52:46:5f:d6:61:a1:c8:
         f7:93:32:e0:a1:0c:ea:07:a9:b7:70:da:72:56:c4:c8:c5:4f:
         5e:64:4e:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBpt5m2RT+K/rCHvn4ttBYhmPkCMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTI4MDAwMDAwWhcNMjQwNzAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjM1OTZmNDJhZWI5NWU2OWM3ZmUzYWU0NzU1MmZmMjFj
ZjJjYWM1OTViNjhmMzA5ODY3NDVhN2VjNGQyNjM4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIurIYJoaLU7U9VsjZPVJqV8oJ5bTrU7KffQj+QdwZ6B4D
Xi2+qJpcD8IciWSimzOXhwp8HXFkgEPlZNElbtjoxi8wNP8Yug0LJI3quCrVv7EL
WCOH8iYllp2tQVr2YaTe25QODMVfUxG6+jbz0Xvk0deu8qh6b11VURbJnPd4rfft
nZTso1OZzyyDKeJUj+9soLCOXrn0yufUusuDUG3cLrI6Y28h75UWbDWx9XyuU8MM
4kDEyYYe2UrN4tMXdYrMZcb87/LNc7M0dAuVBrQKbhdJM0rSGlfFrwOkSVjDrVYU
38fki9XdFWFqNDVPAWUkUrTGrB1KxUKEb/MNcXKTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURo6Qp7gWobgS57KhwGWzwnaJp3owHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc0ZmY1NzliLTJhODgtNDZlNC1iMWYxLTUzOTEzNjg4OGFkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALVtHJ+GfIK6r33xzVzjAKhuec1O
kqqZYTcgUPdnFCi1GeVNCTWX8qU4gjYKhE4ftODgP0ly7fVCZIG775f4adlSog6N
SsQmhuEgceQlMiE1LBJ0DIHY4mzkuSP158pZ+T87G8szmp3U7ouyx3NCiNa/CXeC
G+DqvirbblE3mQveOI3yr3vWZBDYX7KiGjptK5V9Z01osw3AO8uFVNv8tzEDeILg
RFZ8JMkCJvRh0TJvfThW7ECJN71zh2MBMms3u8LihXB3dW0c5AUnUL+5EefWp9gd
N20YWZijVKcdfNiveWpMUkZf1mGhyPeTMuChDOoHqbdw2nJWxMjFT15kTqI=
-----END CERTIFICATE-----