Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/81687cc2-94db-4699-b5b3-43468745a69f.roa
File:                     81687cc2-94db-4699-b5b3-43468745a69f.roa (raw, json)
Hash identifier:          2faUiKr/SRl/mZcPMwA74ZS7IvxUBGC/A19aVGZUpa8=
Subject key identifier:   04:5D:97:E8:AA:BB:3E:86:E6:CE:7B:41:46:74:8E:B9:12:06:BB:8E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3E8774A9F832EA922441E44BC5D5091844D6D2CD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/81687cc2-94db-4699-b5b3-43468745a69f.roa
Signing time:             Mon 29 Apr 2024 00:00:00 +0000
ROA not before:           Mon 29 Apr 2024 00:00:00 +0000
ROA not after:            Mon 03 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:87:74:a9:f8:32:ea:92:24:41:e4:4b:c5:d5:09:18:44:d6:d2:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 29 00:00:00 2024 GMT
            Not After : Jun  3 23:59:59 2024 GMT
        Subject: serialNumber=69df79ce36afec35b30884fd64f763de34e3e374ea78326049336b7cc1dd1a33, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:c6:f8:30:1b:80:74:d0:24:70:3d:d1:13:41:
                    f5:dd:58:a7:37:85:d0:63:db:88:e0:e4:fc:81:60:
                    b2:9c:9f:92:92:cc:f8:c4:86:5a:07:19:30:79:e5:
                    d7:3b:eb:08:bf:c0:82:a6:46:29:0a:60:35:c6:68:
                    44:49:96:25:14:ca:19:d6:c2:b8:df:fb:6e:43:64:
                    24:fd:26:82:52:e5:dc:4a:0d:db:b8:ef:57:2a:13:
                    01:f3:59:a3:91:ce:a7:cd:f1:ec:63:be:eb:8d:f0:
                    65:48:15:e1:d8:be:1f:23:74:07:1c:8e:9c:78:10:
                    5d:a5:c8:f0:08:ca:af:71:b5:99:9a:6f:0f:7e:3a:
                    a8:92:69:4d:df:48:5f:c8:ab:05:d3:9c:df:d0:6e:
                    7d:ee:4b:6e:07:16:a0:3d:0e:8b:fc:cd:cc:eb:d2:
                    45:85:08:79:a0:f7:ae:9b:62:64:10:c4:af:80:aa:
                    d4:03:e4:a2:b1:8a:6f:ab:c2:70:2c:57:c2:32:8a:
                    2d:ef:3f:23:66:62:4b:da:a7:f2:69:08:91:ab:56:
                    9d:49:f0:68:e9:a4:f8:bb:7f:62:10:0b:3c:bd:7a:
                    31:7c:06:0b:ac:8e:bb:e0:c6:55:7e:57:df:67:a8:
                    54:68:02:44:8b:2a:83:40:7c:e2:de:af:75:8b:41:
                    3c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:5D:97:E8:AA:BB:3E:86:E6:CE:7B:41:46:74:8E:B9:12:06:BB:8E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/81687cc2-94db-4699-b5b3-43468745a69f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:61:e0:25:49:8b:43:d8:29:38:60:26:56:4d:07:fe:45:9b:
         cf:45:ed:c1:1a:f5:78:63:c2:88:dc:e9:6c:e9:08:8b:b2:8b:
         4d:cb:16:65:46:6c:53:98:35:53:d6:d6:ba:2e:59:9d:3e:5b:
         c9:4f:2a:d0:09:e4:66:bf:52:c1:5f:d2:68:ca:2b:bd:52:0d:
         3c:8c:b8:9a:86:a7:1f:92:8e:c6:14:9e:e5:ab:0a:3a:ea:05:
         24:96:e0:a5:32:bc:93:d9:38:86:eb:76:0a:57:c5:c2:a9:af:
         a4:54:3e:17:91:56:d7:57:b5:9e:f2:16:3d:60:8d:e6:07:9a:
         a8:77:d5:0d:c1:65:78:80:ef:9c:e8:42:8d:6e:bb:c6:56:6a:
         99:30:bf:87:db:e9:41:81:3f:47:11:b5:dc:9b:57:87:74:b2:
         ca:51:48:cc:79:dc:ad:2d:dd:da:9f:d8:ca:77:87:13:f3:69:
         3e:2a:15:93:15:77:8d:c4:40:f3:57:09:e6:b7:6e:21:0c:eb:
         d4:af:1a:a3:d0:63:97:8e:f8:02:6f:2c:e8:49:33:77:8d:12:
         90:e8:a9:83:97:0b:48:6a:1e:e8:53:f7:80:ba:90:63:b0:8a:
         90:95:60:ec:2d:a5:f7:18:ee:22:af:c2:32:f4:aa:d3:52:72:
         a8:b2:4d:6d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPod0qfgy6pIkQeRLxdUJGETW0s0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDI5MDAwMDAwWhcNMjQwNjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2OWRmNzljZTM2YWZlYzM1YjMwODg0ZmQ2NGY3NjNkZTM0
ZTNlMzc0ZWE3ODMyNjA0OTMzNmI3Y2MxZGQxYTMzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmxvgwG4B00CRwPdETQfXdWKc3hdBj24jg5PyBYLKcn5KS
zPjEhloHGTB55dc76wi/wIKmRikKYDXGaERJliUUyhnWwrjf+25DZCT9JoJS5dxK
Ddu471cqEwHzWaORzqfN8exjvuuN8GVIFeHYvh8jdAccjpx4EF2lyPAIyq9xtZma
bw9+OqiSaU3fSF/IqwXTnN/Qbn3uS24HFqA9Dov8zczr0kWFCHmg966bYmQQxK+A
qtQD5KKxim+rwnAsV8Iyii3vPyNmYkvap/JpCJGrVp1J8GjppPi7f2IQCzy9ejF8
BgusjrvgxlV+V99nqFRoAkSLKoNAfOLer3WLQTydAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBF2X6Kq7PobmzntBRnSOuRIGu44wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgxNjg3Y2MyLTk0ZGItNDY5OS1iNWIzLTQzNDY4NzQ1YTY5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ5h4CVJi0PYKThgJlZNB/5Fm89F
7cEa9Xhjwojc6WzpCIuyi03LFmVGbFOYNVPW1rouWZ0+W8lPKtAJ5Ga/UsFf0mjK
K71SDTyMuJqGpx+SjsYUnuWrCjrqBSSW4KUyvJPZOIbrdgpXxcKpr6RUPheRVtdX
tZ7yFj1gjeYHmqh31Q3BZXiA75zoQo1uu8ZWapkwv4fb6UGBP0cRtdybV4d0sspR
SMx53K0t3dqf2Mp3hxPzaT4qFZMVd43EQPNXCea3biEM69SvGqPQY5eO+AJvLOhJ
M3eNEpDoqYOXC0hqHuhT94C6kGOwipCVYOwtpfcY7iKvwjL0qtNScqiyTW0=
-----END CERTIFICATE-----