Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/86f4d5fd-a326-47c2-a0a8-2891d44ccf3a.roa
File:                     86f4d5fd-a326-47c2-a0a8-2891d44ccf3a.roa (raw, json)
Hash identifier:          QkIU8YP8cUX02S4CL8TqAtEtkRkThXJHieej764rPZk=
Subject key identifier:   6C:E2:41:37:A1:A9:00:18:01:B6:B6:64:8C:24:EC:27:EF:2E:18:3D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       43EC1DAF05F01CBD561ACC38B3F418DF3BAFD639
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/86f4d5fd-a326-47c2-a0a8-2891d44ccf3a.roa
Signing time:             Sun 01 Sep 2024 00:00:00 +0000
ROA not before:           Sun 01 Sep 2024 00:00:00 +0000
ROA not after:            Sun 06 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:ec:1d:af:05:f0:1c:bd:56:1a:cc:38:b3:f4:18:df:3b:af:d6:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  1 00:00:00 2024 GMT
            Not After : Oct  6 23:59:59 2024 GMT
        Subject: serialNumber=d1ea1e2602325d7da09ebc8c3f66c207da0c7cd31e5464beba553478b5c882b3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:54:78:01:d6:09:89:31:75:06:0b:e5:77:ee:
                    5d:51:52:15:1e:51:2b:b0:25:51:4b:fb:21:30:4a:
                    0f:3c:d1:e1:c4:32:e0:f9:d1:6b:bc:ee:f3:db:d7:
                    db:c7:1a:ff:8c:3a:62:6a:ef:14:db:9b:91:2c:27:
                    b8:51:f0:5d:d9:80:bc:ee:62:51:ee:d8:6e:aa:ce:
                    53:c0:87:c9:88:78:45:3b:7d:dc:a5:36:9b:51:a0:
                    2e:8b:90:13:18:fb:e4:a3:c3:06:20:9b:48:a1:11:
                    01:7f:2e:37:b1:ec:d6:9c:51:a4:20:65:3f:f9:f1:
                    fa:13:42:dc:66:45:fc:2c:59:aa:df:ba:26:4f:14:
                    28:e0:c8:86:21:f2:d7:b0:5c:91:bc:53:c6:50:f2:
                    11:52:7e:0b:07:42:80:ca:7b:e1:a6:0b:76:d8:07:
                    78:63:28:59:97:a5:34:6d:33:4d:ba:09:42:ed:77:
                    be:3d:18:bb:84:f1:c2:ac:36:5a:a2:a0:74:8e:87:
                    2f:97:86:0f:27:52:56:e7:30:f6:60:a4:0a:f8:29:
                    4a:44:29:e1:46:db:74:36:53:0a:d0:ce:51:36:26:
                    72:28:80:50:f7:7f:ef:58:e0:b8:c0:a3:74:51:3c:
                    6d:09:54:1c:6a:cf:7a:91:ae:ab:02:a0:d4:ea:72:
                    76:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E2:41:37:A1:A9:00:18:01:B6:B6:64:8C:24:EC:27:EF:2E:18:3D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/86f4d5fd-a326-47c2-a0a8-2891d44ccf3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c2:c2:49:5f:8d:89:2f:59:f6:0f:38:c5:06:56:3a:96:a2:
         d2:76:80:cb:aa:78:34:82:4d:e6:6a:d0:a7:8d:d1:1d:b1:82:
         7d:9a:1f:28:cb:52:73:ff:0f:29:d8:fe:f6:8c:f5:8f:fa:ec:
         3e:2f:55:cd:54:8c:a8:63:d7:16:d0:43:20:d0:a6:f2:35:21:
         c0:10:24:f1:0d:77:52:1c:ef:de:60:52:07:b9:b9:9e:ba:20:
         f8:e4:98:0e:0b:7e:37:8c:05:84:c6:f0:be:6f:ef:af:1a:20:
         4a:2a:08:84:1a:5a:61:a9:40:c5:0f:0a:a9:d8:bc:0c:bc:74:
         4a:59:27:20:a0:99:36:89:11:ad:20:3a:8c:22:4f:b7:44:23:
         86:0a:de:27:43:d9:69:df:0d:45:7d:84:d0:5c:97:22:24:41:
         dd:2c:bd:d4:bf:a4:7c:ed:a5:b9:0c:e7:38:1f:05:5d:90:7f:
         ec:d4:4d:02:0b:89:84:1d:fb:5d:b0:95:ff:2e:d4:c8:b3:3b:
         95:c0:ce:4c:7f:87:94:2b:ea:c2:eb:9f:cb:61:8a:cd:e4:bf:
         84:b0:a9:af:25:05:77:02:f1:e7:57:f1:59:53:fc:d3:39:95:
         ec:34:b4:2d:88:23:b9:c7:8a:a3:c9:4d:ec:a2:8e:28:23:db:
         66:db:a1:06
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ+wdrwXwHL1WGsw4s/QY3zuv1jkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwOTAxMDAwMDAwWhcNMjQxMDA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMWVhMWUyNjAyMzI1ZDdkYTA5ZWJjOGMzZjY2YzIwN2Rh
MGM3Y2QzMWU1NDY0YmViYTU1MzQ3OGI1Yzg4MmIzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqVHgB1gmJMXUGC+V37l1RUhUeUSuwJVFL+yEwSg880eHE
MuD50Wu87vPb19vHGv+MOmJq7xTbm5EsJ7hR8F3ZgLzuYlHu2G6qzlPAh8mIeEU7
fdylNptRoC6LkBMY++SjwwYgm0ihEQF/Ljex7NacUaQgZT/58foTQtxmRfwsWarf
uiZPFCjgyIYh8tewXJG8U8ZQ8hFSfgsHQoDKe+GmC3bYB3hjKFmXpTRtM026CULt
d749GLuE8cKsNlqioHSOhy+Xhg8nUlbnMPZgpAr4KUpEKeFG23Q2UwrQzlE2JnIo
gFD3f+9Y4LjAo3RRPG0JVBxqz3qRrqsCoNTqcnbPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbOJBN6GpABgBtrZkjCTsJ+8uGD0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg2ZjRkNWZkLWEzMjYtNDdjMi1hMGE4LTI4OTFkNDRjY2YzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACPCwklfjYkvWfYPOMUGVjqWotJ2
gMuqeDSCTeZq0KeN0R2xgn2aHyjLUnP/DynY/vaM9Y/67D4vVc1UjKhj1xbQQyDQ
pvI1IcAQJPENd1Ic795gUge5uZ66IPjkmA4LfjeMBYTG8L5v768aIEoqCIQaWmGp
QMUPCqnYvAy8dEpZJyCgmTaJEa0gOowiT7dEI4YK3idD2WnfDUV9hNBclyIkQd0s
vdS/pHztpbkM5zgfBV2Qf+zUTQILiYQd+12wlf8u1MizO5XAzkx/h5Qr6sLrn8th
is3kv4Swqa8lBXcC8edX8VlT/NM5lew0tC2II7nHiqPJTeyijigj22bboQY=
-----END CERTIFICATE-----