Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8776590f-01bb-4e3f-8580-f0944b5a3f33.roa
File:                     8776590f-01bb-4e3f-8580-f0944b5a3f33.roa (raw, json)
Hash identifier:          R9atN76ILxtw+LxDWmdacziZkHq9MmRLaKBN/vpzlF8=
Subject key identifier:   94:47:4A:78:E4:C7:2C:E1:4D:DA:CD:E6:FF:0E:EC:61:88:E5:83:30
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4DE0665D311364E258FBF02258C3E88D679A22C0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8776590f-01bb-4e3f-8580-f0944b5a3f33.roa
Signing time:             Tue 28 Nov 2023 00:00:00 +0000
ROA not before:           Tue 28 Nov 2023 00:00:00 +0000
ROA not after:            Tue 02 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:e0:66:5d:31:13:64:e2:58:fb:f0:22:58:c3:e8:8d:67:9a:22:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 28 00:00:00 2023 GMT
            Not After : Jan  2 23:59:59 2024 GMT
        Subject: serialNumber=42234eb81ef928f4a7c75392d4e1815b69719441578b5e6648940d5f9a5dfb59, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:65:6b:58:d3:d8:7b:59:a6:cc:67:d9:a8:44:
                    dd:3d:19:1c:18:15:2a:ca:aa:4b:82:d8:25:7a:b8:
                    51:86:2f:df:57:f3:a0:b6:66:9f:d1:10:cf:55:c1:
                    11:c6:06:05:03:a7:d3:3a:53:3d:bb:a2:4e:2a:1a:
                    7b:e9:bf:00:dd:7b:fd:fd:2f:25:a9:f1:03:60:49:
                    c8:5b:d9:0e:73:c2:55:f8:2c:6b:c3:7c:d9:63:33:
                    af:c5:1d:6d:a0:65:c4:b6:51:7b:29:7b:60:28:ec:
                    73:b5:cc:78:7b:66:6c:b4:fd:68:15:63:ef:2a:6d:
                    53:4b:05:79:21:4d:90:ee:c9:3d:29:fc:2b:46:e7:
                    bb:af:5c:35:b5:2f:16:30:31:35:a3:30:54:95:cf:
                    15:ac:63:ce:a5:38:d8:c2:96:9b:d7:13:9b:42:f9:
                    13:36:7d:e0:a7:fe:75:db:81:40:5a:e5:bf:a4:1c:
                    3e:23:b1:e8:b3:f6:fc:6a:a0:9e:aa:aa:8c:da:2e:
                    bf:94:f9:23:e2:1b:dc:15:2a:4d:27:10:e3:80:6d:
                    d8:09:da:cc:c0:20:5e:e5:fd:32:64:3c:95:3b:56:
                    df:c5:9d:41:a5:f9:54:5f:f4:1a:a0:1d:fa:0c:d1:
                    bb:f3:85:26:93:45:bf:68:18:5f:4c:f1:b6:fc:7b:
                    55:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:47:4A:78:E4:C7:2C:E1:4D:DA:CD:E6:FF:0E:EC:61:88:E5:83:30
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8776590f-01bb-4e3f-8580-f0944b5a3f33.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:26:e9:33:ac:12:e5:0e:e6:89:dd:de:c6:9f:16:ab:52:13:
         d6:a1:7e:c6:8f:92:21:e3:1e:54:a0:79:99:60:ac:65:e0:85:
         b7:f8:84:d7:b8:7e:5c:c5:36:3a:86:82:af:b7:1d:fe:34:ec:
         a7:32:76:b8:d2:0c:fd:b5:f4:4d:3c:b0:0a:cd:6e:30:82:b2:
         8e:c5:13:48:d2:76:97:2c:98:1d:e8:36:21:e8:7b:5c:3b:3f:
         52:24:81:df:c6:49:4b:73:61:00:d6:0e:91:49:a3:ff:a7:41:
         b3:c3:3b:ac:29:8f:b3:c7:17:4c:a1:a5:5f:d2:13:5f:e0:96:
         63:d1:5d:ca:74:ae:b4:fd:4c:fc:66:b6:3e:13:fb:ef:89:f3:
         3f:41:91:df:68:15:4b:64:2f:cb:1e:d4:f7:cf:51:ea:56:2b:
         dd:16:54:86:ff:00:d3:02:a8:cb:bf:e7:6b:07:92:29:f8:6c:
         88:3e:8b:7c:e6:f4:9c:f9:e3:f0:66:72:e8:4b:d3:83:a6:f9:
         cf:53:c0:fc:96:2e:b3:3f:23:e6:fb:66:cb:45:86:04:b6:c6:
         82:33:89:a3:d6:b2:1b:ef:99:a7:5f:78:0c:5a:3e:aa:9b:87:
         05:25:c5:8b:e7:f5:64:d5:3d:6c:ac:16:98:ed:c9:f8:49:23:
         80:ab:4a:5f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTeBmXTETZOJY+/AiWMPojWeaIsAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI4MDAwMDAwWhcNMjQwMTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjIzNGViODFlZjkyOGY0YTdjNzUzOTJkNGUxODE1YjY5
NzE5NDQxNTc4YjVlNjY0ODk0MGQ1ZjlhNWRmYjU5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJZWtY09h7WabMZ9moRN09GRwYFSrKqkuC2CV6uFGGL99X
86C2Zp/REM9VwRHGBgUDp9M6Uz27ok4qGnvpvwDde/39LyWp8QNgSchb2Q5zwlX4
LGvDfNljM6/FHW2gZcS2UXspe2Ao7HO1zHh7Zmy0/WgVY+8qbVNLBXkhTZDuyT0p
/CtG57uvXDW1LxYwMTWjMFSVzxWsY86lONjClpvXE5tC+RM2feCn/nXbgUBa5b+k
HD4jseiz9vxqoJ6qqozaLr+U+SPiG9wVKk0nEOOAbdgJ2szAIF7l/TJkPJU7Vt/F
nUGl+VRf9BqgHfoM0bvzhSaTRb9oGF9M8bb8e1VHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlEdKeOTHLOFN2s3m/w7sYYjlgzAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg3NzY1OTBmLTAxYmItNGUzZi04NTgwLWYwOTQ0YjVhM2YzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACQm6TOsEuUO5ond3safFqtSE9ah
fsaPkiHjHlSgeZlgrGXghbf4hNe4flzFNjqGgq+3Hf407KcydrjSDP219E08sArN
bjCCso7FE0jSdpcsmB3oNiHoe1w7P1Ikgd/GSUtzYQDWDpFJo/+nQbPDO6wpj7PH
F0yhpV/SE1/glmPRXcp0rrT9TPxmtj4T+++J8z9Bkd9oFUtkL8se1PfPUepWK90W
VIb/ANMCqMu/52sHkin4bIg+i3zm9Jz54/BmcuhL04Om+c9TwPyWLrM/I+b7ZstF
hgS2xoIziaPWshvvmadfeAxaPqqbhwUlxYvn9WTVPWysFpjtyfhJI4CrSl8=
-----END CERTIFICATE-----