Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/976dcbd9-29f9-4198-a02b-9b3a7c24a0e9.roa
File:                     976dcbd9-29f9-4198-a02b-9b3a7c24a0e9.roa (raw, json)
Hash identifier:          2TRCWlIV5J6/rXG+s01eV9sxG+YuCnWgNgHISrn5LAM=
Subject key identifier:   8E:E2:EA:51:6B:C5:CA:C3:A7:FD:DB:3A:42:20:EC:A7:7E:4C:B9:D1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       396E568022938CD620F7918BF15ABDF98BD6D522
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/976dcbd9-29f9-4198-a02b-9b3a7c24a0e9.roa
Signing time:             Sun 14 Jul 2024 00:00:00 +0000
ROA not before:           Sun 14 Jul 2024 00:00:00 +0000
ROA not after:            Sun 18 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:6e:56:80:22:93:8c:d6:20:f7:91:8b:f1:5a:bd:f9:8b:d6:d5:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 14 00:00:00 2024 GMT
            Not After : Aug 18 23:59:59 2024 GMT
        Subject: serialNumber=144bc62e26dcfdabd0556c47e8507818beca02a77e69843d4800a0a916ce7628, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0f:aa:d6:b8:b0:fe:e0:ec:15:cd:b2:cd:ed:
                    b7:63:57:21:fa:99:79:f0:ba:91:a5:2d:71:40:31:
                    f6:0f:e8:80:2c:9d:58:57:26:2f:6f:dc:fa:f0:34:
                    a1:db:1c:48:d5:c1:98:33:21:2f:25:e6:2f:be:c3:
                    5b:00:65:22:c2:0e:0a:8a:6f:ec:6f:fe:50:c4:39:
                    f9:f7:41:5b:18:ac:9d:ed:71:59:3c:1d:f2:20:47:
                    4c:c6:77:aa:8b:97:21:92:ae:14:b4:41:4c:95:ca:
                    08:51:8b:fc:ce:ac:a5:19:25:33:6e:ec:0c:ee:f7:
                    61:2f:c4:fe:e9:6d:cc:ee:8e:b2:2f:86:41:52:65:
                    9d:ce:08:a3:4c:96:e4:75:b1:92:ff:10:f5:9b:77:
                    2d:6d:58:0e:e1:4d:e0:02:9b:a1:41:0a:72:21:bf:
                    58:be:c3:0a:a8:5b:23:59:04:88:ca:25:d4:c7:8f:
                    c9:8d:b0:fc:ca:6d:66:5c:05:58:da:59:b5:2d:61:
                    71:d4:ef:cc:1a:3d:19:d4:02:62:31:61:0a:09:78:
                    9c:29:3e:bb:9a:3b:62:8b:66:96:8f:51:69:24:5d:
                    c8:61:03:34:41:1f:75:ef:17:7f:2e:e0:22:5d:b3:
                    d5:50:a2:1c:20:ed:c4:70:7a:24:1c:4e:90:41:b8:
                    aa:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E2:EA:51:6B:C5:CA:C3:A7:FD:DB:3A:42:20:EC:A7:7E:4C:B9:D1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/976dcbd9-29f9-4198-a02b-9b3a7c24a0e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:86:ef:e7:f9:ed:0b:37:54:f4:7a:48:0f:82:68:26:41:f2:
         7d:e5:54:72:1a:4c:1e:94:a0:65:41:f7:2f:9d:97:d2:80:0d:
         28:6e:d7:4a:2a:7e:30:80:fc:d6:db:6b:44:32:2d:91:5a:1f:
         3a:a2:1f:06:84:e4:71:e2:4a:19:29:7b:90:8a:d0:29:fc:68:
         22:95:73:57:c5:b2:57:a3:04:7e:f6:25:ad:1a:3c:4d:c4:00:
         b2:43:c9:3b:d8:1e:db:dd:71:82:68:82:f3:67:d3:90:16:df:
         89:33:b7:72:f9:73:94:22:ac:64:9a:76:07:82:83:75:51:65:
         17:80:b4:18:89:bf:bb:36:35:98:44:f5:cf:af:39:24:2d:83:
         39:db:46:45:5e:8e:ab:6c:de:58:7d:ed:74:fa:3b:4b:e7:11:
         7c:c8:55:1f:e7:c8:e1:e3:88:75:e2:96:8f:fb:49:1e:31:30:
         04:8e:8e:3e:92:a5:6d:46:6e:bf:81:f6:69:0a:2b:a9:61:2b:
         07:4e:83:32:12:87:0b:dc:da:98:ec:89:ef:3f:e1:e1:7a:24:
         59:06:bf:b6:9e:cf:7a:c5:d3:78:d8:e1:ae:ec:ab:ba:5e:a9:
         b3:a9:e4:bb:56:bc:b7:d4:06:f5:11:15:65:92:42:30:8b:d0:
         b2:95:6f:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOW5WgCKTjNYg95GL8Vq9+YvW1SIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE0MDAwMDAwWhcNMjQwODE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDRiYzYyZTI2ZGNmZGFiZDA1NTZjNDdlODUwNzgxOGJl
Y2EwMmE3N2U2OTg0M2Q0ODAwYTBhOTE2Y2U3NjI4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBD6rWuLD+4OwVzbLN7bdjVyH6mXnwupGlLXFAMfYP6IAs
nVhXJi9v3PrwNKHbHEjVwZgzIS8l5i++w1sAZSLCDgqKb+xv/lDEOfn3QVsYrJ3t
cVk8HfIgR0zGd6qLlyGSrhS0QUyVyghRi/zOrKUZJTNu7Azu92EvxP7pbczujrIv
hkFSZZ3OCKNMluR1sZL/EPWbdy1tWA7hTeACm6FBCnIhv1i+wwqoWyNZBIjKJdTH
j8mNsPzKbWZcBVjaWbUtYXHU78waPRnUAmIxYQoJeJwpPruaO2KLZpaPUWkkXchh
AzRBH3XvF38u4CJds9VQohwg7cRweiQcTpBBuKqBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjuLqUWvFysOn/ds6QiDsp35MudEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk3NmRjYmQ5LTI5ZjktNDE5OC1hMDJiLTliM2E3YzI0YTBlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEKG7+f57Qs3VPR6SA+CaCZB8n3l
VHIaTB6UoGVB9y+dl9KADShu10oqfjCA/Nbba0QyLZFaHzqiHwaE5HHiShkpe5CK
0Cn8aCKVc1fFslejBH72Ja0aPE3EALJDyTvYHtvdcYJogvNn05AW34kzt3L5c5Qi
rGSadgeCg3VRZReAtBiJv7s2NZhE9c+vOSQtgznbRkVejqts3lh97XT6O0vnEXzI
VR/nyOHjiHXilo/7SR4xMASOjj6SpW1Gbr+B9mkKK6lhKwdOgzIShwvc2pjsie8/
4eF6JFkGv7aez3rF03jY4a7sq7peqbOp5LtWvLfUBvURFWWSQjCL0LKVb5A=
-----END CERTIFICATE-----