Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a2b9155d-cc52-428e-ad1c-dfd028b2e434.roa
File:                     a2b9155d-cc52-428e-ad1c-dfd028b2e434.roa (raw, json)
Hash identifier:          iXmiMnOIMVp6sPyxbdU1lQ8VGsgIr0NRltG+KRJyrj4=
Subject key identifier:   EF:37:0C:3E:36:17:60:11:EF:56:08:BD:30:4A:C5:6C:B0:E6:F6:98
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4181E5AB884B0BB2190A965042283E1E88137EE3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a2b9155d-cc52-428e-ad1c-dfd028b2e434.roa
Signing time:             Thu 17 Oct 2024 00:00:00 +0000
ROA not before:           Thu 17 Oct 2024 00:00:00 +0000
ROA not after:            Thu 21 Nov 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:81:e5:ab:88:4b:0b:b2:19:0a:96:50:42:28:3e:1e:88:13:7e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 17 00:00:00 2024 GMT
            Not After : Nov 21 23:59:59 2024 GMT
        Subject: serialNumber=0bddc30b7617fd29023a3fc0bdf8aa885b4cd603c8b925fd36bf4416e61f06eb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:1d:f9:60:83:57:bb:ac:5f:4b:f3:e2:aa:1b:
                    ff:57:68:e7:78:f0:a2:0d:f2:b8:0e:d2:f2:10:eb:
                    cc:be:85:14:3c:2b:4a:91:34:4d:d4:be:21:cb:f5:
                    44:9e:bc:88:eb:75:3f:b3:47:f3:46:b5:3f:1e:99:
                    de:8d:bb:86:d0:cf:a6:99:ca:13:2a:e1:7d:29:c3:
                    9e:d8:34:1d:fe:aa:94:fb:a7:67:da:67:06:01:b8:
                    3c:6f:d5:83:d4:1c:a4:7d:51:26:6b:dc:db:ff:1e:
                    4a:9f:91:7a:5d:2c:ab:bd:26:19:9c:cc:ab:41:a1:
                    18:14:f7:e0:55:c1:ff:cb:80:17:82:03:3b:86:e2:
                    13:5c:92:29:b9:44:4d:7e:10:b2:64:f3:83:b7:76:
                    71:99:27:f1:95:e6:51:ac:af:b9:ee:75:81:e9:1e:
                    b9:f2:20:04:2e:88:cc:63:42:f2:a4:fe:dc:c1:cf:
                    74:49:44:24:8d:1c:28:59:8d:6b:05:7a:17:ee:73:
                    71:b7:77:df:ec:77:44:8f:5c:1d:6a:c6:20:c5:31:
                    ff:56:c0:f8:e8:0a:cf:ab:d8:2b:a9:ab:23:03:3c:
                    39:b3:d1:45:33:02:a4:0c:b3:44:ea:f9:3e:be:0a:
                    ee:c2:e3:9e:5d:09:62:10:4d:37:90:db:43:72:d7:
                    6d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:37:0C:3E:36:17:60:11:EF:56:08:BD:30:4A:C5:6C:B0:E6:F6:98
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a2b9155d-cc52-428e-ad1c-dfd028b2e434.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:05:21:0e:fc:7c:60:69:79:71:c5:de:4f:ed:82:45:41:1b:
         5b:1c:1f:f6:c7:00:05:b2:50:25:da:f6:3a:f6:0b:2e:72:c7:
         b1:42:20:ea:dc:76:0d:d2:9d:a0:3c:bc:93:5f:99:3a:48:57:
         fd:cb:b3:f1:e2:7e:b7:68:cf:3b:f2:1e:db:3a:ae:af:c1:1a:
         53:e3:b3:94:15:64:08:3f:2e:97:89:1b:1a:0d:b7:42:1a:24:
         48:b2:db:86:d7:1e:bb:25:88:bc:1c:b2:23:cf:c1:6c:1a:8e:
         e3:34:cc:cd:d8:13:21:04:22:0e:86:09:88:f9:2c:d6:f9:bc:
         1a:5f:3f:df:0f:e7:25:a5:09:01:bb:40:a5:77:f4:12:43:06:
         41:72:b7:23:c9:a1:8a:85:9f:41:1d:a8:10:aa:e7:20:d5:95:
         49:0f:63:ea:24:56:2f:be:d2:14:f2:fc:55:46:5b:ec:1f:f9:
         74:0d:41:69:b4:85:8a:97:28:cd:67:5c:56:63:bc:0c:c1:00:
         70:44:e6:e1:c9:73:9d:33:c9:e6:b9:be:af:84:fb:7c:1c:d9:
         c8:cc:29:2e:90:a9:3d:a0:8a:ba:31:e8:6c:e2:c8:64:d7:f2:
         02:5d:35:e8:62:ec:38:af:eb:99:7a:e7:11:9f:2b:d3:6e:52:
         41:25:d5:78
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQYHlq4hLC7IZCpZQQig+HogTfuMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDE3MDAwMDAwWhcNMjQxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYmRkYzMwYjc2MTdmZDI5MDIzYTNmYzBiZGY4YWE4ODVi
NGNkNjAzYzhiOTI1ZmQzNmJmNDQxNmU2MWYwNmViMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUHflgg1e7rF9L8+KqG/9XaOd48KIN8rgO0vIQ68y+hRQ8
K0qRNE3UviHL9USevIjrdT+zR/NGtT8emd6Nu4bQz6aZyhMq4X0pw57YNB3+qpT7
p2faZwYBuDxv1YPUHKR9USZr3Nv/HkqfkXpdLKu9JhmczKtBoRgU9+BVwf/LgBeC
AzuG4hNckim5RE1+ELJk84O3dnGZJ/GV5lGsr7nudYHpHrnyIAQuiMxjQvKk/tzB
z3RJRCSNHChZjWsFehfuc3G3d9/sd0SPXB1qxiDFMf9WwPjoCs+r2CupqyMDPDmz
0UUzAqQMs0Tq+T6+Cu7C455dCWIQTTeQ20Ny120TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7zcMPjYXYBHvVgi9MErFbLDm9pgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2EyYjkxNTVkLWNjNTItNDI4ZS1hZDFjLWRmZDAyOGIyZTQzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC0FIQ78fGBpeXHF3k/tgkVBG1sc
H/bHAAWyUCXa9jr2Cy5yx7FCIOrcdg3SnaA8vJNfmTpIV/3Ls/HifrdozzvyHts6
rq/BGlPjs5QVZAg/LpeJGxoNt0IaJEiy24bXHrsliLwcsiPPwWwajuM0zM3YEyEE
Ig6GCYj5LNb5vBpfP98P5yWlCQG7QKV39BJDBkFytyPJoYqFn0EdqBCq5yDVlUkP
Y+okVi++0hTy/FVGW+wf+XQNQWm0hYqXKM1nXFZjvAzBAHBE5uHJc50zyea5vq+E
+3wc2cjMKS6QqT2girox6GziyGTX8gJdNehi7Div65l65xGfK9NuUkEl1Xg=
-----END CERTIFICATE-----