Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aa481c66-993d-4ff4-8a0e-da0cdfafa974.roa
File:                     aa481c66-993d-4ff4-8a0e-da0cdfafa974.roa (raw, json)
Hash identifier:          uLBt13X8tsoAArJVCWYoVbGC/LG+Rl6sKhoqR8j6eCA=
Subject key identifier:   B1:48:F3:21:96:81:61:24:3F:85:BD:14:EF:24:F0:C8:5B:01:89:D5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       77FBEDEC7B0385C11033D0FB4B3D3569D275C2AA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aa481c66-993d-4ff4-8a0e-da0cdfafa974.roa
Signing time:             Mon 15 Apr 2024 00:00:00 +0000
ROA not before:           Mon 15 Apr 2024 00:00:00 +0000
ROA not after:            Mon 20 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:fb:ed:ec:7b:03:85:c1:10:33:d0:fb:4b:3d:35:69:d2:75:c2:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 15 00:00:00 2024 GMT
            Not After : May 20 23:59:59 2024 GMT
        Subject: serialNumber=61b767983ca19ada3b8da09224ff220a60584adf0527a4788a07858d075a9edf, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e0:f5:ed:3b:29:d2:27:7b:d4:3b:95:16:f0:
                    35:a1:fb:9c:1f:9f:a0:bb:22:3c:b7:5d:70:87:80:
                    9b:3a:73:65:76:96:8c:e3:57:57:e2:56:58:8c:6f:
                    c5:09:1d:0f:57:77:b2:5d:09:85:0e:2d:f5:f5:a2:
                    da:fc:dc:dc:3c:59:62:d8:15:8b:46:0b:07:f2:21:
                    79:01:23:93:3a:dd:f7:ee:49:96:81:06:f6:d7:df:
                    37:8c:a5:3b:1d:a2:43:bc:81:80:de:d5:37:07:db:
                    67:cb:76:2e:9f:ae:df:5d:b3:69:66:d3:7e:9a:31:
                    ef:96:9f:ba:d6:6f:05:40:f2:7a:3e:56:ee:69:56:
                    14:f1:bc:bf:9e:c6:cb:b7:5e:a2:bf:dc:17:fd:4a:
                    6a:c7:8e:c9:45:a1:b5:00:65:03:d1:f2:c4:97:77:
                    e0:9d:2c:3a:36:fa:a1:38:f4:0c:48:17:ee:b8:4a:
                    ee:fd:a4:bd:f5:f2:a5:66:38:7e:86:4f:aa:65:d3:
                    ce:41:5c:73:37:b7:9f:61:f7:9e:92:2c:bb:a0:49:
                    20:a4:c4:50:60:4c:c5:f7:a4:80:66:47:07:b8:c1:
                    f6:a6:a2:97:c4:7b:e6:8f:e9:c1:02:2d:6a:c3:57:
                    f9:df:52:97:dd:1b:14:16:b6:1b:03:e6:dd:04:99:
                    97:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:48:F3:21:96:81:61:24:3F:85:BD:14:EF:24:F0:C8:5B:01:89:D5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aa481c66-993d-4ff4-8a0e-da0cdfafa974.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:91:67:eb:a3:31:a3:e6:6d:ab:bb:d3:4c:2c:9c:1d:c6:e4:
         70:d3:cb:9f:18:a3:fc:a7:f9:a1:2a:ed:68:96:a8:59:c0:a4:
         b5:fa:da:16:77:e7:35:a9:c4:39:d8:d5:7b:7b:56:4a:8d:e6:
         56:bf:03:ff:33:ae:05:d8:f8:0e:c4:2f:c5:ff:a1:48:5f:a6:
         78:61:87:14:76:61:45:ad:bb:f7:49:89:9a:f7:eb:28:0c:8b:
         17:53:82:45:a6:73:0e:36:6a:25:21:7e:5b:ed:b5:17:94:25:
         22:59:a4:8f:fe:4c:45:28:3c:3b:2a:3f:19:26:7e:8b:26:fa:
         ed:f9:c0:1f:cb:71:f5:ee:72:48:70:5c:4d:0b:05:53:16:b9:
         53:e9:3b:75:5e:61:2b:d1:34:25:9f:7c:5b:c1:6e:71:28:25:
         66:20:cf:5a:18:7d:db:39:b0:a2:10:86:77:77:4b:81:17:8e:
         f9:41:6b:7b:ef:90:1a:d0:f0:12:05:7b:ab:5b:d5:fa:21:f5:
         a2:b1:6e:85:fb:9e:3e:b1:39:61:10:3d:58:da:e0:0c:f7:b4:
         a2:f3:b5:76:34:ec:3f:f1:cf:dc:21:2b:ef:62:f8:61:e1:02:
         b4:ac:97:80:29:0e:14:43:c1:60:01:80:07:01:9c:79:56:57:
         2a:2b:3f:b7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd/vt7HsDhcEQM9D7Sz01adJ1wqowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDE1MDAwMDAwWhcNMjQwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MWI3Njc5ODNjYTE5YWRhM2I4ZGEwOTIyNGZmMjIwYTYw
NTg0YWRmMDUyN2E0Nzg4YTA3ODU4ZDA3NWE5ZWRmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC44PXtOynSJ3vUO5UW8DWh+5wfn6C7Ijy3XXCHgJs6c2V2
lozjV1fiVliMb8UJHQ9Xd7JdCYUOLfX1otr83Nw8WWLYFYtGCwfyIXkBI5M63ffu
SZaBBvbX3zeMpTsdokO8gYDe1TcH22fLdi6frt9ds2lm036aMe+Wn7rWbwVA8no+
Vu5pVhTxvL+exsu3XqK/3Bf9SmrHjslFobUAZQPR8sSXd+CdLDo2+qE49AxIF+64
Su79pL318qVmOH6GT6pl085BXHM3t59h956SLLugSSCkxFBgTMX3pIBmRwe4wfam
opfEe+aP6cECLWrDV/nfUpfdGxQWthsD5t0EmZdzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsUjzIZaBYSQ/hb0U7yTwyFsBidUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FhNDgxYzY2LTk5M2QtNGZmNC04YTBlLWRhMGNkZmFmYTk3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALSRZ+ujMaPmbau700wsnB3G5HDT
y58Yo/yn+aEq7WiWqFnApLX62hZ35zWpxDnY1Xt7VkqN5la/A/8zrgXY+A7EL8X/
oUhfpnhhhxR2YUWtu/dJiZr36ygMixdTgkWmcw42aiUhflvttReUJSJZpI/+TEUo
PDsqPxkmfosm+u35wB/LcfXuckhwXE0LBVMWuVPpO3VeYSvRNCWffFvBbnEoJWYg
z1oYfds5sKIQhnd3S4EXjvlBa3vvkBrQ8BIFe6tb1foh9aKxboX7nj6xOWEQPVja
4Az3tKLztXY07D/xz9whK+9i+GHhArSsl4ApDhRDwWABgAcBnHlWVyorP7c=
-----END CERTIFICATE-----