Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b15e44c9-1330-436d-b3ad-fbc6a9cdea88.roa
File:                     b15e44c9-1330-436d-b3ad-fbc6a9cdea88.roa (raw, json)
Hash identifier:          j3ea1ltU3bDGkuZnQ+rAxGTiSgm6uRSG9vS+BX4AW4I=
Subject key identifier:   7F:9B:C1:C3:65:4D:85:F7:E1:3D:2F:5A:9E:48:88:80:E4:62:52:BE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1DD840DA1501A6354B7263B7836D768EEB812A4C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b15e44c9-1330-436d-b3ad-fbc6a9cdea88.roa
Signing time:             Sat 09 Mar 2024 00:00:00 +0000
ROA not before:           Sat 09 Mar 2024 00:00:00 +0000
ROA not after:            Sat 13 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:d8:40:da:15:01:a6:35:4b:72:63:b7:83:6d:76:8e:eb:81:2a:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  9 00:00:00 2024 GMT
            Not After : Apr 13 23:59:59 2024 GMT
        Subject: serialNumber=6dae02cc4b4efc525fda96b699d38d9f3ab894d2c26dce780a5c905c5a89b833, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d6:22:4c:5d:a2:e0:c0:02:ac:34:aa:18:17:
                    16:25:e6:31:bc:6e:b5:f9:ae:fa:61:26:ff:b8:21:
                    3b:36:91:9e:ec:ac:e8:b2:59:70:9c:db:d3:78:79:
                    17:26:e2:74:e4:03:f4:59:8e:74:6a:22:91:1c:ff:
                    bd:84:b9:00:30:4c:82:21:b1:bf:b2:8f:de:68:81:
                    2e:d9:57:64:bb:02:4e:d1:48:42:dd:de:e0:f7:96:
                    dc:77:c0:d5:ca:e3:61:27:00:69:10:e8:77:d7:50:
                    e4:58:c1:02:94:bf:ac:d2:58:85:8e:cc:3b:9c:8d:
                    32:e8:d7:42:b2:90:51:d3:1a:11:14:0b:d5:6c:d2:
                    c4:23:4b:f6:cb:e7:a5:f9:af:55:43:a1:e9:09:21:
                    ae:eb:43:4d:2e:95:e2:d8:b7:81:26:21:f4:7f:bc:
                    81:81:81:e0:49:24:2a:ad:0d:15:9d:67:97:c4:8c:
                    c4:a6:35:24:61:d1:74:ff:26:e4:3c:eb:19:63:ca:
                    4c:e5:86:49:72:bf:7d:66:24:a5:2b:a4:ee:d8:24:
                    4e:83:d3:4c:97:16:9a:05:12:f9:cc:3b:69:75:a5:
                    f9:3d:b3:a8:31:73:ca:27:72:a6:f4:80:14:62:47:
                    ec:20:f1:2e:68:8e:d6:f7:18:7f:cc:a5:dc:17:64:
                    c1:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:9B:C1:C3:65:4D:85:F7:E1:3D:2F:5A:9E:48:88:80:E4:62:52:BE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b15e44c9-1330-436d-b3ad-fbc6a9cdea88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:e6:63:be:b4:cc:f9:f1:36:59:eb:62:b5:45:73:ba:d5:76:
         4c:2b:9e:f6:f7:b0:59:ca:b3:ea:d9:cb:e1:66:3f:3b:3e:54:
         3c:2c:40:3f:ff:b2:80:05:8c:91:3f:76:14:36:73:d4:0e:94:
         11:a7:e5:35:e5:1f:7f:f4:40:97:22:9b:dd:a4:24:ee:7b:52:
         d5:93:c4:89:1d:11:70:95:68:fc:21:82:97:8a:b5:5b:2e:1a:
         44:15:7d:a2:bc:b8:dc:80:ed:a7:08:3e:42:c1:51:54:fa:da:
         83:3d:19:d6:77:b1:62:f1:b0:f0:9a:fa:af:28:bf:3a:78:0b:
         87:a4:58:b8:60:e9:43:ec:f2:57:21:b5:d9:8d:3a:37:11:a9:
         fa:1e:56:48:7d:fb:41:7b:ce:76:48:cf:1f:7e:0c:42:c1:2f:
         bf:0a:fd:eb:1a:74:96:a5:3d:83:cd:e7:3a:bc:03:a3:8c:50:
         cd:aa:5d:d4:89:b5:dd:a7:f6:ce:ec:d4:2a:2c:7c:a1:f0:1a:
         b2:af:31:d7:1b:10:89:04:5a:9e:1e:c7:56:e5:71:37:2e:09:
         91:67:9d:72:b4:67:73:26:62:8c:cb:89:31:2b:0c:99:c7:de:
         99:da:8b:68:e8:09:c2:f0:b4:bb:50:ce:d1:04:ac:b5:fa:2a:
         07:ef:e0:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHdhA2hUBpjVLcmO3g212juuBKkwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzA5MDAwMDAwWhcNMjQwNDEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZGFlMDJjYzRiNGVmYzUyNWZkYTk2YjY5OWQzOGQ5ZjNh
Yjg5NGQyYzI2ZGNlNzgwYTVjOTA1YzVhODliODMzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC71iJMXaLgwAKsNKoYFxYl5jG8brX5rvphJv+4ITs2kZ7s
rOiyWXCc29N4eRcm4nTkA/RZjnRqIpEc/72EuQAwTIIhsb+yj95ogS7ZV2S7Ak7R
SELd3uD3ltx3wNXK42EnAGkQ6HfXUORYwQKUv6zSWIWOzDucjTLo10KykFHTGhEU
C9Vs0sQjS/bL56X5r1VDoekJIa7rQ00uleLYt4EmIfR/vIGBgeBJJCqtDRWdZ5fE
jMSmNSRh0XT/JuQ86xljykzlhklyv31mJKUrpO7YJE6D00yXFpoFEvnMO2l1pfk9
s6gxc8oncqb0gBRiR+wg8S5ojtb3GH/MpdwXZMEFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUf5vBw2VNhffhPS9ankiIgORiUr4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2IxNWU0NGM5LTEzMzAtNDM2ZC1iM2FkLWZiYzZhOWNkZWE4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK/mY760zPnxNlnrYrVFc7rVdkwr
nvb3sFnKs+rZy+FmPzs+VDwsQD//soAFjJE/dhQ2c9QOlBGn5TXlH3/0QJcim92k
JO57UtWTxIkdEXCVaPwhgpeKtVsuGkQVfaK8uNyA7acIPkLBUVT62oM9GdZ3sWLx
sPCa+q8ovzp4C4ekWLhg6UPs8lchtdmNOjcRqfoeVkh9+0F7znZIzx9+DELBL78K
/esadJalPYPN5zq8A6OMUM2qXdSJtd2n9s7s1CosfKHwGrKvMdcbEIkEWp4ex1bl
cTcuCZFnnXK0Z3MmYozLiTErDJnH3pnai2joCcLwtLtQztEErLX6Kgfv4Eg=
-----END CERTIFICATE-----