Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f9290ea2-502f-45ef-a6af-3a7f4492d485.roa
File:                     f9290ea2-502f-45ef-a6af-3a7f4492d485.roa (raw, json)
Hash identifier:          u47uu1X8ywu4MW28RkIhGTAy9YrsAJtDDESH7Og8RUE=
Subject key identifier:   D0:39:AD:0E:10:FD:DD:6D:DD:0B:44:2C:4F:F2:0F:0B:AA:72:8A:1A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       080A30AFAE4819939D5A64CAE5E4BFB7D0AE4BDA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f9290ea2-502f-45ef-a6af-3a7f4492d485.roa
Signing time:             Fri 30 Aug 2024 00:00:00 +0000
ROA not before:           Fri 30 Aug 2024 00:00:00 +0000
ROA not after:            Fri 04 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:0a:30:af:ae:48:19:93:9d:5a:64:ca:e5:e4:bf:b7:d0:ae:4b:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 30 00:00:00 2024 GMT
            Not After : Oct  4 23:59:59 2024 GMT
        Subject: serialNumber=f5cd9a0f9c0ddf3aa2967216e0c0cf7e6f99c15734a5dad94447a26d47debf6a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ca:62:4d:db:ca:c2:d2:3a:30:45:84:ac:cd:
                    3c:dd:b0:28:48:62:21:38:15:8b:cf:e9:70:13:50:
                    ea:6c:13:2e:f6:75:a9:d2:a1:b8:94:6f:34:3d:cb:
                    86:56:b7:b3:71:ea:b8:fb:dd:88:53:ef:bf:ad:b7:
                    02:2a:c9:8b:92:5a:89:45:9c:1f:70:25:28:fe:7f:
                    2d:09:6d:6d:b4:20:4f:5e:b3:6c:7e:23:13:c5:97:
                    9c:9b:bd:26:d5:7f:df:9d:9e:43:ac:dc:43:ef:4f:
                    e8:fa:56:59:4b:db:fd:4b:11:e7:39:1a:f6:42:42:
                    2f:ac:84:96:c8:08:d1:1e:6e:7c:cf:ea:65:1f:5b:
                    8f:3e:6a:83:35:a9:b1:0a:85:86:88:1c:9a:ab:4d:
                    1f:86:72:68:fc:7c:be:fb:e7:9f:7b:b6:0b:43:b9:
                    7e:89:f6:c2:cb:8f:72:1e:92:af:86:c6:45:25:7f:
                    f4:c6:7a:b7:c1:3b:31:e8:80:e8:d9:db:a2:4d:1f:
                    24:ae:dd:0f:1c:74:81:86:c1:cd:db:b8:c3:d1:fb:
                    0c:34:83:b1:b6:ee:6e:b7:81:49:ec:fe:c6:62:f9:
                    b5:ad:04:14:35:50:43:3f:0a:50:51:a2:83:b4:2d:
                    ed:d1:0c:17:8d:38:03:db:a3:fc:a0:8d:ac:65:63:
                    6c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:39:AD:0E:10:FD:DD:6D:DD:0B:44:2C:4F:F2:0F:0B:AA:72:8A:1A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f9290ea2-502f-45ef-a6af-3a7f4492d485.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:64:45:7c:a3:91:9b:2d:85:59:3c:48:30:71:e6:30:65:2f:
         d6:85:13:00:ac:47:25:af:4b:71:6a:c0:c7:43:1f:32:7d:53:
         1b:99:b4:1a:ff:9c:67:e7:27:d9:e0:fc:4f:0b:85:cc:5c:cb:
         26:dd:a3:99:f6:43:51:d8:b2:d0:93:c0:8a:ec:19:15:e1:9d:
         03:07:b9:e8:b0:bb:5b:56:4c:dc:8f:da:51:fc:82:d9:aa:7f:
         5e:84:d4:7f:77:0d:cc:d2:29:6e:5d:69:8b:5f:6a:5d:f1:fb:
         0b:81:03:2e:d8:84:b7:d2:f6:6c:fe:20:12:c1:04:0e:bb:51:
         15:59:5b:ff:cf:e6:54:48:d5:68:30:22:e3:fe:7f:69:b0:a8:
         f6:45:54:09:9d:9c:51:b6:4a:c9:5f:0d:5d:5c:e6:c0:52:08:
         06:cb:14:a0:5c:5d:86:1e:4d:cb:d8:14:79:cf:44:21:18:32:
         72:63:8d:f6:36:e8:75:19:fc:e4:12:c6:88:2f:ea:23:25:4a:
         15:f6:94:d8:eb:45:7a:89:b4:cc:c8:15:f8:40:2d:c0:63:3f:
         eb:76:14:35:65:6f:54:48:2b:a4:f6:ba:31:c5:02:2c:be:31:
         b1:e0:c8:f6:cb:16:0d:a9:f4:cd:72:11:d2:61:4e:3e:79:fc:
         5d:e7:64:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCAowr65IGZOdWmTK5eS/t9CuS9owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODMwMDAwMDAwWhcNMjQxMDA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNWNkOWEwZjljMGRkZjNhYTI5NjcyMTZlMGMwY2Y3ZTZm
OTljMTU3MzRhNWRhZDk0NDQ3YTI2ZDQ3ZGViZjZhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeymJN28rC0jowRYSszTzdsChIYiE4FYvP6XATUOpsEy72
danSobiUbzQ9y4ZWt7Nx6rj73YhT77+ttwIqyYuSWolFnB9wJSj+fy0JbW20IE9e
s2x+IxPFl5ybvSbVf9+dnkOs3EPvT+j6VllL2/1LEec5GvZCQi+shJbICNEebnzP
6mUfW48+aoM1qbEKhYaIHJqrTR+Gcmj8fL775597tgtDuX6J9sLLj3Iekq+GxkUl
f/TGerfBOzHogOjZ26JNHySu3Q8cdIGGwc3buMPR+ww0g7G27m63gUns/sZi+bWt
BBQ1UEM/ClBRooO0Le3RDBeNOAPbo/ygjaxlY2ytAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0DmtDhD93W3dC0QsT/IPC6pyihowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y5MjkwZWEyLTUwMmYtNDVlZi1hNmFmLTNhN2Y0NDkyZDQ4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABRkRXyjkZsthVk8SDBx5jBlL9aF
EwCsRyWvS3FqwMdDHzJ9UxuZtBr/nGfnJ9ng/E8Lhcxcyybdo5n2Q1HYstCTwIrs
GRXhnQMHueiwu1tWTNyP2lH8gtmqf16E1H93DczSKW5daYtfal3x+wuBAy7YhLfS
9mz+IBLBBA67URVZW//P5lRI1WgwIuP+f2mwqPZFVAmdnFG2SslfDV1c5sBSCAbL
FKBcXYYeTcvYFHnPRCEYMnJjjfY26HUZ/OQSxogv6iMlShX2lNjrRXqJtMzIFfhA
LcBjP+t2FDVlb1RIK6T2ujHFAiy+MbHgyPbLFg2p9M1yEdJhTj55/F3nZB0=
-----END CERTIFICATE-----