Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/183820b3-11ff-4720-9732-ae0893521ae1.roa
File:                     183820b3-11ff-4720-9732-ae0893521ae1.roa (raw, json)
Hash identifier:          fii+/2kSUVOtGjYgbcJfZJKZwZ1OrrslWlKxYG0+Uis=
Subject key identifier:   1E:CF:3F:75:D3:84:BE:75:DB:21:D3:13:64:5A:F0:CD:5E:9D:82:52
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       08FACA8E53572B6E7040669FEBA10145789F83DB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/183820b3-11ff-4720-9732-ae0893521ae1.roa
Signing time:             Thu 22 Feb 2024 00:00:00 +0000
ROA not before:           Thu 22 Feb 2024 00:00:00 +0000
ROA not after:            Thu 28 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:fa:ca:8e:53:57:2b:6e:70:40:66:9f:eb:a1:01:45:78:9f:83:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 22 00:00:00 2024 GMT
            Not After : Mar 28 23:59:59 2024 GMT
        Subject: serialNumber=1fff29711b06539f3e0d877833f197ceaffd13ad5ee26cea681515d925eeae1a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b9:19:83:ea:3c:1f:14:09:ad:38:40:6f:27:
                    5d:76:cd:eb:f4:83:c3:cd:e3:2b:78:8d:10:2b:89:
                    4e:1c:3c:b3:f3:bc:71:98:f0:1f:eb:6b:01:ac:e9:
                    b7:bf:7a:80:96:01:af:e2:f6:f7:8a:2f:5c:e5:a8:
                    42:56:05:44:a1:fe:40:8b:29:b2:73:27:15:d2:fd:
                    e5:fa:35:85:f9:8e:9d:a2:0d:a0:bb:e9:37:ba:60:
                    4f:d8:f8:b6:48:37:11:23:7c:cd:7c:5a:90:42:41:
                    14:78:cc:be:bf:cb:22:1b:30:57:a1:d6:ab:2e:69:
                    ae:d5:a6:00:c3:d8:6f:cb:fe:89:68:39:a9:38:53:
                    16:38:f6:1a:17:aa:65:66:1d:56:ca:2d:87:45:da:
                    58:10:e0:55:18:2e:8f:4d:8a:17:0e:fd:a7:b7:bf:
                    85:2a:49:ca:b2:23:76:c2:37:86:fe:3c:57:82:69:
                    07:d6:7d:f5:a4:a9:70:91:42:c9:82:af:5d:c9:4f:
                    01:57:e2:6b:15:38:94:4c:c9:78:ad:54:03:6d:74:
                    5d:3d:a1:7f:40:b7:cc:68:8c:f8:8c:c9:b9:64:d5:
                    72:d7:87:05:da:e6:a3:18:4d:f7:f2:05:6f:dd:60:
                    c0:93:b1:fc:60:6a:17:3e:d1:94:d8:f6:52:5d:fe:
                    01:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:CF:3F:75:D3:84:BE:75:DB:21:D3:13:64:5A:F0:CD:5E:9D:82:52
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/183820b3-11ff-4720-9732-ae0893521ae1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:1a:5f:c8:62:0e:0a:95:af:fa:cf:12:ec:e9:f1:28:d3:19:
         e3:43:02:00:3b:c1:bf:12:3b:15:41:58:ff:5d:66:69:92:6a:
         19:33:c4:b4:0d:5d:c7:81:15:76:26:a4:a7:f1:df:8c:18:dc:
         bc:9a:75:18:d2:33:73:3e:dc:ac:89:81:8f:e4:d4:28:3a:bf:
         4a:13:33:a2:99:fc:7e:ef:60:12:59:a0:d3:a2:5b:8b:09:7b:
         14:74:ff:57:77:ca:cd:f8:46:4d:02:00:a4:f9:6a:e7:3f:96:
         68:f1:c3:99:cc:30:f9:75:5f:ff:27:97:4e:33:51:d2:5c:26:
         23:78:86:91:d0:48:fa:5e:43:90:2a:10:0d:4f:7b:eb:55:30:
         0c:94:d6:83:d6:8d:30:da:cb:dc:77:f9:64:01:8d:f6:e3:01:
         e8:0f:2d:44:8f:db:d5:4a:7b:9c:24:07:b6:99:cb:bf:8a:4d:
         33:97:b0:f4:da:b4:62:a6:8a:6d:2d:ec:90:87:c1:60:9b:e2:
         58:cd:0d:3d:8a:0e:d9:b8:15:96:96:20:c3:27:9e:eb:7d:a7:
         83:06:e7:43:e0:8c:e8:b9:fc:6f:26:ac:0c:61:d7:af:1c:b5:
         fe:37:0c:67:91:98:69:dc:00:6b:7d:33:b1:ad:25:91:7a:ee:
         ed:c7:c3:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCPrKjlNXK25wQGaf66EBRXifg9swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjIyMDAwMDAwWhcNMjQwMzI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZmZmMjk3MTFiMDY1MzlmM2UwZDg3NzgzM2YxOTdjZWFm
ZmQxM2FkNWVlMjZjZWE2ODE1MTVkOTI1ZWVhZTFhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCouRmD6jwfFAmtOEBvJ112zev0g8PN4yt4jRAriU4cPLPz
vHGY8B/rawGs6be/eoCWAa/i9veKL1zlqEJWBUSh/kCLKbJzJxXS/eX6NYX5jp2i
DaC76Te6YE/Y+LZINxEjfM18WpBCQRR4zL6/yyIbMFeh1qsuaa7VpgDD2G/L/olo
Oak4UxY49hoXqmVmHVbKLYdF2lgQ4FUYLo9NihcO/ae3v4UqScqyI3bCN4b+PFeC
aQfWffWkqXCRQsmCr13JTwFX4msVOJRMyXitVANtdF09oX9At8xojPiMyblk1XLX
hwXa5qMYTffyBW/dYMCTsfxgahc+0ZTY9lJd/gEdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHs8/ddOEvnXbIdMTZFrwzV6dglIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE4MzgyMGIzLTExZmYtNDcyMC05NzMyLWFlMDg5MzUyMWFlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJMaX8hiDgqVr/rPEuzp8SjTGeND
AgA7wb8SOxVBWP9dZmmSahkzxLQNXceBFXYmpKfx34wY3LyadRjSM3M+3KyJgY/k
1Cg6v0oTM6KZ/H7vYBJZoNOiW4sJexR0/1d3ys34Rk0CAKT5auc/lmjxw5nMMPl1
X/8nl04zUdJcJiN4hpHQSPpeQ5AqEA1Pe+tVMAyU1oPWjTDay9x3+WQBjfbjAegP
LUSP29VKe5wkB7aZy7+KTTOXsPTatGKmim0t7JCHwWCb4ljNDT2KDtm4FZaWIMMn
nut9p4MG50PgjOi5/G8mrAxh168ctf43DGeRmGncAGt9M7GtJZF67u3Hw5I=
-----END CERTIFICATE-----