Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2386c50f-62b3-4d64-bcaa-5d187c7030d1.roa
File:                     2386c50f-62b3-4d64-bcaa-5d187c7030d1.roa (raw, json)
Hash identifier:          BatEBEYo/OUcN6X1pHavmKLzmovBrvuP0pZJsAxneIQ=
Subject key identifier:   F6:C8:C3:29:69:E8:01:4C:98:D6:6F:9D:D2:B1:1F:8A:94:27:DD:99
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1D0080F69804A07E92586CAD0C0661C1CF114F27
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2386c50f-62b3-4d64-bcaa-5d187c7030d1.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:00:80:f6:98:04:a0:7e:92:58:6c:ad:0c:06:61:c1:cf:11:4f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: serialNumber=bae070464f3b2af83f41a8424e96f9c1bbd2c9bc77222bd21e7dfc80853d3932, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:46:5b:ba:5d:4b:99:26:6a:8b:dc:45:a3:ab:
                    0c:ed:c9:c7:2b:41:62:41:89:af:41:c5:e7:e6:b3:
                    c9:3c:47:f0:9e:a5:a8:9e:cf:30:8d:7d:0b:6a:4a:
                    89:49:19:30:2c:53:27:60:62:87:4a:68:82:28:c3:
                    32:6f:cb:9f:4f:9d:52:b7:f7:22:34:82:b3:f9:5d:
                    2d:f0:f9:f2:78:54:02:1a:ea:a2:54:10:ed:8e:c8:
                    99:ff:74:39:13:cb:a2:cf:67:c9:d6:d3:69:8e:ab:
                    02:6f:37:d4:39:5b:c2:7b:7a:02:56:46:f4:6b:cc:
                    d8:a2:f3:84:88:77:b2:1b:b6:4a:4a:cd:02:c4:ff:
                    37:9d:93:c5:42:72:9a:51:ed:84:ad:1a:d0:02:d8:
                    14:7d:ae:ed:fc:f2:60:8b:33:80:b8:61:62:90:04:
                    cb:30:ee:ac:3a:c6:a3:5b:c3:ee:b9:62:41:c6:af:
                    d3:a1:0e:80:d3:78:3f:6d:63:ce:d8:2a:cf:dc:7c:
                    b2:34:3f:6f:e1:24:59:fc:2f:e9:79:31:a1:50:d9:
                    aa:0c:47:9a:be:70:1e:5e:37:56:f4:24:cc:30:cd:
                    17:e4:2e:f4:8d:6d:11:c8:e5:4c:24:af:30:13:68:
                    22:23:da:fb:fd:ae:0a:27:08:b5:d1:6e:e0:bf:36:
                    de:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:C8:C3:29:69:E8:01:4C:98:D6:6F:9D:D2:B1:1F:8A:94:27:DD:99
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2386c50f-62b3-4d64-bcaa-5d187c7030d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:bf:b6:3c:bd:56:4f:e3:87:39:d2:21:08:58:f8:67:5f:9c:
         78:b9:6e:0c:1a:22:03:c3:4e:12:ae:64:fd:91:c7:1d:47:9b:
         b6:fa:80:a2:b6:ef:6d:15:bc:fb:71:4e:cb:3c:c7:db:c9:79:
         fd:9c:8f:9a:a7:d8:e7:82:48:44:f3:df:5e:04:91:87:15:ab:
         dc:72:40:ab:77:06:2c:00:af:c1:b1:a7:80:44:a2:a7:25:d4:
         c2:01:38:5d:39:c0:db:ad:e2:6e:e2:c4:19:fd:9b:80:c2:10:
         fc:23:8e:b8:c7:2a:4e:b3:77:0c:0e:0b:04:15:71:02:c9:ec:
         0b:6e:f5:69:39:57:06:f8:a6:ba:3d:09:7e:04:7c:06:79:ba:
         9d:e3:ca:a6:8d:09:23:0a:6b:b9:e3:12:a6:3d:7d:7a:7f:45:
         ba:06:88:a2:05:b2:bc:4f:46:06:04:1e:63:45:25:4a:f9:95:
         2c:2c:d3:e2:aa:6f:12:0d:53:45:0a:3b:36:15:1a:0d:db:cc:
         86:c7:4d:a1:42:6b:93:74:c0:50:bf:7b:e3:12:da:1f:be:29:
         2e:b7:fc:fc:5e:4d:14:5b:f5:6a:5c:ba:76:0a:74:4a:5f:70:
         ac:fb:7d:67:ef:60:57:ef:89:22:1a:b2:2c:5a:7b:7e:96:87:
         70:a0:83:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHQCA9pgEoH6SWGytDAZhwc8RTycwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjEzMDAwMDAwWhcNMjUwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYWUwNzA0NjRmM2IyYWY4M2Y0MWE4NDI0ZTk2ZjljMWJi
ZDJjOWJjNzcyMjJiZDIxZTdkZmM4MDg1M2QzOTMyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRRlu6XUuZJmqL3EWjqwztyccrQWJBia9Bxefms8k8R/Ce
paiezzCNfQtqSolJGTAsUydgYodKaIIowzJvy59PnVK39yI0grP5XS3w+fJ4VAIa
6qJUEO2OyJn/dDkTy6LPZ8nW02mOqwJvN9Q5W8J7egJWRvRrzNii84SId7IbtkpK
zQLE/zedk8VCcppR7YStGtAC2BR9ru388mCLM4C4YWKQBMsw7qw6xqNbw+65YkHG
r9OhDoDTeD9tY87YKs/cfLI0P2/hJFn8L+l5MaFQ2aoMR5q+cB5eN1b0JMwwzRfk
LvSNbRHI5UwkrzATaCIj2vv9rgonCLXRbuC/Nt6HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9sjDKWnoAUyY1m+d0rEfipQn3ZkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIzODZjNTBmLTYyYjMtNGQ2NC1iY2FhLTVkMTg3YzcwMzBkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG2/tjy9Vk/jhznSIQhY+GdfnHi5
bgwaIgPDThKuZP2Rxx1Hm7b6gKK2720VvPtxTss8x9vJef2cj5qn2OeCSETz314E
kYcVq9xyQKt3BiwAr8Gxp4BEoqcl1MIBOF05wNut4m7ixBn9m4DCEPwjjrjHKk6z
dwwOCwQVcQLJ7Atu9Wk5Vwb4pro9CX4EfAZ5up3jyqaNCSMKa7njEqY9fXp/RboG
iKIFsrxPRgYEHmNFJUr5lSws0+KqbxINU0UKOzYVGg3bzIbHTaFCa5N0wFC/e+MS
2h++KS63/PxeTRRb9WpcunYKdEpfcKz7fWfvYFfviSIasixae36Wh3Cgg7k=
-----END CERTIFICATE-----