Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/41cb7290-aa75-46c9-b6e4-74d11dc178c4.roa
File:                     41cb7290-aa75-46c9-b6e4-74d11dc178c4.roa (raw, json)
Hash identifier:          acMvcuoEbOGZTN/nRDXH6rK80zsmuqX5Sy07onBM/tM=
Subject key identifier:   A4:8F:33:D2:53:0F:D2:EE:C2:14:9C:F7:17:14:51:A9:EC:74:2A:0E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       65843000F1537028DC3B8E90FE262EC0CD52A1B0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/41cb7290-aa75-46c9-b6e4-74d11dc178c4.roa
Signing time:             Fri 12 Jul 2024 00:00:00 +0000
ROA not before:           Fri 12 Jul 2024 00:00:00 +0000
ROA not after:            Fri 16 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:84:30:00:f1:53:70:28:dc:3b:8e:90:fe:26:2e:c0:cd:52:a1:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 12 00:00:00 2024 GMT
            Not After : Aug 16 23:59:59 2024 GMT
        Subject: serialNumber=f7669e063dc19a0c85b8a9837dd8aecdb7579a920610f7951ecd3d8d0705e53f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:53:2c:42:d9:25:28:e0:a9:ba:da:e5:ec:18:
                    53:80:b4:af:dd:41:9d:e1:25:d9:41:c6:d0:f6:1b:
                    ce:9c:66:cb:2e:1d:47:31:db:8b:59:7c:53:89:8c:
                    c6:19:b5:38:82:d7:90:4a:9c:37:c8:01:f7:96:a9:
                    af:72:7a:ae:b1:1b:fa:34:89:07:23:5b:96:d9:d5:
                    43:8c:f4:56:f0:ef:7c:7b:bb:7d:2d:90:a8:5b:92:
                    f8:30:cb:41:f0:58:33:f0:3f:5b:d9:4a:80:a2:b4:
                    7a:28:61:e9:e9:0d:ee:c7:8a:b2:05:72:6d:a2:17:
                    7c:73:51:85:07:8b:c4:fc:5c:44:b0:b6:3a:04:e9:
                    62:ab:b0:69:c0:3f:b5:fe:6c:96:30:30:83:ed:99:
                    d1:01:18:7c:de:83:ff:14:df:34:76:9d:62:43:9e:
                    bd:d3:85:b9:ac:7d:ab:d1:93:bc:e1:e0:07:95:f6:
                    35:b2:57:00:f6:d3:c6:c6:c8:cc:97:f4:2e:32:0d:
                    d3:b8:da:f2:19:9a:eb:8c:39:4c:4b:80:8b:c0:88:
                    ae:fe:35:83:08:7e:fd:61:3a:d0:89:d0:05:f9:3f:
                    15:fb:83:f8:b2:fc:c9:33:4e:18:c0:94:4f:ac:17:
                    6d:89:a5:32:0d:6a:ed:ce:4a:31:ed:76:8e:25:47:
                    0d:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:8F:33:D2:53:0F:D2:EE:C2:14:9C:F7:17:14:51:A9:EC:74:2A:0E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/41cb7290-aa75-46c9-b6e4-74d11dc178c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:ec:f7:47:30:2b:e1:7c:25:4c:ea:b8:71:9b:16:9f:4b:2f:
         b1:dc:65:ed:fc:b3:8a:fb:f9:f6:80:98:0b:d1:5f:31:29:7c:
         68:2b:11:ff:62:90:e3:cb:b5:38:a8:9d:3f:42:b4:6d:57:71:
         6a:0a:61:d1:d9:41:e4:6c:70:e9:44:0e:a5:44:e8:b4:40:35:
         20:56:64:bd:0e:9a:77:4e:1a:5e:ea:42:73:bc:90:17:28:4d:
         61:83:65:32:ec:3c:dd:00:17:19:4f:58:34:a5:1c:44:34:e2:
         02:55:9b:f4:4a:2f:32:1b:7d:c3:21:c6:34:27:99:45:be:0e:
         fa:44:02:b5:c1:ae:00:be:15:b0:2f:e0:c8:ea:65:74:7c:c1:
         5c:87:56:d4:7b:8e:bb:9c:9f:d1:5a:e7:2e:b4:86:5b:c7:b5:
         4e:90:f6:8e:c9:d6:f5:53:55:9e:a5:50:d7:69:88:1d:56:28:
         7c:f8:00:96:b8:6f:33:d9:01:f9:ad:a2:90:35:32:7c:53:1a:
         bb:4d:5e:e7:cf:47:76:aa:b7:98:20:68:c8:16:f4:88:eb:84:
         ef:da:34:d0:9d:1d:84:51:1d:53:b8:07:5c:d2:ba:93:bc:91:
         4f:04:29:f2:81:85:79:0c:33:e5:03:78:d3:45:74:fa:b2:55:
         37:c7:e8:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZYQwAPFTcCjcO46Q/iYuwM1SobAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzEyMDAwMDAwWhcNMjQwODE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzY2OWUwNjNkYzE5YTBjODViOGE5ODM3ZGQ4YWVjZGI3
NTc5YTkyMDYxMGY3OTUxZWNkM2Q4ZDA3MDVlNTNmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfUyxC2SUo4Km62uXsGFOAtK/dQZ3hJdlBxtD2G86cZssu
HUcx24tZfFOJjMYZtTiC15BKnDfIAfeWqa9yeq6xG/o0iQcjW5bZ1UOM9Fbw73x7
u30tkKhbkvgwy0HwWDPwP1vZSoCitHooYenpDe7HirIFcm2iF3xzUYUHi8T8XESw
tjoE6WKrsGnAP7X+bJYwMIPtmdEBGHzeg/8U3zR2nWJDnr3ThbmsfavRk7zh4AeV
9jWyVwD208bGyMyX9C4yDdO42vIZmuuMOUxLgIvAiK7+NYMIfv1hOtCJ0AX5PxX7
g/iy/MkzThjAlE+sF22JpTINau3OSjHtdo4lRw0LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpI8z0lMP0u7CFJz3FxRRqex0Kg4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQxY2I3MjkwLWFhNzUtNDZjOS1iNmU0LTc0ZDExZGMxNzhjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC3s90cwK+F8JUzquHGbFp9LL7Hc
Ze38s4r7+faAmAvRXzEpfGgrEf9ikOPLtTionT9CtG1XcWoKYdHZQeRscOlEDqVE
6LRANSBWZL0OmndOGl7qQnO8kBcoTWGDZTLsPN0AFxlPWDSlHEQ04gJVm/RKLzIb
fcMhxjQnmUW+DvpEArXBrgC+FbAv4MjqZXR8wVyHVtR7jrucn9Fa5y60hlvHtU6Q
9o7J1vVTVZ6lUNdpiB1WKHz4AJa4bzPZAfmtopA1MnxTGrtNXufPR3aqt5ggaMgW
9IjrhO/aNNCdHYRRHVO4B1zSupO8kU8EKfKBhXkMM+UDeNNFdPqyVTfH6Gk=
-----END CERTIFICATE-----