Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/36e15842-3934-41d6-a837-bb3bca1b6660.roa
File:                     36e15842-3934-41d6-a837-bb3bca1b6660.roa (raw, json)
Hash identifier:          PsPhwAzi76MvmLG07fLBVJhrwlaEQbUtkEWvB6IQtk4=
Subject key identifier:   9A:EF:3E:2A:AC:CE:A7:C4:77:76:7C:ED:8B:AC:1D:71:EC:E7:2A:74
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       43A1D3212E4D8D067EEC159ADE51D1C7264FC3D6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/36e15842-3934-41d6-a837-bb3bca1b6660.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:a1:d3:21:2e:4d:8d:06:7e:ec:15:9a:de:51:d1:c7:26:4f:c3:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=231224f59cd63fac72aff61ce95f4593bb64321dcbb1965f203f894240687f0b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:39:8c:27:ad:e5:03:be:8f:23:13:d0:39:f1:
                    75:2d:b4:76:a4:27:85:98:0b:3e:85:68:d4:6e:d4:
                    81:be:e2:cb:e0:d0:60:8a:f4:46:2b:fa:4a:f2:42:
                    ac:27:f9:a0:26:e3:e3:b7:d5:3b:e3:e1:5e:dd:f3:
                    4c:99:de:f7:39:a3:93:03:aa:7a:90:80:5e:32:95:
                    87:ce:4d:13:f0:d7:97:9c:c3:18:56:2e:80:17:4e:
                    bf:e3:5b:5c:30:42:93:54:69:b1:4f:96:48:4f:85:
                    8f:82:32:00:72:51:9e:00:d7:8c:48:1d:1c:67:39:
                    fe:b0:23:b1:c3:1b:b6:eb:5a:5e:a3:33:4c:4b:6e:
                    f8:63:7b:16:d3:47:09:ad:aa:52:d8:87:a3:80:ee:
                    dc:92:fe:6a:75:69:37:fc:a3:aa:6f:78:48:8c:57:
                    85:d9:76:ec:5c:58:47:19:38:75:86:b8:89:ad:ef:
                    f3:50:1c:eb:59:a4:f6:e0:39:76:f1:8b:d1:b8:d5:
                    4d:51:6e:85:29:bf:da:7e:74:51:bb:4d:8e:b8:a5:
                    00:e3:b1:4c:10:57:12:e7:40:c6:9d:cc:9f:40:75:
                    3d:d2:05:ab:bb:b5:54:37:56:c5:27:8a:bb:ac:0a:
                    b8:a7:66:47:4e:e8:42:3e:c7:ff:92:21:24:b0:d7:
                    59:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:EF:3E:2A:AC:CE:A7:C4:77:76:7C:ED:8B:AC:1D:71:EC:E7:2A:74
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/36e15842-3934-41d6-a837-bb3bca1b6660.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:fd:1e:80:5d:62:66:70:78:b3:c2:fb:18:9b:74:ff:c4:7e:
         19:0d:11:58:e3:b9:97:25:33:d9:3a:ee:3b:f7:94:16:43:4e:
         75:66:f5:a0:57:b2:00:b3:d2:e0:8e:cc:96:30:66:c5:a5:fa:
         22:32:2e:fa:c7:06:32:ef:06:94:b8:99:34:c5:5d:d3:16:c7:
         52:49:c6:0f:2f:0c:8a:30:4b:bc:49:53:6c:8b:32:88:98:23:
         b0:ce:1a:57:f8:26:f0:fe:0a:b0:bf:2e:67:b3:44:4e:ab:e3:
         b5:51:0e:23:54:b7:d5:2b:d4:60:52:25:de:4d:9b:27:26:a8:
         93:59:23:e8:37:63:26:41:db:6d:73:12:44:a0:95:0e:1f:4e:
         ed:f7:5f:b8:79:a7:fd:32:0b:15:54:a1:19:fc:95:0c:6b:db:
         a8:9d:07:f5:18:95:4f:ff:53:4a:39:4b:76:ca:1f:0f:c0:18:
         81:6d:53:68:f2:f1:25:d3:2e:38:e8:5f:f7:c4:53:f5:e8:ca:
         34:f8:26:8e:be:2f:1a:d4:0d:37:14:e7:10:13:37:d1:03:9e:
         d3:c9:ff:30:4a:50:15:6e:c4:c0:78:83:1a:8e:8b:c5:7b:9e:
         d8:44:8c:4d:5c:c8:46:3f:c5:0a:e0:1e:fe:7e:b2:3f:92:f2:
         fd:d8:05:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ6HTIS5NjQZ+7BWa3lHRxyZPw9YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMzEyMjRmNTljZDYzZmFjNzJhZmY2MWNlOTVmNDU5M2Ji
NjQzMjFkY2JiMTk2NWYyMDNmODk0MjQwNjg3ZjBiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjOYwnreUDvo8jE9A58XUttHakJ4WYCz6FaNRu1IG+4svg
0GCK9EYr+kryQqwn+aAm4+O31Tvj4V7d80yZ3vc5o5MDqnqQgF4ylYfOTRPw15ec
wxhWLoAXTr/jW1wwQpNUabFPlkhPhY+CMgByUZ4A14xIHRxnOf6wI7HDG7brWl6j
M0xLbvhjexbTRwmtqlLYh6OA7tyS/mp1aTf8o6pveEiMV4XZduxcWEcZOHWGuImt
7/NQHOtZpPbgOXbxi9G41U1RboUpv9p+dFG7TY64pQDjsUwQVxLnQMadzJ9AdT3S
Bau7tVQ3VsUnirusCrinZkdO6EI+x/+SISSw11nbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmu8+KqzOp8R3dnzti6wdceznKnQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM2ZTE1ODQyLTM5MzQtNDFkNi1hODM3LWJiM2JjYTFiNjY2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACb9HoBdYmZweLPC+xibdP/EfhkN
EVjjuZclM9k67jv3lBZDTnVm9aBXsgCz0uCOzJYwZsWl+iIyLvrHBjLvBpS4mTTF
XdMWx1JJxg8vDIowS7xJU2yLMoiYI7DOGlf4JvD+CrC/LmezRE6r47VRDiNUt9Ur
1GBSJd5NmycmqJNZI+g3YyZB221zEkSglQ4fTu33X7h5p/0yCxVUoRn8lQxr26id
B/UYlU//U0o5S3bKHw/AGIFtU2jy8SXTLjjoX/fEU/XoyjT4Jo6+LxrUDTcU5xAT
N9EDntPJ/zBKUBVuxMB4gxqOi8V7nthEjE1cyEY/xQrgHv5+sj+S8v3YBeA=
-----END CERTIFICATE-----