Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3b2e72dc-797a-4e19-891e-699868571f84.roa
File:                     3b2e72dc-797a-4e19-891e-699868571f84.roa (raw, json)
Hash identifier:          rb+IYaOVVRSAGweCrRyByE36myL1FlpdR9/G/7gT5V4=
Subject key identifier:   B6:2F:14:9F:02:C5:17:C0:92:98:B4:3D:14:99:0F:64:80:53:86:1A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       65A4E8C6EC7DD00AB2445483FC0DD5EEC647B9CB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3b2e72dc-797a-4e19-891e-699868571f84.roa
Signing time:             Sun 08 Dec 2024 00:00:00 +0000
ROA not before:           Sun 08 Dec 2024 00:00:00 +0000
ROA not after:            Sun 12 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:a4:e8:c6:ec:7d:d0:0a:b2:44:54:83:fc:0d:d5:ee:c6:47:b9:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  8 00:00:00 2024 GMT
            Not After : Jan 12 23:59:59 2025 GMT
        Subject: serialNumber=7dab9053cd8fbe8a677b93b5de9042145daab9342219d4025eefc447f0ce7875, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f9:44:ef:d3:38:ce:20:a9:71:af:d0:be:af:
                    b7:c5:82:95:76:0b:b8:6f:5f:fe:1d:5c:3e:e7:cf:
                    29:63:3a:ab:f6:7d:8d:19:99:8e:df:62:8d:3a:59:
                    41:09:7a:c8:52:18:82:8c:61:44:7f:33:4c:91:ed:
                    d9:f2:80:cf:9a:6a:fc:d1:35:8e:b0:0a:f8:c2:1e:
                    2d:a8:20:36:9d:03:af:9e:1d:93:db:6d:23:f2:2c:
                    3d:c4:6f:30:3a:ee:80:80:fd:58:48:14:d5:13:04:
                    69:56:d0:24:ac:c1:86:48:41:b5:22:cf:17:c1:56:
                    8a:b3:86:bb:98:ba:4a:7a:c0:a9:c2:90:5c:04:cb:
                    c0:ab:9e:c5:3a:e0:bf:aa:6b:fd:06:d8:24:a6:e2:
                    89:3a:73:3b:d5:d7:8d:a8:23:6f:a6:ee:d6:3b:e0:
                    ce:5d:a2:3b:cd:96:d2:11:27:79:43:7f:ee:24:6a:
                    71:3b:f6:cd:20:e5:60:b1:4c:f8:05:d3:ab:f4:e0:
                    2d:3d:50:37:d1:25:aa:00:1c:0c:06:ae:d1:97:56:
                    d4:33:2f:34:9f:f4:65:8f:9c:c9:41:79:50:4c:5f:
                    de:1f:53:39:b3:1d:27:08:23:cc:55:d9:22:79:71:
                    be:b3:e3:f0:8a:82:8e:df:7f:97:c2:da:97:80:51:
                    52:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:2F:14:9F:02:C5:17:C0:92:98:B4:3D:14:99:0F:64:80:53:86:1A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3b2e72dc-797a-4e19-891e-699868571f84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:56:7d:51:9a:26:52:41:7b:f9:d6:70:53:ad:d0:3b:dc:aa:
         36:3f:32:00:a0:a5:a8:db:68:13:38:a3:12:de:bd:1e:70:03:
         17:f6:f7:c4:eb:79:27:81:dd:8f:62:2e:0f:19:d2:69:73:b9:
         f8:b6:f6:d6:9f:3a:73:ed:19:a9:ab:da:d5:b4:76:ec:34:a6:
         3c:02:e1:f0:0f:ca:d2:ac:31:01:cc:0d:f5:6c:77:51:6c:cb:
         56:34:3c:c2:71:4d:a7:cb:12:70:42:fc:5c:02:9c:30:6a:2a:
         a7:b0:27:79:69:be:6b:b1:ab:cb:44:a8:0d:f4:05:89:9c:c8:
         cb:9a:17:f5:0f:55:6c:03:6d:65:b9:36:24:09:32:19:71:04:
         68:b2:32:73:94:2e:6c:da:cf:90:77:b8:fc:8e:ca:38:d4:47:
         46:de:87:0d:e2:4a:cf:86:94:fa:a6:33:a5:7f:6c:7f:5e:32:
         55:d2:4c:a3:ee:43:4b:d3:ca:12:eb:24:cb:09:42:43:37:d0:
         f0:56:a3:4e:47:4d:0d:a9:8c:80:fd:a0:be:92:13:f2:a7:31:
         9b:7f:ac:16:08:e0:6c:00:28:6c:a1:37:67:c6:44:b6:3f:18:
         28:6a:4b:61:05:6d:7d:23:ad:90:78:ab:61:03:dd:ac:ea:22:
         ca:fa:c2:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZaToxux90AqyRFSD/A3V7sZHucswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjA4MDAwMDAwWhcNMjUwMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZGFiOTA1M2NkOGZiZThhNjc3YjkzYjVkZTkwNDIxNDVk
YWFiOTM0MjIxOWQ0MDI1ZWVmYzQ0N2YwY2U3ODc1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ+UTv0zjOIKlxr9C+r7fFgpV2C7hvX/4dXD7nzyljOqv2
fY0ZmY7fYo06WUEJeshSGIKMYUR/M0yR7dnygM+aavzRNY6wCvjCHi2oIDadA6+e
HZPbbSPyLD3EbzA67oCA/VhIFNUTBGlW0CSswYZIQbUizxfBVoqzhruYukp6wKnC
kFwEy8CrnsU64L+qa/0G2CSm4ok6czvV142oI2+m7tY74M5dojvNltIRJ3lDf+4k
anE79s0g5WCxTPgF06v04C09UDfRJaoAHAwGrtGXVtQzLzSf9GWPnMlBeVBMX94f
UzmzHScII8xV2SJ5cb6z4/CKgo7ff5fC2peAUVJJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUti8UnwLFF8CSmLQ9FJkPZIBThhowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNiMmU3MmRjLTc5N2EtNGUxOS04OTFlLTY5OTg2ODU3MWY4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABJWfVGaJlJBe/nWcFOt0DvcqjY/
MgCgpajbaBM4oxLevR5wAxf298TreSeB3Y9iLg8Z0mlzufi29tafOnPtGamr2tW0
duw0pjwC4fAPytKsMQHMDfVsd1Fsy1Y0PMJxTafLEnBC/FwCnDBqKqewJ3lpvmux
q8tEqA30BYmcyMuaF/UPVWwDbWW5NiQJMhlxBGiyMnOULmzaz5B3uPyOyjjUR0be
hw3iSs+GlPqmM6V/bH9eMlXSTKPuQ0vTyhLrJMsJQkM30PBWo05HTQ2pjID9oL6S
E/KnMZt/rBYI4GwAKGyhN2fGRLY/GChqS2EFbX0jrZB4q2ED3azqIsr6wk8=
-----END CERTIFICATE-----