Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/695c433d-215a-4192-8d14-f6c8091fdadf.roa
File:                     695c433d-215a-4192-8d14-f6c8091fdadf.roa (raw, json)
Hash identifier:          RBb//Ar0vmDTotV3p3UkOe4dB9fTpU59387WAFr/h1Y=
Subject key identifier:   9C:94:59:88:67:2C:64:1B:26:86:20:11:E7:98:C6:63:4E:ED:A8:97
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2C6513240C490A4B9DC7F63256A493090D7AF07F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/695c433d-215a-4192-8d14-f6c8091fdadf.roa
Signing time:             Mon 03 Mar 2025 23:18:19 +0000
ROA not before:           Mon 03 Mar 2025 23:18:19 +0000
ROA not after:            Mon 07 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:65:13:24:0c:49:0a:4b:9d:c7:f6:32:56:a4:93:09:0d:7a:f0:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  3 23:18:19 2025 GMT
            Not After : Apr  7 23:59:59 2025 GMT
        Subject: serialNumber=959942d98a0e7ff60aac0abb8f2acd043ac0f54d15c7fdbacb550c399087e1cb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0b:c1:33:29:9b:da:37:48:33:6e:5d:10:b0:
                    73:ff:35:5d:1f:1d:ab:f8:58:02:3a:2c:81:eb:d9:
                    29:ee:84:8b:35:01:36:3d:07:dd:d3:2d:ee:aa:8f:
                    5d:f2:5c:70:87:52:fd:7d:e1:e8:08:24:9a:f8:ab:
                    cd:d1:ef:3e:2c:33:36:24:de:9e:4a:be:e4:b9:49:
                    20:bf:02:f5:87:b4:f9:7f:1d:3c:49:ca:26:fd:88:
                    77:bb:21:e1:22:25:c2:f2:ce:9a:81:dc:ef:97:6a:
                    d4:a3:f6:1d:bd:70:71:02:33:45:85:f7:b1:33:30:
                    d5:80:42:ba:d9:7f:5a:46:1d:cf:4b:10:c0:96:21:
                    c7:a7:20:cd:5c:9b:5d:0a:ad:a1:e4:66:0f:70:14:
                    4c:3d:e3:f1:d5:0d:fc:2b:66:73:a4:7f:27:e1:23:
                    42:5e:b2:14:c3:ac:35:e9:5b:aa:7d:51:a2:8d:5d:
                    9c:44:49:3d:b8:84:93:26:d2:83:ea:4b:a3:6d:79:
                    51:af:b4:e3:12:1f:ea:04:1c:e5:6f:e8:a3:be:a6:
                    36:2a:64:28:e6:15:6a:0c:a2:93:47:0e:f7:73:27:
                    43:a7:6c:64:e5:b7:05:c5:b6:a5:b8:b5:d7:a2:e9:
                    6d:9a:94:03:c9:42:73:83:db:63:7d:16:ca:01:e8:
                    29:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:94:59:88:67:2C:64:1B:26:86:20:11:E7:98:C6:63:4E:ED:A8:97
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/695c433d-215a-4192-8d14-f6c8091fdadf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:4c:cb:e6:c0:05:66:bd:f0:54:af:82:9e:46:6d:b8:29:e9:
         69:a9:68:f5:df:73:33:b3:cf:1e:c6:21:dc:0c:b9:43:0d:73:
         fb:13:cf:a5:5d:94:15:ad:fb:eb:eb:12:64:cc:0b:26:57:f5:
         ea:1c:a2:57:da:8c:e9:0c:cf:53:34:83:07:f7:bc:d3:82:3a:
         ee:7e:59:4e:a5:6b:ff:db:6c:3b:24:ee:85:6b:32:bd:96:12:
         9c:c9:6e:83:75:ce:d2:14:5f:63:a5:26:b5:01:2b:c2:11:36:
         bd:a7:e4:2e:5d:92:05:8b:07:f5:74:5e:2d:6d:a1:cc:bb:c5:
         f8:b4:1d:ef:94:ac:c0:7f:55:87:ef:d0:87:8a:ed:54:b3:4b:
         0b:39:6f:c2:e8:29:7a:57:13:32:d2:0e:38:1a:9a:52:2e:df:
         30:99:69:9d:da:7c:d4:9d:09:eb:f5:08:db:79:85:6a:cf:56:
         5b:c3:3d:fb:ae:88:ed:6e:ec:a3:f2:e6:3b:29:d4:e0:6b:c3:
         ff:1f:5d:58:92:88:8f:82:15:eb:b4:69:f6:cb:2f:d4:22:94:
         8a:fc:05:a2:e7:db:ee:57:f7:20:64:e7:9b:b7:e6:d9:97:db:
         d9:7a:8f:22:40:55:46:c8:1d:ab:f1:62:3a:1e:3e:16:c4:64:
         05:24:4b:6d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULGUTJAxJCkudx/YyVqSTCQ168H8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzAzMjMxODE5WhcNMjUwNDA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NTk5NDJkOThhMGU3ZmY2MGFhYzBhYmI4ZjJhY2QwNDNh
YzBmNTRkMTVjN2ZkYmFjYjU1MGMzOTkwODdlMWNiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKC8EzKZvaN0gzbl0QsHP/NV0fHav4WAI6LIHr2SnuhIs1
ATY9B93TLe6qj13yXHCHUv194egIJJr4q83R7z4sMzYk3p5KvuS5SSC/AvWHtPl/
HTxJyib9iHe7IeEiJcLyzpqB3O+XatSj9h29cHECM0WF97EzMNWAQrrZf1pGHc9L
EMCWIcenIM1cm10KraHkZg9wFEw94/HVDfwrZnOkfyfhI0JeshTDrDXpW6p9UaKN
XZxEST24hJMm0oPqS6NteVGvtOMSH+oEHOVv6KO+pjYqZCjmFWoMopNHDvdzJ0On
bGTltwXFtqW4tdei6W2alAPJQnOD22N9FsoB6ClpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnJRZiGcsZBsmhiAR55jGY07tqJcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY5NWM0MzNkLTIxNWEtNDE5Mi04ZDE0LWY2YzgwOTFmZGFkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEpMy+bABWa98FSvgp5Gbbgp6Wmp
aPXfczOzzx7GIdwMuUMNc/sTz6VdlBWt++vrEmTMCyZX9eocolfajOkMz1M0gwf3
vNOCOu5+WU6la//bbDsk7oVrMr2WEpzJboN1ztIUX2OlJrUBK8IRNr2n5C5dkgWL
B/V0Xi1tocy7xfi0He+UrMB/VYfv0IeK7VSzSws5b8LoKXpXEzLSDjgamlIu3zCZ
aZ3afNSdCev1CNt5hWrPVlvDPfuuiO1u7KPy5jsp1OBrw/8fXViSiI+CFeu0afbL
L9QilIr8BaLn2+5X9yBk55u35tmX29l6jyJAVUbIHavxYjoePhbEZAUkS20=
-----END CERTIFICATE-----