Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8045a619-727d-464e-ac5c-2139839a5d4b.roa
File:                     8045a619-727d-464e-ac5c-2139839a5d4b.roa (raw, json)
Hash identifier:          oEq174l3o/kzT6t0+FHI+8hrwtVqSQncipVQTmnSpng=
Subject key identifier:   92:7E:80:E4:7D:AD:11:35:B4:82:65:5B:FE:E0:16:BE:2D:85:3C:11
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       57A6A5A14F1068763289A491877206FBBB23C886
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8045a619-727d-464e-ac5c-2139839a5d4b.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:a6:a5:a1:4f:10:68:76:32:89:a4:91:87:72:06:fb:bb:23:c8:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: serialNumber=5593511ea7804cab4f886cf01bbfe7cc5da26881389f541d50eaa8b6da9c0623, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:99:02:2b:05:cc:04:b1:a8:42:51:44:75:88:
                    aa:db:d1:3c:77:f1:e6:c5:a2:72:51:ac:f8:70:19:
                    94:54:7a:1e:49:7e:55:9b:98:23:c3:9a:13:c6:de:
                    96:f8:d5:2c:14:fa:f6:37:ab:07:47:1e:2b:ab:56:
                    1a:aa:4c:31:4b:de:d1:d1:50:da:ca:be:89:d2:95:
                    73:b3:0f:d6:64:56:16:4e:67:a4:5b:d5:ff:7d:6d:
                    68:84:fc:ac:f8:db:41:9f:cc:99:e3:ba:f8:09:45:
                    54:76:55:47:b8:8a:96:48:e1:47:2d:d2:ce:70:ea:
                    15:f2:bc:82:04:52:89:3e:d1:b7:a5:c3:55:0d:ae:
                    68:18:e5:71:cd:0b:94:96:5d:3d:97:13:07:a5:04:
                    46:fc:65:5a:fa:ca:c2:7c:59:a6:f5:94:89:f1:4c:
                    b7:d4:78:39:9e:21:82:8c:17:90:43:a2:5c:ca:5a:
                    91:18:68:55:80:f2:7a:f1:86:1a:67:ef:22:7e:8b:
                    ea:d7:82:a8:f5:ab:a2:3d:89:ae:98:90:25:28:be:
                    24:0c:c2:c2:4c:bb:2b:6f:67:c4:d1:60:26:1c:99:
                    63:c3:89:25:2a:1c:bf:90:49:26:e7:fa:a8:98:11:
                    41:80:f2:e6:bb:83:46:78:78:84:fa:fb:e4:aa:2b:
                    b9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:7E:80:E4:7D:AD:11:35:B4:82:65:5B:FE:E0:16:BE:2D:85:3C:11
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8045a619-727d-464e-ac5c-2139839a5d4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:3f:07:b6:d0:08:df:f0:a7:33:11:8b:eb:bc:6d:ad:80:56:
         7c:7a:f0:5f:b3:59:6d:8f:32:79:38:2d:ae:3f:f2:d1:96:70:
         3e:a9:d3:40:c1:95:05:b7:d0:f8:e1:bf:f6:75:b5:64:1b:b3:
         0c:cd:48:f5:dd:b1:21:1c:c8:3c:eb:c0:0e:6f:cc:8d:b9:af:
         4f:b9:f3:f6:56:9b:5b:91:64:85:ab:a6:6d:b2:46:b4:ce:d2:
         88:35:a4:0a:ed:d6:46:fe:bf:5a:37:44:86:e0:7f:87:70:d6:
         46:13:a9:5b:ab:34:0a:ba:f1:fb:22:ad:bf:47:4c:33:f1:71:
         d8:49:be:77:09:34:d4:3a:52:d5:a2:68:83:32:be:de:97:ad:
         80:d3:d2:9f:c1:1e:4f:53:11:df:ee:cd:cd:09:e4:fa:9f:38:
         a9:ad:09:9d:67:c2:ec:d6:73:3c:d8:78:89:2a:0a:ee:4b:52:
         90:61:d5:dc:5d:0d:35:2a:0d:35:0d:81:56:9f:bc:e7:9a:e3:
         5c:51:3d:6d:d7:52:3b:af:02:e4:8d:d8:00:12:d0:90:c8:66:
         fa:86:98:91:1b:aa:8b:b5:32:55:01:be:fa:37:74:2d:7c:89:
         3b:a4:5c:9a:d2:b9:8c:52:6e:ae:29:80:94:c3:f7:f6:ea:ad:
         14:0f:85:01
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV6aloU8QaHYyiaSRh3IG+7sjyIYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjA1MDAwMDAwWhcNMjUwMzEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NTkzNTExZWE3ODA0Y2FiNGY4ODZjZjAxYmJmZTdjYzVk
YTI2ODgxMzg5ZjU0MWQ1MGVhYThiNmRhOWMwNjIzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfmQIrBcwEsahCUUR1iKrb0Tx38ebFonJRrPhwGZRUeh5J
flWbmCPDmhPG3pb41SwU+vY3qwdHHiurVhqqTDFL3tHRUNrKvonSlXOzD9ZkVhZO
Z6Rb1f99bWiE/Kz420GfzJnjuvgJRVR2VUe4ipZI4Uct0s5w6hXyvIIEUok+0bel
w1UNrmgY5XHNC5SWXT2XEwelBEb8ZVr6ysJ8Wab1lInxTLfUeDmeIYKMF5BDolzK
WpEYaFWA8nrxhhpn7yJ+i+rXgqj1q6I9ia6YkCUoviQMwsJMuytvZ8TRYCYcmWPD
iSUqHL+QSSbn+qiYEUGA8ua7g0Z4eIT6++SqK7lRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkn6A5H2tETW0gmVb/uAWvi2FPBEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgwNDVhNjE5LTcyN2QtNDY0ZS1hYzVjLTIxMzk4MzlhNWQ0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFc/B7bQCN/wpzMRi+u8ba2AVnx6
8F+zWW2PMnk4La4/8tGWcD6p00DBlQW30Pjhv/Z1tWQbswzNSPXdsSEcyDzrwA5v
zI25r0+58/ZWm1uRZIWrpm2yRrTO0og1pArt1kb+v1o3RIbgf4dw1kYTqVurNAq6
8fsirb9HTDPxcdhJvncJNNQ6UtWiaIMyvt6XrYDT0p/BHk9TEd/uzc0J5PqfOKmt
CZ1nwuzWczzYeIkqCu5LUpBh1dxdDTUqDTUNgVafvOea41xRPW3XUjuvAuSN2AAS
0JDIZvqGmJEbqou1MlUBvvo3dC18iTukXJrSuYxSbq4pgJTD9/bqrRQPhQE=
-----END CERTIFICATE-----