Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/89ee95bf-1034-47a0-9569-2ef9a04ccab3.roa
File:                     89ee95bf-1034-47a0-9569-2ef9a04ccab3.roa (raw, json)
Hash identifier:          Ps0TuzO3ll94FrBz1jLjE7+oiMCx/mDfYp6HzqkHAt8=
Subject key identifier:   32:C3:D9:CF:7C:65:F6:A7:12:12:F3:82:68:D0:41:F6:9D:D6:AB:82
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       52B420571B28A31979634BBAC324219B23991129
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/89ee95bf-1034-47a0-9569-2ef9a04ccab3.roa
Signing time:             Wed 30 Apr 2025 06:33:21 +0000
ROA not before:           Wed 30 Apr 2025 06:33:21 +0000
ROA not after:            Wed 04 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:b4:20:57:1b:28:a3:19:79:63:4b:ba:c3:24:21:9b:23:99:11:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 30 06:33:21 2025 GMT
            Not After : Jun  4 23:59:59 2025 GMT
        Subject: serialNumber=714260117ffaa2cfc7c54e119bd6925fa0b449bf49e1e0f6cc0c9f15ba991a61, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:bd:4b:7a:f8:94:c2:19:86:71:56:8d:7e:55:
                    6c:66:ea:38:ef:a3:a7:51:f9:64:7d:67:06:e5:25:
                    ce:75:8a:36:9d:8d:ca:15:48:8f:6f:21:cb:22:bd:
                    15:c9:a9:ff:01:39:28:68:9f:52:94:6d:f9:89:dc:
                    d8:8b:7e:7e:05:c8:7f:95:71:de:f7:84:47:d3:74:
                    eb:cc:9b:6f:b8:b6:81:dc:7a:01:18:c2:e1:c0:46:
                    fc:bb:35:88:95:c3:3e:4a:2b:cf:8d:c3:7a:8d:e4:
                    08:2e:3d:7a:57:56:40:fa:c7:12:5e:f1:11:e5:fe:
                    cf:28:c9:be:53:41:66:e4:c0:55:c4:c2:50:19:ea:
                    6f:11:d2:c6:eb:dc:9f:42:43:1a:92:73:9e:7f:d8:
                    0c:06:6f:bd:7a:64:d5:33:ac:8c:5d:40:cd:af:61:
                    fa:ca:a0:cd:cd:7e:36:d5:f1:0c:62:cc:07:c7:f5:
                    aa:64:3f:8a:bb:26:a0:fe:6d:e2:0d:b1:48:5a:6b:
                    12:c8:d0:f2:9a:a5:d5:1c:80:2a:f5:5a:ce:c2:78:
                    57:42:0e:00:be:e6:03:59:65:19:45:f1:29:a8:03:
                    97:72:e3:c1:c1:f7:2b:86:25:04:41:05:4b:e3:cd:
                    75:d7:45:ae:dd:94:90:0e:bd:ea:63:c4:7f:bb:cd:
                    73:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:C3:D9:CF:7C:65:F6:A7:12:12:F3:82:68:D0:41:F6:9D:D6:AB:82
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/89ee95bf-1034-47a0-9569-2ef9a04ccab3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:10:94:f6:ea:dd:22:a7:14:da:df:5f:c6:7d:d0:37:0f:e6:
         12:ab:02:17:16:26:c4:e3:08:3b:46:e7:66:9d:ab:8b:90:b9:
         d2:5f:0d:e4:13:07:f9:c8:8a:75:08:c5:7a:5c:cb:1f:0a:3e:
         5f:c3:54:60:09:b3:08:14:97:ed:4b:55:77:da:c4:1c:b3:32:
         2c:89:24:44:f1:25:b4:d6:3f:f0:a2:de:8f:25:9a:21:fa:7c:
         66:9c:3b:45:e6:c4:cf:01:b7:da:b4:37:0f:48:a0:2d:5b:93:
         d7:dc:d5:47:4e:09:39:3c:32:cf:12:b2:e1:e1:46:4e:77:ac:
         97:cf:64:5f:84:ad:be:fc:16:2d:c0:58:77:4f:1e:4a:4e:66:
         3d:11:0a:4d:dd:8f:ac:d7:f0:39:54:5e:e4:25:fa:db:30:86:
         12:20:29:42:88:a7:d3:c2:d7:01:3d:f0:87:60:c9:aa:22:eb:
         d1:2f:a7:81:04:45:47:4b:39:fa:d4:c8:2f:e9:bf:d2:70:4f:
         53:65:15:ff:2c:3e:c2:a1:a5:49:f9:03:8c:16:6f:89:8d:08:
         8c:50:bd:e5:f3:7a:45:f9:f2:e3:e1:9d:50:d0:6d:2c:3c:e4:
         65:85:20:4c:99:1c:5b:c8:ac:9b:76:01:14:d7:a5:09:f4:d7:
         d1:a4:70:99
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUrQgVxsooxl5Y0u6wyQhmyOZESkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDMwMDYzMzIxWhcNMjUwNjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTQyNjAxMTdmZmFhMmNmYzdjNTRlMTE5YmQ2OTI1ZmEw
YjQ0OWJmNDllMWUwZjZjYzBjOWYxNWJhOTkxYTYxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJvUt6+JTCGYZxVo1+VWxm6jjvo6dR+WR9ZwblJc51ijad
jcoVSI9vIcsivRXJqf8BOShon1KUbfmJ3NiLfn4FyH+Vcd73hEfTdOvMm2+4toHc
egEYwuHARvy7NYiVwz5KK8+Nw3qN5AguPXpXVkD6xxJe8RHl/s8oyb5TQWbkwFXE
wlAZ6m8R0sbr3J9CQxqSc55/2AwGb716ZNUzrIxdQM2vYfrKoM3NfjbV8QxizAfH
9apkP4q7JqD+beINsUhaaxLI0PKapdUcgCr1Ws7CeFdCDgC+5gNZZRlF8SmoA5dy
48HB9yuGJQRBBUvjzXXXRa7dlJAOvepjxH+7zXONAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMsPZz3xl9qcSEvOCaNBB9p3Wq4IwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg5ZWU5NWJmLTEwMzQtNDdhMC05NTY5LTJlZjlhMDRjY2FiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFkQlPbq3SKnFNrfX8Z90DcP5hKr
AhcWJsTjCDtG52adq4uQudJfDeQTB/nIinUIxXpcyx8KPl/DVGAJswgUl+1LVXfa
xByzMiyJJETxJbTWP/Ci3o8lmiH6fGacO0XmxM8Bt9q0Nw9IoC1bk9fc1UdOCTk8
Ms8SsuHhRk53rJfPZF+Erb78Fi3AWHdPHkpOZj0RCk3dj6zX8DlUXuQl+tswhhIg
KUKIp9PC1wE98Idgyaoi69Evp4EERUdLOfrUyC/pv9JwT1NlFf8sPsKhpUn5A4wW
b4mNCIxQveXzekX58uPhnVDQbSw85GWFIEyZHFvIrJt2ARTXpQn019GkcJk=
-----END CERTIFICATE-----