Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b5d6ea08-9387-42d5-ad4d-3ec148d46939.roa
File:                     b5d6ea08-9387-42d5-ad4d-3ec148d46939.roa (raw, json)
Hash identifier:          +hq886I8Jo/rsbGu8uZV1K1UxAWzit4hsp7vPnw5obA=
Subject key identifier:   54:4A:CA:5E:30:A1:53:90:80:29:7B:42:9A:89:FB:C0:52:71:BD:2F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       38836FC421E2DF7A524EF8152BF878B384BF8449
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b5d6ea08-9387-42d5-ad4d-3ec148d46939.roa
Signing time:             Fri 14 Feb 2025 08:13:12 +0000
ROA not before:           Fri 14 Feb 2025 08:13:12 +0000
ROA not after:            Fri 21 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:83:6f:c4:21:e2:df:7a:52:4e:f8:15:2b:f8:78:b3:84:bf:84:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 14 08:13:12 2025 GMT
            Not After : Mar 21 23:59:59 2025 GMT
        Subject: serialNumber=0f7140f21daa6b5734b4f3e156a0c0544bd52461811ab896cd6c9df1496c76d3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:63:9d:e3:02:91:2e:37:2a:2b:86:69:63:d6:
                    57:40:08:dc:72:6c:c6:b5:80:90:57:69:eb:25:e2:
                    6c:7a:1b:c2:a2:de:3d:0b:8b:4a:17:b1:bb:d9:39:
                    a1:41:6f:ab:f3:de:a0:a5:c7:b1:4f:b8:30:8d:30:
                    1b:d9:bc:80:fd:e1:ee:38:63:2f:f3:3f:eb:aa:ae:
                    3b:d9:7e:ea:e5:fa:0a:a7:d9:cd:da:97:6f:f4:ee:
                    ff:a7:52:77:1f:cd:c4:a8:fb:31:df:a8:23:c6:30:
                    81:85:5c:be:c4:0b:4d:7c:27:81:ee:d5:fa:ee:b6:
                    86:fb:24:06:b9:de:79:dc:47:86:d1:6d:79:a5:cc:
                    04:4d:eb:f1:26:52:d8:bc:2c:04:eb:b1:09:e3:87:
                    15:0d:62:8d:d5:2a:3b:04:6e:e4:f1:8d:f6:ca:f6:
                    64:84:9d:96:2c:90:b7:ee:50:fe:8d:25:02:ad:cf:
                    b9:1a:5c:41:fe:a3:f5:c2:3b:c8:55:f9:4a:8a:52:
                    10:19:26:ee:cc:47:56:39:d8:63:12:ef:88:57:4f:
                    6e:fa:41:f0:2b:ca:14:64:2f:29:ae:14:bf:5c:75:
                    3a:a1:cf:6b:1b:46:c6:f3:7b:ba:20:6d:1e:1c:20:
                    39:1a:68:02:74:21:93:1a:67:1a:bf:54:37:48:7b:
                    a5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:4A:CA:5E:30:A1:53:90:80:29:7B:42:9A:89:FB:C0:52:71:BD:2F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b5d6ea08-9387-42d5-ad4d-3ec148d46939.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:de:ec:17:2a:1a:13:32:38:c5:4b:9c:74:3e:fa:de:f8:4a:
         75:05:7f:2d:fd:4c:f8:72:da:61:e1:83:30:28:e7:38:b2:05:
         e9:b9:4f:0a:ee:d2:ae:72:70:41:9f:4a:a4:66:bf:87:2a:38:
         8d:2b:6c:a5:05:9f:26:1d:b9:91:ba:7a:60:f8:fc:50:8f:cb:
         55:76:07:df:2d:3f:39:51:c9:72:6a:61:e5:ae:b3:f7:93:b0:
         42:f3:3a:ef:5b:71:ba:84:27:64:0e:db:00:14:7f:95:e9:81:
         86:2a:0b:2d:df:2f:ff:3e:98:c2:3a:c0:e2:8c:19:0b:b6:dc:
         1e:8e:39:28:1b:32:73:13:0a:ef:e2:38:55:9f:69:66:3c:49:
         ea:2a:e2:70:f6:84:a3:12:9a:a5:dc:f9:27:cb:e1:ae:af:fa:
         c2:c7:f8:33:97:55:75:ed:c1:ac:8d:0c:83:fa:de:bd:86:50:
         5b:d3:8f:2e:52:0f:ca:55:6c:bf:10:1c:5f:b9:a2:23:ae:a7:
         0f:5b:1f:57:51:22:93:f6:f8:1f:f5:ca:39:30:ee:4c:7e:b0:
         73:b3:82:f7:02:9d:d7:06:5e:bb:3b:80:6f:7c:ff:a2:0f:ce:
         d3:3b:42:48:1e:aa:7c:65:6b:26:31:d2:6d:0b:c3:3b:4e:bd:
         05:1e:5a:60
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOINvxCHi33pSTvgVK/h4s4S/hEkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjE0MDgxMzEyWhcNMjUwMzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZjcxNDBmMjFkYWE2YjU3MzRiNGYzZTE1NmEwYzA1NDRi
ZDUyNDYxODExYWI4OTZjZDZjOWRmMTQ5NmM3NmQzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7Y53jApEuNyorhmlj1ldACNxybMa1gJBXaesl4mx6G8Ki
3j0Li0oXsbvZOaFBb6vz3qClx7FPuDCNMBvZvID94e44Yy/zP+uqrjvZfurl+gqn
2c3al2/07v+nUncfzcSo+zHfqCPGMIGFXL7EC018J4Hu1frutob7JAa53nncR4bR
bXmlzARN6/EmUti8LATrsQnjhxUNYo3VKjsEbuTxjfbK9mSEnZYskLfuUP6NJQKt
z7kaXEH+o/XCO8hV+UqKUhAZJu7MR1Y52GMS74hXT276QfAryhRkLymuFL9cdTqh
z2sbRsbze7ogbR4cIDkaaAJ0IZMaZxq/VDdIe6VfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVErKXjChU5CAKXtCmon7wFJxvS8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I1ZDZlYTA4LTkzODctNDJkNS1hZDRkLTNlYzE0OGQ0NjkzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFHe7BcqGhMyOMVLnHQ++t74SnUF
fy39TPhy2mHhgzAo5ziyBem5Twru0q5ycEGfSqRmv4cqOI0rbKUFnyYduZG6emD4
/FCPy1V2B98tPzlRyXJqYeWus/eTsELzOu9bcbqEJ2QO2wAUf5XpgYYqCy3fL/8+
mMI6wOKMGQu23B6OOSgbMnMTCu/iOFWfaWY8Seoq4nD2hKMSmqXc+SfL4a6v+sLH
+DOXVXXtwayNDIP63r2GUFvTjy5SD8pVbL8QHF+5oiOupw9bH1dRIpP2+B/1yjkw
7kx+sHOzgvcCndcGXrs7gG98/6IPztM7QkgeqnxlayYx0m0LwztOvQUeWmA=
-----END CERTIFICATE-----