Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c5bd5430-80fa-49ad-86f1-8ec541fee64d.roa
File:                     c5bd5430-80fa-49ad-86f1-8ec541fee64d.roa (raw, json)
Hash identifier:          mCASjID5GCrAi7CfOtoVqwVBwqeEXUjJaHtQb11vq7Y=
Subject key identifier:   DC:B3:92:B1:EC:37:33:96:33:E9:2C:A7:1D:BB:8F:24:1E:55:2D:FE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7585C74FEFCBCC93772F50B847659B0EC7F1E21D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c5bd5430-80fa-49ad-86f1-8ec541fee64d.roa
Signing time:             Sun 16 Feb 2025 19:28:19 +0000
ROA not before:           Sun 16 Feb 2025 19:28:19 +0000
ROA not after:            Sun 23 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:85:c7:4f:ef:cb:cc:93:77:2f:50:b8:47:65:9b:0e:c7:f1:e2:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 16 19:28:19 2025 GMT
            Not After : Mar 23 23:59:59 2025 GMT
        Subject: serialNumber=266904063978baa9d77bf47ebb6615beba6d8485aee47b21490002469a885a2c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2f:06:49:3f:4a:41:9c:8b:4a:19:af:fd:25:
                    5a:e8:d0:85:4e:f7:5e:00:0c:c5:47:3a:1b:a6:7f:
                    d2:f6:ec:e7:8e:95:aa:3e:0d:c4:03:3f:2a:d5:66:
                    e3:ff:ea:69:fb:02:e6:e0:0d:f6:1e:cf:0e:ae:6b:
                    55:ff:d3:ee:2a:73:72:22:c5:06:ed:b0:1f:60:34:
                    50:75:3f:93:1e:12:2b:d7:fd:86:63:68:08:a0:b6:
                    04:f8:ac:37:22:cc:11:b2:96:28:eb:58:eb:6e:ca:
                    dc:01:73:05:6a:37:f7:46:05:50:a8:35:27:aa:1d:
                    7d:86:57:8a:55:51:a0:4a:b9:74:bd:88:14:94:14:
                    18:c9:d7:3c:a7:d4:af:d5:9f:60:11:38:ee:bd:f3:
                    39:05:c1:d4:eb:8d:b8:51:4e:b6:46:27:0a:1c:b5:
                    71:3c:80:9d:ad:c7:72:e5:db:20:0a:bb:6f:63:3b:
                    92:82:74:64:60:86:72:1f:8c:e0:bf:77:7b:68:c2:
                    ba:83:ab:fd:23:f6:89:f1:3c:60:0c:27:79:24:3e:
                    8e:bb:03:e4:64:26:e4:93:bb:f4:49:58:50:6d:6a:
                    d9:1a:a2:b6:2d:d3:5f:8f:32:43:4c:22:2e:a3:b3:
                    c9:e5:4b:de:f3:2d:14:c2:5b:84:4a:d7:a8:fd:66:
                    18:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B3:92:B1:EC:37:33:96:33:E9:2C:A7:1D:BB:8F:24:1E:55:2D:FE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c5bd5430-80fa-49ad-86f1-8ec541fee64d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:91:b0:d4:ba:ea:96:b2:7b:dc:9a:9e:61:c4:cb:14:64:af:
         f4:80:73:3e:41:32:fc:5f:77:44:c6:3a:60:a7:db:a6:ac:d6:
         49:e8:9a:e7:3e:31:60:ca:b9:57:e8:5b:4b:34:a6:62:57:a8:
         2a:df:c1:79:25:17:c6:49:1e:5a:3c:26:2b:5e:23:4a:93:c4:
         ed:63:da:95:b2:69:c6:2b:a3:10:f2:fc:b6:d4:89:25:53:b7:
         31:a7:16:69:bb:7e:1a:fd:73:d1:35:f1:c9:c2:78:eb:44:1e:
         2f:09:86:72:72:de:ce:74:2a:6a:40:8b:6e:dc:20:9c:bd:94:
         fc:a4:c3:31:91:d9:e4:72:69:4a:94:3e:69:10:98:bf:bc:e6:
         b1:7f:69:43:69:fb:89:3b:7e:ed:8c:7a:90:61:0e:61:15:8f:
         17:22:6a:0c:9e:2e:f8:a8:cb:01:cf:b5:18:4c:f5:0c:65:80:
         9b:eb:3b:ee:8d:52:90:b4:85:c2:2a:1e:dc:22:d7:2c:45:57:
         4a:5c:50:cd:99:9e:7f:34:90:a4:2c:0d:de:e0:71:03:ca:c3:
         d4:66:a1:03:da:96:37:f1:56:31:66:39:99:56:30:a8:a8:6b:
         05:d7:32:d3:7e:1a:b2:27:9d:d6:09:75:7b:be:48:de:49:3a:
         8a:04:50:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdYXHT+/LzJN3L1C4R2WbDsfx4h0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjE2MTkyODE5WhcNMjUwMzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNjY5MDQwNjM5NzhiYWE5ZDc3YmY0N2ViYjY2MTViZWJh
NmQ4NDg1YWVlNDdiMjE0OTAwMDI0NjlhODg1YTJjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6LwZJP0pBnItKGa/9JVro0IVO914ADMVHOhumf9L27OeO
lao+DcQDPyrVZuP/6mn7AubgDfYezw6ua1X/0+4qc3IixQbtsB9gNFB1P5MeEivX
/YZjaAigtgT4rDcizBGylijrWOtuytwBcwVqN/dGBVCoNSeqHX2GV4pVUaBKuXS9
iBSUFBjJ1zyn1K/Vn2AROO698zkFwdTrjbhRTrZGJwoctXE8gJ2tx3Ll2yAKu29j
O5KCdGRghnIfjOC/d3towrqDq/0j9onxPGAMJ3kkPo67A+RkJuSTu/RJWFBtatka
orYt01+PMkNMIi6js8nlS97zLRTCW4RK16j9Zhg1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3LOSsew3M5Yz6SynHbuPJB5VLf4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2M1YmQ1NDMwLTgwZmEtNDlhZC04NmYxLThlYzU0MWZlZTY0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIWRsNS66paye9yanmHEyxRkr/SA
cz5BMvxfd0TGOmCn26as1knomuc+MWDKuVfoW0s0pmJXqCrfwXklF8ZJHlo8Jite
I0qTxO1j2pWyacYroxDy/LbUiSVTtzGnFmm7fhr9c9E18cnCeOtEHi8JhnJy3s50
KmpAi27cIJy9lPykwzGR2eRyaUqUPmkQmL+85rF/aUNp+4k7fu2MepBhDmEVjxci
agyeLvioywHPtRhM9QxlgJvrO+6NUpC0hcIqHtwi1yxFV0pcUM2Znn80kKQsDd7g
cQPKw9RmoQPaljfxVjFmOZlWMKioawXXMtN+GrInndYJdXu+SN5JOooEUOg=
-----END CERTIFICATE-----