Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d435c26a-cb23-4933-bf88-58f8127d5792.roa
File:                     d435c26a-cb23-4933-bf88-58f8127d5792.roa (raw, json)
Hash identifier:          z34Rj9f4w9hkFPKtjMDV5Wtz66bMEvyoOaXb/+1LibM=
Subject key identifier:   F8:8E:F6:36:20:53:D8:D7:09:E4:DA:A7:46:09:25:EC:33:92:DD:A3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6E5EA6DCFB99206B87DD337D8B54E5826DEC9D55
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d435c26a-cb23-4933-bf88-58f8127d5792.roa
Signing time:             Thu 06 Feb 2025 00:00:00 +0000
ROA not before:           Thu 06 Feb 2025 00:00:00 +0000
ROA not after:            Thu 13 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:5e:a6:dc:fb:99:20:6b:87:dd:33:7d:8b:54:e5:82:6d:ec:9d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  6 00:00:00 2025 GMT
            Not After : Mar 13 23:59:59 2025 GMT
        Subject: serialNumber=0d220973f1fc28c884a01a5dc610494bca128c96226e4bc039319149fd9dae0d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:01:99:88:f5:da:29:28:6f:f5:cd:5f:a8:95:
                    de:6c:32:e5:1d:87:98:6a:70:f5:6a:fc:27:d9:f6:
                    29:16:96:91:3c:c0:89:bd:50:8e:dd:cf:90:59:f5:
                    ac:ca:c5:8c:26:7b:14:b5:12:f9:08:47:6f:4e:0e:
                    8a:22:b6:7e:77:87:09:e6:aa:8c:62:38:0c:a5:b4:
                    08:90:53:86:92:ba:89:89:d4:1d:e9:f0:30:00:62:
                    af:15:1f:61:c8:ed:8a:54:17:b1:46:d2:be:fc:30:
                    1c:cc:ca:b0:a4:b5:df:b5:9f:f4:3d:67:d5:9d:09:
                    f2:5d:ea:d1:eb:4c:f9:19:6d:56:7c:53:ad:4b:d4:
                    c3:0e:67:65:4b:bb:ef:ec:af:99:ec:0e:27:b2:c0:
                    9f:46:61:47:f6:60:9c:63:df:ac:42:47:c2:9f:6f:
                    62:4c:62:0e:0f:28:8f:6d:b3:06:18:17:8f:9e:19:
                    46:58:0d:7f:75:99:33:7f:b3:33:c2:a9:9e:75:3f:
                    d1:76:cf:5d:0e:14:04:a0:97:ab:65:01:3a:81:2b:
                    05:2a:89:01:56:0e:e6:57:f3:34:be:1c:b5:80:e8:
                    0e:45:aa:0d:ad:85:7d:99:71:69:f9:04:6d:0c:94:
                    ae:6a:e1:e2:42:17:b8:6b:f3:4a:72:2f:39:b9:77:
                    3e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:8E:F6:36:20:53:D8:D7:09:E4:DA:A7:46:09:25:EC:33:92:DD:A3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d435c26a-cb23-4933-bf88-58f8127d5792.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:70:d3:f9:82:75:c0:b1:90:e1:fc:1d:2f:a3:44:07:5c:74:
         19:27:8a:99:8d:97:30:22:ae:79:32:68:50:0a:0f:96:02:3a:
         ec:81:3f:44:d0:cb:ef:28:a7:c7:fc:da:46:1d:45:55:30:68:
         74:2f:83:a6:35:15:dd:fa:7e:1e:3e:02:f8:cd:1a:2c:87:56:
         38:2a:fc:12:52:ea:1d:8c:11:70:3f:6b:75:c5:60:87:ce:cd:
         70:ae:00:33:25:f0:8c:44:07:e2:5d:d4:68:2a:f0:72:0a:58:
         a0:8f:10:f2:14:10:43:d5:28:ee:d6:60:be:8f:94:e9:45:42:
         41:a5:d3:db:bc:ff:11:be:cd:79:e6:9f:8d:49:2e:85:ef:b6:
         37:e0:b3:31:e2:c9:22:93:e8:06:36:8e:91:8c:1c:14:96:f2:
         8e:3c:50:05:d9:d0:36:1c:1f:60:79:ea:d2:f5:2d:92:23:79:
         11:6a:fa:54:7d:5e:ce:95:a3:da:a9:a4:07:c6:9a:1a:9f:95:
         0e:73:7a:6d:59:95:98:73:5d:2e:c2:1c:0b:a1:6c:0e:7e:75:
         c7:6c:65:7b:b3:7f:f4:5a:69:2a:84:dd:04:da:ce:21:6c:12:
         be:6c:99:ec:01:53:f6:79:a4:cb:d7:70:b0:2e:60:d1:d2:47:
         9f:7f:2b:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbl6m3PuZIGuH3TN9i1Tlgm3snVUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjA2MDAwMDAwWhcNMjUwMzEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZDIyMDk3M2YxZmMyOGM4ODRhMDFhNWRjNjEwNDk0YmNh
MTI4Yzk2MjI2ZTRiYzAzOTMxOTE0OWZkOWRhZTBkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD4AZmI9dopKG/1zV+old5sMuUdh5hqcPVq/CfZ9ikWlpE8
wIm9UI7dz5BZ9azKxYwmexS1EvkIR29ODooitn53hwnmqoxiOAyltAiQU4aSuomJ
1B3p8DAAYq8VH2HI7YpUF7FG0r78MBzMyrCktd+1n/Q9Z9WdCfJd6tHrTPkZbVZ8
U61L1MMOZ2VLu+/sr5nsDieywJ9GYUf2YJxj36xCR8Kfb2JMYg4PKI9tswYYF4+e
GUZYDX91mTN/szPCqZ51P9F2z10OFASgl6tlATqBKwUqiQFWDuZX8zS+HLWA6A5F
qg2thX2ZcWn5BG0MlK5q4eJCF7hr80pyLzm5dz4/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+I72NiBT2NcJ5NqnRgkl7DOS3aMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q0MzVjMjZhLWNiMjMtNDkzMy1iZjg4LTU4ZjgxMjdkNTc5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF5w0/mCdcCxkOH8HS+jRAdcdBkn
ipmNlzAirnkyaFAKD5YCOuyBP0TQy+8op8f82kYdRVUwaHQvg6Y1Fd36fh4+AvjN
GiyHVjgq/BJS6h2MEXA/a3XFYIfOzXCuADMl8IxEB+Jd1Ggq8HIKWKCPEPIUEEPV
KO7WYL6PlOlFQkGl09u8/xG+zXnmn41JLoXvtjfgszHiySKT6AY2jpGMHBSW8o48
UAXZ0DYcH2B56tL1LZIjeRFq+lR9Xs6Vo9qppAfGmhqflQ5zem1ZlZhzXS7CHAuh
bA5+dcdsZXuzf/RaaSqE3QTaziFsEr5smewBU/Z5pMvXcLAuYNHSR59/K7g=
-----END CERTIFICATE-----