Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d56fc43b-16a0-4124-b746-c426967325ca.roa
File:                     d56fc43b-16a0-4124-b746-c426967325ca.roa (raw, json)
Hash identifier:          IhEAHTI3NkOr0r1HGMg1mqk1iXKFSM8xhkw7EaLdtLs=
Subject key identifier:   93:EB:20:8F:65:33:E2:C4:E2:E7:EA:9A:34:63:F6:CE:94:59:02:1D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0FBD406C5770AFB3199AED79691EB97242C9D138
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d56fc43b-16a0-4124-b746-c426967325ca.roa
Signing time:             Fri 14 Feb 2025 21:58:19 +0000
ROA not before:           Fri 14 Feb 2025 21:58:19 +0000
ROA not after:            Fri 21 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:bd:40:6c:57:70:af:b3:19:9a:ed:79:69:1e:b9:72:42:c9:d1:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 14 21:58:19 2025 GMT
            Not After : Mar 21 23:59:59 2025 GMT
        Subject: serialNumber=a38eb5526f3474a2da35064f9a3759af539af08139a6ee3d8f9fa1a644ced34c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:de:13:16:57:15:20:d4:c4:69:11:df:f8:4e:
                    25:8a:2d:e3:2a:06:67:3c:eb:d1:1f:41:53:a5:ec:
                    8f:5c:c1:6a:5a:6e:0d:c9:c2:6a:1c:b1:1a:46:2a:
                    45:27:a8:97:2e:21:10:af:c9:39:c6:41:ed:1b:6c:
                    bc:09:12:3d:f9:b0:3c:0b:b6:58:a1:c8:89:1f:62:
                    30:d2:08:fb:94:d7:b2:4c:5d:26:ac:5f:8c:09:58:
                    39:1a:e9:d0:83:e8:3d:3d:f3:df:09:5b:9b:9b:25:
                    89:f8:32:78:1a:c2:67:22:b5:5b:4f:b1:13:b4:65:
                    91:17:f8:11:5b:c5:0a:72:06:85:14:0a:44:9b:ba:
                    3b:4d:c3:a3:04:36:85:26:a2:d8:19:c7:f4:6e:42:
                    c6:87:89:ad:8f:a5:13:16:cd:4c:04:35:9e:66:b1:
                    30:50:47:11:67:c7:6c:29:e0:c1:9f:e6:10:a7:e1:
                    ec:df:de:9a:47:91:9a:2b:be:d6:80:f9:da:90:fc:
                    cd:66:07:37:10:ba:1e:bb:b8:ae:e3:8e:13:a3:a1:
                    b8:e3:fb:07:9c:1f:dd:5c:61:01:1e:a2:35:3e:c3:
                    28:2a:3b:26:10:62:3f:4a:f9:73:4b:a7:55:6f:b9:
                    52:09:af:24:41:2c:d3:1b:87:95:9e:64:bb:5d:a5:
                    92:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:EB:20:8F:65:33:E2:C4:E2:E7:EA:9A:34:63:F6:CE:94:59:02:1D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d56fc43b-16a0-4124-b746-c426967325ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:e4:c3:ab:64:34:db:a9:09:44:89:89:5d:cf:11:bd:ec:6a:
         b2:cf:0f:91:85:66:e2:35:ec:5c:4e:06:f2:88:99:73:73:55:
         e4:7c:76:e7:a9:13:56:32:1a:a4:a4:79:5f:a8:84:17:bd:68:
         bf:c7:bc:3f:1b:65:0f:f2:aa:5b:6e:41:d1:50:1d:9c:a5:28:
         3a:3b:1f:37:ba:dd:ec:12:f6:70:0b:14:8a:35:3e:fb:09:be:
         4f:b1:5b:98:6c:0a:b4:f4:50:5f:c4:e0:34:92:e8:f0:20:eb:
         f9:27:45:9e:d1:a5:21:92:98:43:1d:48:06:9b:53:a9:e5:f8:
         aa:08:22:34:06:89:e1:69:fe:6c:0a:3c:d8:ed:42:67:df:f5:
         57:18:52:4b:0b:0f:c7:c8:fa:60:da:6b:0a:0d:a9:5e:c2:d9:
         b2:77:24:21:42:63:44:3d:8b:cc:96:b8:92:9a:dc:b7:b5:2c:
         de:dc:22:64:e1:2d:c1:d1:ac:6c:15:07:ae:93:c6:a2:75:49:
         84:fd:fc:92:1e:92:08:0d:80:e9:e3:50:fb:d4:1f:d3:ea:6b:
         0c:c1:43:85:d3:fe:9b:87:60:f9:b0:37:42:b5:45:7e:66:c5:
         d6:f6:5e:85:53:60:52:94:d1:86:47:53:d9:8c:e9:f1:1b:fb:
         d7:64:54:88
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD71AbFdwr7MZmu15aR65ckLJ0TgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjE0MjE1ODE5WhcNMjUwMzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzhlYjU1MjZmMzQ3NGEyZGEzNTA2NGY5YTM3NTlhZjUz
OWFmMDgxMzlhNmVlM2Q4ZjlmYTFhNjQ0Y2VkMzRjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDd3hMWVxUg1MRpEd/4TiWKLeMqBmc869EfQVOl7I9cwWpa
bg3JwmocsRpGKkUnqJcuIRCvyTnGQe0bbLwJEj35sDwLtlihyIkfYjDSCPuU17JM
XSasX4wJWDka6dCD6D09898JW5ubJYn4MngawmcitVtPsRO0ZZEX+BFbxQpyBoUU
CkSbujtNw6MENoUmotgZx/RuQsaHia2PpRMWzUwENZ5msTBQRxFnx2wp4MGf5hCn
4ezf3ppHkZorvtaA+dqQ/M1mBzcQuh67uK7jjhOjobjj+wecH91cYQEeojU+wygq
OyYQYj9K+XNLp1VvuVIJryRBLNMbh5WeZLtdpZJ7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUk+sgj2Uz4sTi5+qaNGP2zpRZAh0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q1NmZjNDNiLTE2YTAtNDEyNC1iNzQ2LWM0MjY5NjczMjVjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIHkw6tkNNupCUSJiV3PEb3sarLP
D5GFZuI17FxOBvKImXNzVeR8duepE1YyGqSkeV+ohBe9aL/HvD8bZQ/yqltuQdFQ
HZylKDo7Hze63ewS9nALFIo1PvsJvk+xW5hsCrT0UF/E4DSS6PAg6/knRZ7RpSGS
mEMdSAabU6nl+KoIIjQGieFp/mwKPNjtQmff9VcYUksLD8fI+mDaawoNqV7C2bJ3
JCFCY0Q9i8yWuJKa3Le1LN7cImThLcHRrGwVB66TxqJ1SYT9/JIekggNgOnjUPvU
H9PqawzBQ4XT/puHYPmwN0K1RX5mxdb2XoVTYFKU0YZHU9mM6fEb+9dkVIg=
-----END CERTIFICATE-----