Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d929f060-155d-482b-93da-1db186d3c07a.roa
File:                     d929f060-155d-482b-93da-1db186d3c07a.roa (raw, json)
Hash identifier:          4dxlcyBoAAHgzK1tSLKa2/ytSdaYTMgxMJrXlU2g20M=
Subject key identifier:   E6:8B:9B:B2:4E:60:14:C2:52:70:71:45:F9:5B:1A:C8:72:DA:B3:D3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       36A40E764184FA78774E200C3200DCAD681B7AAC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d929f060-155d-482b-93da-1db186d3c07a.roa
Signing time:             Wed 07 May 2025 12:18:20 +0000
ROA not before:           Wed 07 May 2025 12:18:20 +0000
ROA not after:            Wed 11 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:a4:0e:76:41:84:fa:78:77:4e:20:0c:32:00:dc:ad:68:1b:7a:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May  7 12:18:20 2025 GMT
            Not After : Jun 11 23:59:59 2025 GMT
        Subject: serialNumber=080c445e805b6801d1992b60788f6a32a3d50b9fd78e14d8366c55669819e65d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2e:47:03:e7:6a:3f:27:ed:8f:94:70:8f:74:
                    a0:5c:ea:ee:87:e5:7c:d6:07:f1:53:b1:83:3c:69:
                    c6:ec:77:8b:59:a0:27:c6:b4:6a:93:75:58:e6:8e:
                    ab:65:6c:a0:87:47:01:84:3f:f8:89:c5:86:dd:03:
                    d2:82:fe:55:3a:28:54:0d:d6:a5:81:66:78:17:45:
                    bb:c8:b2:14:72:5f:dc:18:9c:87:af:ab:f6:5b:88:
                    47:17:c1:ba:11:57:b3:70:69:13:9c:bf:84:c6:65:
                    c2:30:58:98:d0:ef:2e:b2:b0:c6:70:52:40:3f:38:
                    05:6a:c8:a4:45:b2:39:bf:d4:7f:5f:f3:c8:e0:0f:
                    76:32:cc:e4:77:7c:50:8b:d4:36:44:29:74:17:10:
                    bd:e1:85:20:34:d1:ab:c6:a7:f6:04:5b:30:bf:63:
                    6a:36:c3:a9:67:66:01:f4:30:e6:01:66:26:67:9e:
                    f2:f1:20:11:02:35:fd:a2:5a:5b:37:30:83:fd:3d:
                    33:79:a2:58:ea:42:d7:ff:02:cb:0e:51:9f:61:63:
                    d3:4f:7a:95:e0:5f:d9:84:0e:91:e0:bd:b2:e9:27:
                    3b:86:db:e0:92:e4:5c:f1:df:d5:75:55:26:0b:79:
                    be:82:7f:23:75:49:d7:9a:01:eb:a8:d2:c0:4c:36:
                    02:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:8B:9B:B2:4E:60:14:C2:52:70:71:45:F9:5B:1A:C8:72:DA:B3:D3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d929f060-155d-482b-93da-1db186d3c07a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:01:67:fb:5b:52:af:82:e6:ec:ff:1c:24:41:e3:61:93:66:
         9d:74:6f:77:7c:02:ce:7a:48:2d:96:cb:97:a6:e2:bb:bb:57:
         7a:0a:0f:4a:83:6c:99:e7:3b:12:d0:82:65:36:c4:7b:08:97:
         32:b4:fb:0c:7d:4b:e7:ba:41:8d:50:0f:9f:11:65:22:5d:1d:
         89:41:02:70:e6:dd:2d:3b:7c:2d:85:6c:a2:0f:0d:0f:18:10:
         5c:65:0f:8b:c5:98:d5:39:9f:67:99:e5:bb:b1:e1:c1:81:58:
         b0:05:8c:06:20:5e:94:09:27:fb:22:5b:c2:59:33:14:64:7f:
         61:af:4d:16:50:12:96:3b:bd:f4:de:56:e9:83:4b:98:18:64:
         2e:7f:76:66:d9:6a:2b:f6:a9:d3:56:fd:b5:ba:28:5e:a8:50:
         ac:a5:47:cc:cf:34:f5:1d:a5:96:21:6b:90:cc:83:81:fe:5b:
         7f:f2:7b:bb:59:c1:f4:b9:84:f3:25:bd:18:4c:87:7c:97:b7:
         71:0d:fb:10:5e:ae:40:3e:38:fe:85:00:eb:1e:c3:f4:9c:d6:
         e2:08:ae:cb:fe:14:39:39:1a:ea:04:6d:12:47:95:fe:d9:1c:
         fb:d7:8e:7e:92:bf:15:b1:00:ac:8e:63:f2:0e:4b:c4:f9:ef:
         cd:f1:4b:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNqQOdkGE+nh3TiAMMgDcrWgbeqwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTA3MTIxODIwWhcNMjUwNjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AwODBjNDQ1ZTgwNWI2ODAxZDE5OTJiNjA3ODhmNmEzMmEz
ZDUwYjlmZDc4ZTE0ZDgzNjZjNTU2Njk4MTllNjVkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHLkcD52o/J+2PlHCPdKBc6u6H5XzWB/FTsYM8acbsd4tZ
oCfGtGqTdVjmjqtlbKCHRwGEP/iJxYbdA9KC/lU6KFQN1qWBZngXRbvIshRyX9wY
nIevq/ZbiEcXwboRV7NwaROcv4TGZcIwWJjQ7y6ysMZwUkA/OAVqyKRFsjm/1H9f
88jgD3YyzOR3fFCL1DZEKXQXEL3hhSA00avGp/YEWzC/Y2o2w6lnZgH0MOYBZiZn
nvLxIBECNf2iWls3MIP9PTN5oljqQtf/AssOUZ9hY9NPepXgX9mEDpHgvbLpJzuG
2+CS5Fzx39V1VSYLeb6CfyN1SdeaAeuo0sBMNgJzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5oubsk5gFMJScHFF+VsayHLas9MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q5MjlmMDYwLTE1NWQtNDgyYi05M2RhLTFkYjE4NmQzYzA3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB0BZ/tbUq+C5uz/HCRB42GTZp10
b3d8As56SC2Wy5em4ru7V3oKD0qDbJnnOxLQgmU2xHsIlzK0+wx9S+e6QY1QD58R
ZSJdHYlBAnDm3S07fC2FbKIPDQ8YEFxlD4vFmNU5n2eZ5bux4cGBWLAFjAYgXpQJ
J/siW8JZMxRkf2GvTRZQEpY7vfTeVumDS5gYZC5/dmbZaiv2qdNW/bW6KF6oUKyl
R8zPNPUdpZYha5DMg4H+W3/ye7tZwfS5hPMlvRhMh3yXt3EN+xBerkA+OP6FAOse
w/Sc1uIIrsv+FDk5GuoEbRJHlf7ZHPvXjn6SvxWxAKyOY/IOS8T5783xS+4=
-----END CERTIFICATE-----