Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e293826e-0d41-4635-b06d-9ba4e5c1a66e.roa
File:                     e293826e-0d41-4635-b06d-9ba4e5c1a66e.roa (raw, json)
Hash identifier:          GSQsRnTInnM9FseTNBOHermXJ45YUl785QRIMG+WjYY=
Subject key identifier:   8B:04:9F:C2:2D:85:0F:DB:D3:BB:8A:65:D8:48:66:0B:DD:81:06:8D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       45AD1DE3EC20B15CDBEE1CEA41F13D523A0E4B31
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e293826e-0d41-4635-b06d-9ba4e5c1a66e.roa
Signing time:             Sat 15 Feb 2025 14:58:23 +0000
ROA not before:           Sat 15 Feb 2025 14:58:23 +0000
ROA not after:            Sat 22 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:ad:1d:e3:ec:20:b1:5c:db:ee:1c:ea:41:f1:3d:52:3a:0e:4b:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 15 14:58:23 2025 GMT
            Not After : Mar 22 23:59:59 2025 GMT
        Subject: serialNumber=d50d2dd6af633742bee4d89ea2154ca21ba493b185bc1acdceb5d47ff7d82348, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ac:8d:01:d8:a5:0d:f7:b7:65:ba:14:28:de:
                    d1:da:75:dc:6c:82:7d:a4:9e:ed:43:02:09:fc:fb:
                    d4:50:05:59:47:30:c5:a0:d9:f4:a0:56:95:81:e0:
                    03:42:f8:35:ff:3d:fd:d6:60:54:11:bd:c1:d9:da:
                    df:ca:da:14:50:aa:19:02:9b:2c:42:7b:54:59:81:
                    32:33:1c:c5:f1:bb:c1:1b:a8:58:0d:67:bc:0c:ac:
                    a6:65:e4:de:b4:2a:06:67:aa:d5:ea:91:24:3e:ef:
                    e5:0f:47:be:54:76:71:b0:4e:3a:4b:8f:9c:56:a9:
                    24:76:2d:28:ae:e2:eb:14:ef:96:05:95:8a:7d:6d:
                    d9:3f:54:eb:9d:71:0f:4a:96:b4:16:20:c1:9c:cf:
                    5b:04:bd:40:29:7f:93:09:b9:53:5b:10:33:89:9b:
                    c0:c7:a6:a4:80:a1:38:0d:a2:1b:27:91:8e:9d:d3:
                    c8:f6:97:1f:85:ae:fb:8c:47:30:f6:21:53:90:75:
                    17:31:e3:3d:13:08:59:2c:3f:bf:d8:07:90:a6:c0:
                    68:3f:79:34:01:24:8f:00:bf:25:03:9d:d4:9a:53:
                    0f:bc:14:14:d3:e7:ba:51:90:1e:e7:93:4e:08:5f:
                    69:df:06:a5:d5:9a:ad:ff:20:76:45:16:ae:cc:0b:
                    a8:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:04:9F:C2:2D:85:0F:DB:D3:BB:8A:65:D8:48:66:0B:DD:81:06:8D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e293826e-0d41-4635-b06d-9ba4e5c1a66e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:6c:88:88:ad:dc:0d:05:c1:60:ed:80:ed:5d:97:95:d6:f2:
         a7:e5:04:13:d4:2a:52:ab:48:e2:50:bd:8a:51:5f:dc:3b:7c:
         4f:5c:88:2c:a1:5f:bf:19:d2:31:18:3d:1a:57:f9:f5:fc:54:
         48:a1:57:85:09:2c:d6:69:56:a5:00:07:ef:b8:c1:08:e1:77:
         a0:a7:fc:1f:ad:ae:80:2c:7f:8c:33:c9:ad:96:eb:ae:fc:05:
         0e:9a:b2:bc:8a:b5:65:5d:a7:4f:ba:0f:5f:dc:77:1b:ac:3a:
         45:14:3c:4b:d2:e4:3b:ae:e3:60:c8:0a:df:cc:b0:f6:34:2a:
         df:27:a6:0f:67:a5:47:f5:79:fe:38:fd:b3:60:c3:2e:f7:da:
         ab:d9:96:ff:a1:bd:f5:b6:b8:c1:66:d1:85:67:d4:fc:b4:37:
         15:6d:df:cc:b8:e5:1f:49:1c:d6:c4:b8:fe:2d:9f:65:c4:60:
         d8:97:0a:b1:31:84:a0:13:a3:60:f5:85:f8:a5:74:34:02:f1:
         97:6c:aa:c5:75:b4:9a:75:eb:93:c2:5c:96:b2:a5:a5:c5:39:
         fd:2d:d5:d3:5d:ee:1a:90:58:69:af:fd:3f:f5:36:3e:29:d0:
         f3:b1:23:d1:9c:c5:3b:d2:dc:92:f8:5f:96:ca:70:37:16:0b:
         30:3f:c6:9a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURa0d4+wgsVzb7hzqQfE9UjoOSzEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjE1MTQ1ODIzWhcNMjUwMzIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTBkMmRkNmFmNjMzNzQyYmVlNGQ4OWVhMjE1NGNhMjFi
YTQ5M2IxODViYzFhY2RjZWI1ZDQ3ZmY3ZDgyMzQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHrI0B2KUN97dluhQo3tHaddxsgn2knu1DAgn8+9RQBVlH
MMWg2fSgVpWB4ANC+DX/Pf3WYFQRvcHZ2t/K2hRQqhkCmyxCe1RZgTIzHMXxu8Eb
qFgNZ7wMrKZl5N60KgZnqtXqkSQ+7+UPR75UdnGwTjpLj5xWqSR2LSiu4usU75YF
lYp9bdk/VOudcQ9KlrQWIMGcz1sEvUApf5MJuVNbEDOJm8DHpqSAoTgNohsnkY6d
08j2lx+FrvuMRzD2IVOQdRcx4z0TCFksP7/YB5CmwGg/eTQBJI8AvyUDndSaUw+8
FBTT57pRkB7nk04IX2nfBqXVmq3/IHZFFq7MC6jDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiwSfwi2FD9vTu4pl2EhmC92BBo0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2UyOTM4MjZlLTBkNDEtNDYzNS1iMDZkLTliYTRlNWMxYTY2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGdsiIit3A0FwWDtgO1dl5XW8qfl
BBPUKlKrSOJQvYpRX9w7fE9ciCyhX78Z0jEYPRpX+fX8VEihV4UJLNZpVqUAB++4
wQjhd6Cn/B+troAsf4wzya2W6678BQ6asryKtWVdp0+6D1/cdxusOkUUPEvS5Duu
42DICt/MsPY0Kt8npg9npUf1ef44/bNgwy732qvZlv+hvfW2uMFm0YVn1Py0NxVt
38y45R9JHNbEuP4tn2XEYNiXCrExhKATo2D1hfildDQC8ZdsqsV1tJp165PCXJay
paXFOf0t1dNd7hqQWGmv/T/1Nj4p0POxI9GcxTvS3JL4X5bKcDcWCzA/xpo=
-----END CERTIFICATE-----