Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/edc4083f-e213-443c-b6c1-447968f2d706.roa
File:                     edc4083f-e213-443c-b6c1-447968f2d706.roa (raw, json)
Hash identifier:          +lw8oCMM1fDnnfof9asYyi9GSdxjwewOfFD2S1aylzI=
Subject key identifier:   B8:DD:5C:DC:C3:79:F7:2E:EC:C0:14:5C:0E:B9:4E:88:46:52:30:41
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       37E644DF35DEB59C6A7EE9A9CA58E21842DBBF43
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/edc4083f-e213-443c-b6c1-447968f2d706.roa
Signing time:             Sat 23 Dec 2023 00:00:00 +0000
ROA not before:           Sat 23 Dec 2023 00:00:00 +0000
ROA not after:            Sat 27 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:e6:44:df:35:de:b5:9c:6a:7e:e9:a9:ca:58:e2:18:42:db:bf:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 23 00:00:00 2023 GMT
            Not After : Jan 27 23:59:59 2024 GMT
        Subject: serialNumber=7a455cc9b06031afc3445a4a0637f68e2ac4b9d4feacb04c5a00c88169189192, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:bb:66:ba:0c:47:b4:81:f4:fa:a8:93:1e:e4:
                    4e:38:75:30:91:18:ed:19:cf:bb:ab:7b:5d:64:11:
                    01:35:3d:36:d8:50:16:02:a2:a4:d2:9c:42:16:dc:
                    92:a2:17:3c:8a:27:41:66:2d:ba:72:ce:08:53:2c:
                    f0:19:f5:53:04:06:a9:e0:61:0c:c5:95:b4:67:f6:
                    48:a8:e0:ff:9e:5a:d6:4a:b8:ec:88:00:c0:08:6d:
                    f4:e9:d6:89:f2:13:15:45:d0:1d:4f:ae:f0:2c:0b:
                    e9:98:ba:2e:22:67:dc:a7:65:92:e2:61:a0:0a:f8:
                    16:17:2d:76:a2:66:a9:ac:17:72:b8:a1:4e:44:82:
                    b6:1d:81:2e:cd:2b:51:63:22:0c:2a:a8:79:e1:ed:
                    c5:d2:bc:74:07:af:ed:49:a8:90:cd:ce:3d:d7:57:
                    57:6d:ba:11:19:86:87:34:1b:f0:7c:a2:61:b0:fe:
                    e9:65:32:32:ac:2a:43:01:e8:04:0d:65:d6:33:0e:
                    ce:d5:17:44:97:18:77:65:cd:d3:5d:fe:32:4f:8c:
                    d2:da:58:07:c0:6e:e9:38:f0:38:37:bd:8d:ac:dd:
                    cb:7d:47:a1:fb:d1:13:00:b4:22:47:87:5a:6e:f8:
                    44:f5:f6:d3:80:ae:a8:65:1d:55:c7:a8:73:b6:41:
                    6c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:DD:5C:DC:C3:79:F7:2E:EC:C0:14:5C:0E:B9:4E:88:46:52:30:41
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/edc4083f-e213-443c-b6c1-447968f2d706.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:f9:4f:bc:77:fe:7a:a7:71:15:fa:30:25:f5:e0:f9:43:7f:
         0f:4a:00:e3:7b:45:8d:57:18:4b:03:98:93:c8:44:11:48:42:
         34:7b:02:20:71:33:01:a2:e7:46:dc:e0:cb:90:c9:0d:3b:33:
         0d:63:c8:3b:b5:55:31:27:b8:74:20:32:fc:71:62:34:8c:2d:
         ea:4f:fb:04:36:13:04:1f:d4:4e:a2:b7:d8:b4:cf:ad:04:a1:
         f7:ae:8c:43:58:9c:07:b4:20:8e:a5:03:79:9f:d6:f9:db:c4:
         56:a7:7f:fc:d4:89:e9:93:7f:65:47:9c:2f:58:90:b2:62:c1:
         e8:bc:a3:b4:d0:fb:e2:61:fb:58:1a:ca:e9:08:8c:2b:8e:a6:
         8e:e2:3f:9e:1e:1b:ed:a5:7a:9c:6e:3e:9a:7e:f9:56:67:c8:
         b3:2d:8c:ac:99:86:08:9e:ea:23:16:2f:87:73:41:a5:aa:27:
         97:4e:fa:e0:a3:e5:52:9c:25:86:4f:83:7f:ec:cf:1f:61:7d:
         67:4b:f6:9b:a6:43:05:b5:61:7d:61:f3:fe:00:b1:47:06:a7:
         52:b2:c1:71:4f:2a:d3:6b:2b:a4:5d:0c:b4:e7:84:1e:f1:f0:
         71:b7:b9:c2:7b:66:13:59:de:ba:c1:7e:30:35:f5:de:8c:e1:
         60:3b:99:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN+ZE3zXetZxqfumpyljiGELbv0MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjIzMDAwMDAwWhcNMjQwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YTQ1NWNjOWIwNjAzMWFmYzM0NDVhNGEwNjM3ZjY4ZTJh
YzRiOWQ0ZmVhY2IwNGM1YTAwYzg4MTY5MTg5MTkyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlu2a6DEe0gfT6qJMe5E44dTCRGO0Zz7ure11kEQE1PTbY
UBYCoqTSnEIW3JKiFzyKJ0FmLbpyzghTLPAZ9VMEBqngYQzFlbRn9kio4P+eWtZK
uOyIAMAIbfTp1onyExVF0B1PrvAsC+mYui4iZ9ynZZLiYaAK+BYXLXaiZqmsF3K4
oU5EgrYdgS7NK1FjIgwqqHnh7cXSvHQHr+1JqJDNzj3XV1dtuhEZhoc0G/B8omGw
/ullMjKsKkMB6AQNZdYzDs7VF0SXGHdlzdNd/jJPjNLaWAfAbuk48Dg3vY2s3ct9
R6H70RMAtCJHh1pu+ET19tOArqhlHVXHqHO2QWwDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuN1c3MN59y7swBRcDrlOiEZSMEEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VkYzQwODNmLWUyMTMtNDQzYy1iNmMxLTQ0Nzk2OGYyZDcwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGj5T7x3/nqncRX6MCX14PlDfw9K
AON7RY1XGEsDmJPIRBFIQjR7AiBxMwGi50bc4MuQyQ07Mw1jyDu1VTEnuHQgMvxx
YjSMLepP+wQ2EwQf1E6it9i0z60EofeujENYnAe0II6lA3mf1vnbxFanf/zUiemT
f2VHnC9YkLJiwei8o7TQ++Jh+1gayukIjCuOpo7iP54eG+2lepxuPpp++VZnyLMt
jKyZhgie6iMWL4dzQaWqJ5dO+uCj5VKcJYZPg3/szx9hfWdL9pumQwW1YX1h8/4A
sUcGp1KywXFPKtNrK6RdDLTnhB7x8HG3ucJ7ZhNZ3rrBfjA19d6M4WA7mQM=
-----END CERTIFICATE-----
Generated at Sat Apr 26 21:45:43 2025 by rpki-client