Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff193df1-351b-449b-a326-e45db84eaf35.roa
File:                     ff193df1-351b-449b-a326-e45db84eaf35.roa (raw, json)
Hash identifier:          egB/jD4CA4cwDwoic03QRX4Tza5hyVfnwWdrN7fNgVY=
Subject key identifier:   88:48:56:F3:1E:02:06:27:D2:5E:3C:FC:AF:A7:FB:C9:95:5A:4D:C9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6BBB35BB2AFC49EBB5700F08E58A39E573BB7E19
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff193df1-351b-449b-a326-e45db84eaf35.roa
Signing time:             Sun 16 Mar 2025 19:43:17 +0000
ROA not before:           Sun 16 Mar 2025 19:43:17 +0000
ROA not after:            Sun 20 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:bb:35:bb:2a:fc:49:eb:b5:70:0f:08:e5:8a:39:e5:73:bb:7e:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 16 19:43:17 2025 GMT
            Not After : Apr 20 23:59:59 2025 GMT
        Subject: serialNumber=e3f5a48239cb5686874ba4e7201cf68b904dcc53dfa2e1749c716e588e44b4b1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e9:a2:07:71:ae:b8:61:a3:8b:0d:1e:c7:70:
                    f0:55:24:ed:6b:06:38:39:c1:2c:67:33:c7:2a:fb:
                    f0:c2:2b:8c:32:b1:22:36:c3:d6:02:67:79:d2:10:
                    5d:e7:ac:9a:ac:02:8c:34:69:2e:21:74:95:f2:9b:
                    e7:44:bf:6a:4f:c1:9a:9c:86:0a:bd:e3:49:83:72:
                    d7:22:5d:62:8d:cb:66:c6:f8:97:b7:b7:4f:f4:90:
                    4e:7b:71:e5:0b:03:0e:4f:d9:e1:4e:80:cd:82:d1:
                    20:8e:06:39:73:bf:dd:ca:e9:6c:3d:3f:6e:82:d2:
                    ff:b3:3c:04:e2:12:4a:76:93:31:e8:cb:69:38:6a:
                    b0:67:ad:dd:e3:12:3b:96:83:cf:66:f0:b9:fd:12:
                    54:8c:ab:3f:79:9c:72:25:dc:90:a0:17:a5:c3:cf:
                    d3:6e:8a:82:28:03:52:b8:5b:07:78:9e:a0:b5:ef:
                    81:6d:c1:17:23:ea:3d:0f:9a:03:1b:31:c1:69:51:
                    a0:14:cd:dc:8f:46:37:b5:36:b9:4d:68:57:f3:36:
                    68:41:7b:43:90:fe:2a:03:51:2e:0d:9b:30:63:8d:
                    cd:96:4d:d8:17:af:17:f1:92:f1:85:1e:cc:7a:6f:
                    55:16:26:6d:7e:31:1c:08:f8:25:c1:87:bf:9f:cd:
                    37:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:48:56:F3:1E:02:06:27:D2:5E:3C:FC:AF:A7:FB:C9:95:5A:4D:C9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff193df1-351b-449b-a326-e45db84eaf35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:5e:25:b2:aa:06:7b:6c:56:1a:fd:09:e3:6b:98:2f:7e:9a:
         06:bf:f1:41:6b:55:c4:7f:e6:c2:81:18:13:ef:90:0f:2e:ee:
         e0:6c:7a:00:7f:5c:6e:f4:8d:8f:c3:99:63:56:c5:fe:01:4f:
         33:88:19:a3:ca:c1:08:74:92:e2:a6:cb:e6:06:79:36:7c:54:
         56:52:5e:8b:d1:77:0e:f1:af:bf:0f:46:dc:cb:91:71:89:cc:
         4c:e8:10:17:1c:7c:4e:32:b1:db:fe:d4:12:70:b1:df:1d:54:
         9e:ad:8d:ce:ca:a4:c5:7e:ec:82:62:37:0e:f1:cf:dd:ef:3f:
         0c:19:99:41:e4:4a:40:b4:f0:ca:e8:a6:ea:b5:9f:6d:6f:11:
         08:ef:b4:9f:69:20:51:bc:c8:73:b9:4f:fa:2e:88:25:d4:f1:
         60:b7:95:56:fd:ed:0f:fe:1a:97:c1:69:95:72:43:5f:e5:5c:
         c2:ba:65:81:6d:dd:86:4e:ca:25:ae:88:c2:15:6f:5c:49:16:
         a2:d6:60:0d:19:67:ee:bc:b4:67:9e:87:1d:f5:b9:1a:fe:62:
         a5:72:43:d1:29:6d:86:e5:f3:2a:d0:32:af:4d:60:94:08:bc:
         45:a7:9f:47:57:8b:86:85:67:2e:ef:76:4e:c6:27:64:fb:5d:
         b5:1a:83:07
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa7s1uyr8Seu1cA8I5Yo55XO7fhkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzE2MTk0MzE3WhcNMjUwNDIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlM2Y1YTQ4MjM5Y2I1Njg2ODc0YmE0ZTcyMDFjZjY4Yjkw
NGRjYzUzZGZhMmUxNzQ5YzcxNmU1ODhlNDRiNGIxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCD6aIHca64YaOLDR7HcPBVJO1rBjg5wSxnM8cq+/DCK4wy
sSI2w9YCZ3nSEF3nrJqsAow0aS4hdJXym+dEv2pPwZqchgq940mDctciXWKNy2bG
+Je3t0/0kE57ceULAw5P2eFOgM2C0SCOBjlzv93K6Ww9P26C0v+zPATiEkp2kzHo
y2k4arBnrd3jEjuWg89m8Ln9ElSMqz95nHIl3JCgF6XDz9NuioIoA1K4Wwd4nqC1
74FtwRcj6j0PmgMbMcFpUaAUzdyPRje1NrlNaFfzNmhBe0OQ/ioDUS4NmzBjjc2W
TdgXrxfxkvGFHsx6b1UWJm1+MRwI+CXBh7+fzTfrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiEhW8x4CBifSXjz8r6f7yZVaTckwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZmMTkzZGYxLTM1MWItNDQ5Yi1hMzI2LWU0NWRiODRlYWYzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIReJbKqBntsVhr9CeNrmC9+mga/
8UFrVcR/5sKBGBPvkA8u7uBsegB/XG70jY/DmWNWxf4BTzOIGaPKwQh0kuKmy+YG
eTZ8VFZSXovRdw7xr78PRtzLkXGJzEzoEBccfE4ysdv+1BJwsd8dVJ6tjc7KpMV+
7IJiNw7xz93vPwwZmUHkSkC08Mropuq1n21vEQjvtJ9pIFG8yHO5T/ouiCXU8WC3
lVb97Q/+GpfBaZVyQ1/lXMK6ZYFt3YZOyiWuiMIVb1xJFqLWYA0ZZ+68tGeehx31
uRr+YqVyQ9EpbYbl8yrQMq9NYJQIvEWnn0dXi4aFZy7vdk7GJ2T7XbUagwc=
-----END CERTIFICATE-----