Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5717edf1-8e92-40a1-8efb-dc087eaa2e0a.roa
File:                     5717edf1-8e92-40a1-8efb-dc087eaa2e0a.roa (raw, json)
Hash identifier:          OzYTG/ecxjSD7RuWnUWdKgdlIys8QnkHazrr3amEflg=
Subject key identifier:   65:28:CE:47:0B:0F:10:E9:42:99:2C:EE:81:56:51:C7:FE:EA:55:40
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       37E2BF292F17B0892383B408ED03E259D9EAF1FC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5717edf1-8e92-40a1-8efb-dc087eaa2e0a.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:e2:bf:29:2f:17:b0:89:23:83:b4:08:ed:03:e2:59:d9:ea:f1:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:13:b5:f1:74:3f:72:7b:9e:08:64:17:be:6d:
                    55:e1:64:57:80:76:c2:36:01:c1:32:fd:86:9a:b7:
                    47:38:db:60:c3:16:af:e9:d4:0b:e6:ac:33:e6:5f:
                    59:0f:69:36:23:e4:ff:82:28:2a:25:0f:ba:3f:b4:
                    71:2a:20:39:8d:35:b7:ae:52:92:39:5b:bd:c5:b5:
                    3d:65:a2:70:e9:f7:b0:ef:a0:1d:b7:02:bf:26:f8:
                    4b:e3:2f:a0:86:ec:11:d5:63:fd:de:93:d6:c5:28:
                    c4:be:f4:2c:43:da:e4:79:fb:d7:b4:57:bd:99:4e:
                    a8:67:07:b4:74:a7:2c:c5:d9:ec:d7:5f:d6:72:6b:
                    ab:b4:28:08:25:07:6a:f9:f3:bd:e5:42:a1:0f:a3:
                    03:38:b2:03:55:33:2d:ab:39:45:82:50:1f:42:a0:
                    94:ea:c8:a9:52:17:4e:df:b3:97:b7:a1:0f:b6:84:
                    53:ba:75:ff:b6:39:b5:56:9c:b8:52:78:cf:13:d5:
                    cd:8d:f5:53:8e:1a:bb:d2:b0:6a:4e:21:43:25:2b:
                    0d:81:e4:50:4d:aa:d2:f6:7d:6f:e0:1c:e2:f2:fa:
                    68:f7:66:f1:59:d2:7a:43:5d:24:28:0b:cc:b4:a3:
                    ca:79:14:a5:e4:fc:b6:4f:16:7b:84:3f:76:1e:e4:
                    17:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:28:CE:47:0B:0F:10:E9:42:99:2C:EE:81:56:51:C7:FE:EA:55:40
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5717edf1-8e92-40a1-8efb-dc087eaa2e0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:24:5f:48:a4:bb:1c:00:e6:fe:2c:29:f6:a0:f3:89:89:a3:
         c5:2c:e4:73:22:5d:1f:93:dd:0d:2e:5b:36:df:84:60:74:2f:
         ef:6e:2e:79:ef:d0:58:a0:69:86:0b:de:e7:95:91:94:15:33:
         87:7c:3d:c5:53:87:a4:30:82:1c:ca:aa:bf:6e:03:b6:01:fc:
         07:50:a2:3a:92:e7:f2:6d:b7:49:04:94:31:9c:a6:d7:2d:4d:
         61:95:aa:b8:ca:17:74:94:27:d6:cd:34:00:9d:1c:9f:28:6e:
         92:ef:41:44:77:4f:d9:05:ad:f5:cb:f5:9e:b7:d2:98:4b:01:
         b4:b6:72:f7:95:5f:7e:0f:a9:b6:71:ea:34:53:a9:09:8b:91:
         be:ce:8d:ff:67:76:16:85:3d:9a:45:30:6a:4d:90:e3:26:dd:
         c5:ef:d5:8d:88:d1:e5:18:d7:e3:d3:48:d6:36:0b:ce:7c:d6:
         b7:f2:eb:f7:1d:ec:f6:cc:92:e0:fc:f0:af:da:b8:ba:7c:3e:
         83:5f:5c:46:0c:ed:d2:ba:bf:58:29:b1:bb:7c:80:1d:ac:1a:
         78:a2:c2:51:f8:86:56:8e:b0:d3:4f:4e:41:fc:c1:43:8e:14:
         ca:9e:f2:fe:df:8b:5d:b2:e5:9d:38:e0:1c:d1:7a:f3:7a:1e:
         20:df:e0:68
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN+K/KS8XsIkjg7QI7QPiWdnq8fwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlN2I0ZmViMTk0NzEzZmQ3MGIzNGNiZWVhMDA3NjM4NTg0
YjgyMGQ3NGU5NWFmY2E1N2I5ZTZjZmMwYWYzM2MyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD0E7XxdD9ye54IZBe+bVXhZFeAdsI2AcEy/Yaat0c422DD
Fq/p1AvmrDPmX1kPaTYj5P+CKColD7o/tHEqIDmNNbeuUpI5W73FtT1lonDp97Dv
oB23Ar8m+EvjL6CG7BHVY/3ek9bFKMS+9CxD2uR5+9e0V72ZTqhnB7R0pyzF2ezX
X9Zya6u0KAglB2r5873lQqEPowM4sgNVMy2rOUWCUB9CoJTqyKlSF07fs5e3oQ+2
hFO6df+2ObVWnLhSeM8T1c2N9VOOGrvSsGpOIUMlKw2B5FBNqtL2fW/gHOLy+mj3
ZvFZ0npDXSQoC8y0o8p5FKXk/LZPFnuEP3Ye5BcvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZSjORwsPEOlCmSzugVZRx/7qVUAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU3MTdlZGYxLThlOTItNDBhMS04ZWZiLWRjMDg3ZWFhMmUwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFIkX0ikuxwA5v4sKfag84mJo8Us
5HMiXR+T3Q0uWzbfhGB0L+9uLnnv0FigaYYL3ueVkZQVM4d8PcVTh6QwghzKqr9u
A7YB/AdQojqS5/Jtt0kElDGcptctTWGVqrjKF3SUJ9bNNACdHJ8obpLvQUR3T9kF
rfXL9Z630phLAbS2cveVX34PqbZx6jRTqQmLkb7Ojf9ndhaFPZpFMGpNkOMm3cXv
1Y2I0eUY1+PTSNY2C8581rfy6/cd7PbMkuD88K/auLp8PoNfXEYM7dK6v1gpsbt8
gB2sGniiwlH4hlaOsNNPTkH8wUOOFMqe8v7fi12y5Z044BzRevN6HiDf4Gg=
-----END CERTIFICATE-----