Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/210e36a9-b9f4-4425-a6ba-694734062d2c.roa
File:                     210e36a9-b9f4-4425-a6ba-694734062d2c.roa (raw, json)
Hash identifier:          Q9GJN8Trst8fgwaaP1cAfs8Jgtmnd+BIvwZXeS9yIok=
Subject key identifier:   D0:30:10:FF:29:26:60:D1:ED:51:B1:ED:8A:FA:EE:68:8E:D9:AA:56
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0382E9FFF2ED512AA570FA629E91E1D205054FD9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/210e36a9-b9f4-4425-a6ba-694734062d2c.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:82:e9:ff:f2:ed:51:2a:a5:70:fa:62:9e:91:e1:d2:05:05:4f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: serialNumber=9b6d22d362655bce1914f42e5612e1363e31fe80e6215bae6540407abf814dba, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a0:03:35:8a:da:b8:5e:87:95:c4:f6:72:a4:
                    d0:55:11:2b:25:82:60:28:73:fb:ca:64:bd:03:78:
                    f7:42:8f:e7:fd:9b:c6:b4:8a:1f:62:b7:db:f2:68:
                    20:38:da:ae:c3:96:85:e5:0b:f2:31:a1:dd:52:52:
                    2b:df:e5:e9:bb:d2:63:61:dc:c6:2e:b2:db:b7:14:
                    bd:97:d6:47:2e:40:ce:c0:20:ac:19:d4:a1:75:6d:
                    f3:e5:90:54:ef:e7:0c:08:2e:4c:c5:ac:e8:e2:a4:
                    d0:84:ac:84:4f:0d:6c:58:28:03:0c:31:d7:06:a9:
                    88:00:36:9e:b3:23:30:4d:2a:09:49:39:3b:34:ba:
                    bd:d4:78:eb:59:8c:73:84:fc:ee:31:52:43:60:3b:
                    b3:86:97:0a:c6:ab:98:d4:4d:97:e9:48:06:2c:7e:
                    28:d5:93:bc:fd:c5:80:76:fc:4c:19:dc:d8:c5:62:
                    c2:5c:34:38:5b:11:4a:a5:b6:64:32:28:04:c1:2f:
                    5e:5e:e1:99:7a:3a:66:38:bf:2a:f3:17:64:67:d8:
                    a1:0b:78:d8:4b:52:15:3f:e2:3f:b6:55:a3:18:38:
                    6a:92:06:b3:81:84:fb:24:81:70:21:cb:94:f5:e5:
                    8f:b9:fe:65:6a:94:66:79:c6:e8:14:26:47:15:6d:
                    83:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:30:10:FF:29:26:60:D1:ED:51:B1:ED:8A:FA:EE:68:8E:D9:AA:56
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/210e36a9-b9f4-4425-a6ba-694734062d2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:47:fe:2d:08:48:5a:c4:fe:66:de:72:06:c4:fb:02:f6:d3:
         47:6d:de:33:04:2c:4c:fb:ae:3f:9b:2b:9d:bd:20:f1:d5:6b:
         2c:ff:a9:a1:5b:1a:df:a5:00:da:d4:42:72:93:a1:86:c3:bf:
         ec:45:9c:a1:15:51:86:03:aa:1f:5e:9e:88:a6:9b:b7:e2:3b:
         6f:d5:e2:10:fe:7c:18:7b:20:96:f9:a7:44:b9:bf:a1:96:f6:
         d6:ae:d2:7e:de:28:c1:84:9b:1f:7c:0f:39:95:40:b3:ad:dd:
         d9:0b:00:d2:ad:b7:be:7c:84:cd:23:47:53:76:74:8a:45:d1:
         4b:5c:c9:1f:3e:a7:14:37:b0:56:6a:0d:98:68:0f:b1:85:0b:
         36:27:7c:75:c2:a7:77:5a:38:47:ec:20:0e:de:0d:36:4d:5b:
         79:dc:a8:86:3d:13:86:ac:58:c9:a1:29:41:e3:14:6f:01:90:
         89:45:b2:d7:b0:df:41:a5:e8:05:25:62:0b:e0:6e:d4:0e:b4:
         ee:f0:45:79:36:f8:22:84:29:06:cb:2d:5e:b4:36:c0:8e:4e:
         9a:71:a2:87:bd:ec:e4:3f:57:db:83:f6:c8:d8:36:bf:d7:07:
         0b:0a:29:79:94:4d:08:d2:4c:94:df:2a:05:3e:d6:6f:e4:f5:
         63:cc:85:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA4Lp//LtUSqlcPpinpHh0gUFT9kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjZkMjJkMzYyNjU1YmNlMTkxNGY0MmU1NjEyZTEzNjNl
MzFmZTgwZTYyMTViYWU2NTQwNDA3YWJmODE0ZGJhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYoAM1itq4XoeVxPZypNBVESslgmAoc/vKZL0DePdCj+f9
m8a0ih9it9vyaCA42q7DloXlC/Ixod1SUivf5em70mNh3MYustu3FL2X1kcuQM7A
IKwZ1KF1bfPlkFTv5wwILkzFrOjipNCErIRPDWxYKAMMMdcGqYgANp6zIzBNKglJ
OTs0ur3UeOtZjHOE/O4xUkNgO7OGlwrGq5jUTZfpSAYsfijVk7z9xYB2/EwZ3NjF
YsJcNDhbEUqltmQyKATBL15e4Zl6OmY4vyrzF2Rn2KELeNhLUhU/4j+2VaMYOGqS
BrOBhPskgXAhy5T15Y+5/mVqlGZ5xugUJkcVbYNdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0DAQ/ykmYNHtUbHtivruaI7ZqlYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIxMGUzNmE5LWI5ZjQtNDQyNS1hNmJhLTY5NDczNDA2MmQyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGFH/i0ISFrE/mbecgbE+wL200dt
3jMELEz7rj+bK529IPHVayz/qaFbGt+lANrUQnKToYbDv+xFnKEVUYYDqh9enoim
m7fiO2/V4hD+fBh7IJb5p0S5v6GW9tau0n7eKMGEmx98DzmVQLOt3dkLANKtt758
hM0jR1N2dIpF0UtcyR8+pxQ3sFZqDZhoD7GFCzYnfHXCp3daOEfsIA7eDTZNW3nc
qIY9E4asWMmhKUHjFG8BkIlFstew30Gl6AUlYgvgbtQOtO7wRXk2+CKEKQbLLV60
NsCOTppxooe97OQ/V9uD9sjYNr/XBwsKKXmUTQjSTJTfKgU+1m/k9WPMhfM=
-----END CERTIFICATE-----