Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/88deea8b-cad6-49af-a808-4da686f0f3af.roa
File:                     88deea8b-cad6-49af-a808-4da686f0f3af.roa (raw, json)
Hash identifier:          e9VnWwtn0b0byXGinAnsBC+7pjo+WR5vK7PLExUfrEQ=
Subject key identifier:   8C:79:4C:02:84:56:D2:BD:9C:35:1B:B5:6E:0B:92:B0:C9:07:24:2E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2115E4E741FEE4FD0B5D962C9C5F76063DED4897
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/88deea8b-cad6-49af-a808-4da686f0f3af.roa
Signing time:             Thu 27 Mar 2025 12:38:17 +0000
ROA not before:           Thu 27 Mar 2025 12:38:17 +0000
ROA not after:            Thu 01 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:15:e4:e7:41:fe:e4:fd:0b:5d:96:2c:9c:5f:76:06:3d:ed:48:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 27 12:38:17 2025 GMT
            Not After : May  1 23:59:59 2025 GMT
        Subject: serialNumber=816948b295cb5414e36600ba6a209e19871daa9158918b419abc43995ac82057, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:04:fc:c5:ef:20:52:3e:2f:a3:53:1b:9f:56:
                    33:0c:a2:86:7f:d9:da:c8:c7:1f:ee:73:5f:62:eb:
                    d1:e5:c2:cf:86:26:c1:c9:d2:86:30:e3:63:88:39:
                    ec:08:5c:e3:60:59:9d:01:eb:3e:98:ce:e2:c9:b7:
                    02:a2:da:db:c9:db:4b:2f:30:30:9a:20:55:16:37:
                    ba:49:59:d9:03:c6:df:67:7b:d5:95:3a:58:63:bd:
                    02:8f:c3:b4:0a:99:7c:bb:99:f2:2d:17:5c:4a:91:
                    b4:94:0f:de:d7:d4:4a:da:e7:c6:bd:1e:38:b3:3e:
                    79:40:86:d0:74:af:85:d9:5a:dd:1e:52:69:35:4a:
                    c5:69:fb:3f:c6:e3:77:a6:bc:e9:70:53:6c:a7:f2:
                    2d:4e:36:4c:3a:0f:40:bb:4a:35:c5:66:75:8a:45:
                    0b:e9:f4:b5:6d:56:3d:66:ce:4f:fb:e0:7b:70:9d:
                    fd:7d:d3:02:5b:a5:05:e5:ae:b3:8a:b5:ec:cf:5f:
                    ae:40:64:25:96:f9:08:d8:5a:16:fe:95:a5:0d:c4:
                    d5:cc:4c:6b:e0:90:86:f5:41:2a:93:cd:52:43:62:
                    62:3b:91:98:3e:0b:7c:7a:1a:75:c5:87:2e:2f:08:
                    2b:51:bc:00:1b:64:b6:e7:d6:c8:76:c7:a7:f3:65:
                    4b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:79:4C:02:84:56:D2:BD:9C:35:1B:B5:6E:0B:92:B0:C9:07:24:2E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/88deea8b-cad6-49af-a808-4da686f0f3af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:d5:24:56:74:e6:9c:58:9d:32:70:d0:3a:27:94:1b:51:cc:
         15:07:c3:37:34:bc:73:d5:15:85:07:cb:1e:c6:75:0e:31:3e:
         d6:29:10:18:1d:43:c9:6e:67:e8:68:35:5e:6b:6a:5d:a0:31:
         fa:f2:c7:ed:88:9f:46:61:52:04:35:98:25:cf:11:b5:3a:83:
         35:19:38:f0:ff:cc:ee:5b:07:4d:e4:85:b4:48:a5:bb:1a:84:
         50:a0:26:9d:94:28:be:e7:aa:b5:f4:04:09:69:53:8c:1e:89:
         a0:b1:11:81:0c:de:40:39:b6:ee:58:82:59:15:1d:52:af:7b:
         e0:68:ce:0f:b7:fb:48:fa:00:68:08:15:bc:eb:f7:33:80:1b:
         67:90:51:94:c1:de:2f:c8:bd:60:d1:8f:58:fc:2a:e3:22:0a:
         89:68:fb:fa:25:79:05:0f:1f:52:42:37:e6:18:5f:20:c7:a5:
         df:3f:13:52:25:68:c5:cd:6a:48:25:71:96:9a:37:54:27:4b:
         32:a9:9a:90:34:b5:7d:f1:3a:b7:aa:ad:c5:73:23:55:51:21:
         b0:7e:6b:b0:26:a5:ad:85:93:d4:45:1f:64:d3:8f:9d:58:3a:
         64:ca:e0:48:89:80:fc:0e:da:ed:43:fe:27:0e:9a:ff:8f:74:
         f1:9c:64:64
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIRXk50H+5P0LXZYsnF92Bj3tSJcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI3MTIzODE3WhcNMjUwNTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MTY5NDhiMjk1Y2I1NDE0ZTM2NjAwYmE2YTIwOWUxOTg3
MWRhYTkxNTg5MThiNDE5YWJjNDM5OTVhYzgyMDU3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSBPzF7yBSPi+jUxufVjMMooZ/2drIxx/uc19i69Hlws+G
JsHJ0oYw42OIOewIXONgWZ0B6z6YzuLJtwKi2tvJ20svMDCaIFUWN7pJWdkDxt9n
e9WVOlhjvQKPw7QKmXy7mfItF1xKkbSUD97X1Era58a9HjizPnlAhtB0r4XZWt0e
Umk1SsVp+z/G43emvOlwU2yn8i1ONkw6D0C7SjXFZnWKRQvp9LVtVj1mzk/74Htw
nf190wJbpQXlrrOKtezPX65AZCWW+QjYWhb+laUNxNXMTGvgkIb1QSqTzVJDYmI7
kZg+C3x6GnXFhy4vCCtRvAAbZLbn1sh2x6fzZUv7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjHlMAoRW0r2cNRu1bguSsMkHJC4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg4ZGVlYThiLWNhZDYtNDlhZi1hODA4LTRkYTY4NmYwZjNhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK7VJFZ05pxYnTJw0DonlBtRzBUH
wzc0vHPVFYUHyx7GdQ4xPtYpEBgdQ8luZ+hoNV5ral2gMfryx+2In0ZhUgQ1mCXP
EbU6gzUZOPD/zO5bB03khbRIpbsahFCgJp2UKL7nqrX0BAlpU4weiaCxEYEM3kA5
tu5YglkVHVKve+Bozg+3+0j6AGgIFbzr9zOAG2eQUZTB3i/IvWDRj1j8KuMiColo
+/oleQUPH1JCN+YYXyDHpd8/E1IlaMXNakglcZaaN1QnSzKpmpA0tX3xOreqrcVz
I1VRIbB+a7Ampa2Fk9RFH2TTj51YOmTK4EiJgPwO2u1D/icOmv+PdPGcZGQ=
-----END CERTIFICATE-----