Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d13a035-32e7-46e9-9f0a-c290a0d8c93b.roa
File:                     0d13a035-32e7-46e9-9f0a-c290a0d8c93b.roa (raw, json)
Hash identifier:          O52vA/W/zNqlG8NowEJF8WPbOU83qAhpNV3eiPtt5CA=
Subject key identifier:   16:FD:44:FA:DC:80:5D:59:57:65:EA:E5:65:38:B8:5E:BF:BF:FE:11
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       214D5A389BAF6E47938CED98F922A44545F6A7A3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d13a035-32e7-46e9-9f0a-c290a0d8c93b.roa
Signing time:             Fri 02 May 2025 06:08:20 +0000
ROA not before:           Fri 02 May 2025 06:08:20 +0000
ROA not after:            Fri 06 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:4d:5a:38:9b:af:6e:47:93:8c:ed:98:f9:22:a4:45:45:f6:a7:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May  2 06:08:20 2025 GMT
            Not After : Jun  6 23:59:59 2025 GMT
        Subject: serialNumber=e73ce52f20463eebe722bf588d6c288b9b41165effe6bea8bae0784abcf696c3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:79:db:82:6f:31:87:3c:0c:7a:d8:a9:6a:ca:
                    d9:67:3d:64:58:15:1b:07:bb:a0:e2:b5:51:cb:08:
                    e1:98:0a:bf:37:8b:0c:9a:16:10:e6:61:18:db:5e:
                    88:d7:61:7e:98:ca:07:7f:aa:f4:29:9a:f2:f0:6b:
                    8d:24:4a:bd:e5:67:70:50:f5:e4:ba:dc:35:0c:dd:
                    5b:32:f2:c1:57:84:b5:df:e7:c7:52:25:89:fb:cc:
                    63:67:22:9d:0c:17:a8:f6:4f:13:f1:8c:3b:f0:9c:
                    e8:4b:af:69:4f:a1:08:7c:6d:4a:9d:8e:43:e2:85:
                    f6:4c:16:44:7c:24:3f:ee:94:cc:9b:6c:8e:79:c6:
                    0b:aa:a9:5a:cd:40:0f:29:26:10:de:00:f0:35:42:
                    58:fb:ce:ea:df:ad:8f:81:b6:f7:aa:65:67:e2:db:
                    8a:0f:d7:27:83:48:21:56:a6:ba:2c:e5:aa:95:6e:
                    2d:97:a8:00:34:4a:0b:48:0d:9e:be:1d:64:44:49:
                    4f:5f:19:06:7f:0d:5e:31:df:77:22:72:be:00:92:
                    95:88:15:a0:24:22:8f:07:6f:b1:35:ab:10:6d:b8:
                    26:a7:a4:f7:62:45:e4:89:bb:37:9f:d8:24:1a:c8:
                    a1:be:a1:94:55:7b:0d:b1:2a:d5:00:17:90:6f:12:
                    0f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:FD:44:FA:DC:80:5D:59:57:65:EA:E5:65:38:B8:5E:BF:BF:FE:11
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d13a035-32e7-46e9-9f0a-c290a0d8c93b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:cc:88:8d:d1:2e:57:99:c9:a0:ea:d9:ce:8c:2d:ec:cb:e5:
         ba:40:80:b0:be:ce:aa:69:f0:77:54:76:ba:bb:16:5c:2d:1f:
         49:1b:eb:5f:28:6b:51:a2:be:10:98:f2:86:bb:03:f9:22:61:
         2c:f9:ae:80:16:20:94:0c:a3:6f:c9:7b:be:ff:4c:1d:5a:2e:
         76:a4:fa:d7:50:6e:c0:86:4a:4e:74:74:71:12:c3:84:fa:80:
         ec:b1:ec:2b:1f:c7:56:59:ef:83:2f:86:9e:b4:ed:c4:d9:8f:
         76:ba:1f:45:df:86:50:cd:70:a7:08:5a:a1:a3:10:f3:49:b0:
         64:5e:96:9f:8a:0a:e8:50:c6:cd:6a:d3:19:a2:b8:50:1f:6e:
         12:39:f2:63:0c:de:0d:d9:01:d1:ea:4c:88:92:8a:79:41:74:
         95:79:f7:a3:b2:20:c3:c6:55:86:36:b6:ab:be:4b:9b:ce:e3:
         69:e1:a3:3e:3e:4f:8f:bd:cd:cc:df:97:91:a7:8c:c5:c6:9f:
         6c:45:8c:63:fa:6a:62:55:f0:3a:c3:ee:ca:0d:d2:8f:50:29:
         47:65:06:2b:97:dd:3c:d5:1f:75:dd:d0:63:22:29:3a:33:fc:
         97:1d:05:c0:11:a2:ab:3a:14:20:da:15:42:07:df:27:93:61:
         50:39:c9:23
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIU1aOJuvbkeTjO2Y+SKkRUX2p6MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTAyMDYwODIwWhcNMjUwNjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNzNjZTUyZjIwNDYzZWViZTcyMmJmNTg4ZDZjMjg4Yjli
NDExNjVlZmZlNmJlYThiYWUwNzg0YWJjZjY5NmMzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVeduCbzGHPAx62KlqytlnPWRYFRsHu6DitVHLCOGYCr83
iwyaFhDmYRjbXojXYX6Yygd/qvQpmvLwa40kSr3lZ3BQ9eS63DUM3Vsy8sFXhLXf
58dSJYn7zGNnIp0MF6j2TxPxjDvwnOhLr2lPoQh8bUqdjkPihfZMFkR8JD/ulMyb
bI55xguqqVrNQA8pJhDeAPA1Qlj7zurfrY+BtveqZWfi24oP1yeDSCFWpros5aqV
bi2XqAA0SgtIDZ6+HWRESU9fGQZ/DV4x33cicr4AkpWIFaAkIo8Hb7E1qxBtuCan
pPdiReSJuzef2CQayKG+oZRVew2xKtUAF5BvEg9DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFv1E+tyAXVlXZerlZTi4Xr+//hEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBkMTNhMDM1LTMyZTctNDZlOS05ZjBhLWMyOTBhMGQ4YzkzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIbMiI3RLleZyaDq2c6MLezL5bpA
gLC+zqpp8HdUdrq7FlwtH0kb618oa1GivhCY8oa7A/kiYSz5roAWIJQMo2/Je77/
TB1aLnak+tdQbsCGSk50dHESw4T6gOyx7Csfx1ZZ74Mvhp607cTZj3a6H0XfhlDN
cKcIWqGjEPNJsGRelp+KCuhQxs1q0xmiuFAfbhI58mMM3g3ZAdHqTIiSinlBdJV5
96OyIMPGVYY2tqu+S5vO42nhoz4+T4+9zczfl5GnjMXGn2xFjGP6amJV8DrD7soN
0o9QKUdlBiuX3TzVH3Xd0GMiKToz/JcdBcARoqs6FCDaFUIH3yeTYVA5ySM=
-----END CERTIFICATE-----