Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d26d1e4-6423-410e-905f-36a66d4cf8d1.roa
File:                     0d26d1e4-6423-410e-905f-36a66d4cf8d1.roa (raw, json)
Hash identifier:          vPrtvs/4macx4Y+cXHM6NNG3BwnCglIpI9dqeiZitv0=
Subject key identifier:   DE:AE:4F:7B:87:BE:37:61:65:6F:74:C8:AE:76:6D:ED:11:CF:8D:EE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7EFA4E16A51BA73A775C958EE0F8B595F9EACC2E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d26d1e4-6423-410e-905f-36a66d4cf8d1.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:fa:4e:16:a5:1b:a7:3a:77:5c:95:8e:e0:f8:b5:95:f9:ea:cc:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=a600d6fc7cb56f152876230306eb6b9fd0584cf4335d520990d049739d5ad015, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:a6:33:7d:8e:fb:40:15:3d:20:95:d5:04:1d:
                    5d:81:1e:f0:f2:5d:bd:98:b9:bc:41:7f:c5:9c:4f:
                    0b:04:cc:c4:d9:01:58:af:9b:cf:6a:4a:9c:f4:6a:
                    20:6a:cf:2e:e2:56:ca:41:ae:64:94:1f:4f:ff:07:
                    ee:a1:bc:fe:72:d4:2e:46:0b:c3:40:58:0d:94:24:
                    ae:e3:d4:a8:e9:6b:33:97:01:3d:c0:36:41:d3:ae:
                    7e:75:b4:aa:08:fa:f5:e4:de:ce:c1:15:6e:0b:42:
                    ba:8c:00:ab:5a:8d:4d:61:44:6f:27:f2:31:6e:73:
                    4e:89:4b:96:c4:26:d1:07:b1:37:f8:f4:c6:5b:64:
                    e4:c7:b9:3b:b7:7c:23:a7:25:3c:e2:61:5b:24:da:
                    f5:4e:17:86:c9:39:b9:7c:e1:ea:65:a6:f8:6f:c4:
                    3a:fd:a7:1e:57:4a:56:a5:43:c7:09:4b:3d:c3:b8:
                    80:0c:3c:74:f7:4e:bc:05:ba:1f:b2:e7:f9:42:74:
                    dc:0c:42:b0:d3:8b:61:b8:3e:bb:5f:74:e6:e4:64:
                    76:28:f9:e6:9b:68:68:99:23:10:88:59:77:a3:09:
                    fc:d1:7b:08:5a:79:9f:c7:34:b2:10:e5:99:30:21:
                    de:87:7f:c9:31:fc:be:f8:51:ad:4b:c0:23:53:d0:
                    4d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:AE:4F:7B:87:BE:37:61:65:6F:74:C8:AE:76:6D:ED:11:CF:8D:EE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d26d1e4-6423-410e-905f-36a66d4cf8d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:ab:b7:43:37:88:50:1b:f3:28:ee:86:d1:76:ef:62:64:52:
         bc:e0:3a:82:94:af:db:ae:3c:62:8d:0f:83:74:00:d9:36:22:
         7a:5b:3e:f2:6f:4e:76:95:ed:65:f4:ba:8b:ae:6e:9c:4d:ef:
         df:c7:80:dd:c0:15:f8:e7:0f:01:34:59:5e:df:96:da:d0:2b:
         b9:77:ce:da:06:77:dd:48:61:1e:b4:2f:9e:85:73:b0:11:f8:
         8b:7f:dc:3a:67:b4:c7:38:53:ba:cf:64:8f:68:85:36:ef:0a:
         d4:2f:3a:e1:fb:b6:02:a7:88:b3:72:b5:d8:c4:b2:0b:ae:e2:
         16:00:0f:60:fe:ef:8c:d9:e2:c7:d3:2b:89:a5:ff:43:8d:49:
         23:7d:08:a8:e3:d8:ef:f0:81:9d:07:4c:d1:00:aa:4b:6a:cc:
         11:ba:90:6e:b7:bd:e3:ab:4f:0f:e8:1e:1c:ca:79:89:0f:05:
         26:b2:25:ed:08:4b:8d:a9:1d:5f:b6:cf:4a:c9:dc:f3:39:b4:
         30:10:e5:e2:4d:b4:82:28:e0:27:4f:74:ef:7a:4a:d1:96:d2:
         ce:d5:4f:73:b5:60:48:53:8b:a2:8d:e5:ab:73:c5:9b:a9:d6:
         93:b4:46:7a:f3:c2:f4:61:67:41:62:ae:5d:21:da:ff:a8:5a:
         d7:54:42:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfvpOFqUbpzp3XJWO4Pi1lfnqzC4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNjAwZDZmYzdjYjU2ZjE1Mjg3NjIzMDMwNmViNmI5ZmQw
NTg0Y2Y0MzM1ZDUyMDk5MGQwNDk3MzlkNWFkMDE1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlpjN9jvtAFT0gldUEHV2BHvDyXb2YubxBf8WcTwsEzMTZ
AVivm89qSpz0aiBqzy7iVspBrmSUH0//B+6hvP5y1C5GC8NAWA2UJK7j1KjpazOX
AT3ANkHTrn51tKoI+vXk3s7BFW4LQrqMAKtajU1hRG8n8jFuc06JS5bEJtEHsTf4
9MZbZOTHuTu3fCOnJTziYVsk2vVOF4bJObl84eplpvhvxDr9px5XSlalQ8cJSz3D
uIAMPHT3TrwFuh+y5/lCdNwMQrDTi2G4PrtfdObkZHYo+eabaGiZIxCIWXejCfzR
ewhaeZ/HNLIQ5ZkwId6Hf8kx/L74Ua1LwCNT0E2nAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3q5Pe4e+N2Flb3TIrnZt7RHPje4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBkMjZkMWU0LTY0MjMtNDEwZS05MDVmLTM2YTY2ZDRjZjhkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGyrt0M3iFAb8yjuhtF272JkUrzg
OoKUr9uuPGKND4N0ANk2InpbPvJvTnaV7WX0uouubpxN79/HgN3AFfjnDwE0WV7f
ltrQK7l3ztoGd91IYR60L56Fc7AR+It/3DpntMc4U7rPZI9ohTbvCtQvOuH7tgKn
iLNytdjEsguu4hYAD2D+74zZ4sfTK4ml/0ONSSN9CKjj2O/wgZ0HTNEAqktqzBG6
kG63veOrTw/oHhzKeYkPBSayJe0IS42pHV+2z0rJ3PM5tDAQ5eJNtIIo4CdPdO96
StGW0s7VT3O1YEhTi6KN5atzxZup1pO0RnrzwvRhZ0Firl0h2v+oWtdUQic=
-----END CERTIFICATE-----