Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/11495fe3-5724-48fd-8b56-afc026cfb21c.roa
File:                     11495fe3-5724-48fd-8b56-afc026cfb21c.roa (raw, json)
Hash identifier:          XY1RL0QyNmt7QO/dedENdflC6reFpVl9T6X4NnwwLmA=
Subject key identifier:   30:2D:7B:59:59:1C:18:B0:8D:11:D0:0C:7E:F3:DC:B9:78:08:A8:F3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5C13E7E94782E973239FE5123944AE9BC460B701
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/11495fe3-5724-48fd-8b56-afc026cfb21c.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:13:e7:e9:47:82:e9:73:23:9f:e5:12:39:44:ae:9b:c4:60:b7:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=ca484346b989dae04bd679fd8d0bbe897e949e432559e59d8bb95804ef826f4e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:24:83:22:f6:cd:bc:23:04:f5:e3:ef:2f:7f:
                    90:e8:04:9c:ca:e3:12:ba:a6:6f:2b:9c:4c:16:55:
                    14:9f:12:b9:37:9d:af:48:91:a3:d0:e4:a3:3d:41:
                    36:cc:8a:37:bb:84:da:7a:76:b4:0c:5a:ae:32:c7:
                    5f:ca:dc:dd:b7:e4:35:6c:a1:91:72:00:40:9b:48:
                    a1:c2:eb:4f:0e:77:41:df:01:d2:15:0c:90:75:a4:
                    ec:cf:9f:59:65:02:57:36:62:27:d4:4a:64:9a:c4:
                    70:70:18:f4:9c:49:eb:6d:96:d4:5a:fb:df:e6:37:
                    51:11:0e:70:ed:0d:ce:e5:5b:56:f0:7d:d5:25:2f:
                    e8:a0:44:0d:97:d9:17:6e:a7:88:06:ff:4f:3a:be:
                    09:4c:fe:c3:e5:ff:79:ec:0e:cb:13:fe:2b:81:27:
                    bb:81:32:eb:2f:0e:37:c5:ed:2f:1e:bc:cd:47:22:
                    2a:5c:ea:42:a3:90:65:20:0c:63:93:b2:66:02:94:
                    15:82:3a:30:b6:38:a6:99:af:8f:4b:9b:06:d6:e4:
                    eb:4e:94:f0:c5:88:52:5f:5b:2c:3a:5d:6f:eb:be:
                    e4:5e:d4:4b:fc:27:ef:2a:7e:a9:12:a0:8a:2c:0d:
                    d8:a3:bc:7b:d5:35:ca:43:9e:87:d8:64:a7:d0:d5:
                    66:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:2D:7B:59:59:1C:18:B0:8D:11:D0:0C:7E:F3:DC:B9:78:08:A8:F3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/11495fe3-5724-48fd-8b56-afc026cfb21c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:16:5f:d1:69:97:74:c9:04:f2:2b:66:8f:af:ba:7d:c3:46:
         04:96:ef:ed:dc:17:80:f8:1f:38:03:47:dc:53:74:4d:58:b7:
         98:8e:fc:23:45:c2:d0:44:ef:10:e6:7e:b1:3c:92:f2:e9:dc:
         97:5d:8f:ec:24:56:1c:ff:e1:8e:87:bb:d3:15:20:80:76:0c:
         39:23:1e:01:a0:45:79:32:c8:c4:9d:68:e1:f5:16:bb:85:32:
         39:c4:c0:93:a6:35:5d:aa:d2:62:e9:22:d4:3f:27:f9:b8:bc:
         81:aa:a8:3c:db:ce:09:b9:0b:14:dd:29:a2:20:57:35:cb:ba:
         35:68:21:16:11:95:5e:5c:bc:fb:78:db:ec:49:fc:37:46:ff:
         2b:86:f9:d3:b7:d7:64:b5:ed:71:35:2f:a9:91:52:08:5b:2d:
         b1:fc:de:d7:b4:14:fb:44:5a:ec:f9:ee:2a:d4:65:40:f1:0e:
         06:38:85:11:98:33:b6:a1:a7:ec:75:d9:8c:dd:d6:56:b5:c7:
         a3:f2:ee:38:53:ac:d0:7d:03:74:98:c2:9b:a9:4b:2f:6c:d3:
         1e:d8:b4:4f:a9:60:ca:70:bd:1e:4b:2d:a7:30:b8:ce:4a:34:
         fc:06:4a:4f:25:5f:33:9b:18:70:2d:09:aa:13:1e:9b:ec:40:
         4c:f3:e0:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXBPn6UeC6XMjn+USOUSum8RgtwEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYTQ4NDM0NmI5ODlkYWUwNGJkNjc5ZmQ4ZDBiYmU4OTdl
OTQ5ZTQzMjU1OWU1OWQ4YmI5NTgwNGVmODI2ZjRlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnJIMi9s28IwT14+8vf5DoBJzK4xK6pm8rnEwWVRSfErk3
na9IkaPQ5KM9QTbMije7hNp6drQMWq4yx1/K3N235DVsoZFyAECbSKHC608Od0Hf
AdIVDJB1pOzPn1llAlc2YifUSmSaxHBwGPScSettltRa+9/mN1ERDnDtDc7lW1bw
fdUlL+igRA2X2Rdup4gG/086vglM/sPl/3nsDssT/iuBJ7uBMusvDjfF7S8evM1H
Iipc6kKjkGUgDGOTsmYClBWCOjC2OKaZr49LmwbW5OtOlPDFiFJfWyw6XW/rvuRe
1Ev8J+8qfqkSoIosDdijvHvVNcpDnofYZKfQ1WbHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMC17WVkcGLCNEdAMfvPcuXgIqPMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzExNDk1ZmUzLTU3MjQtNDhmZC04YjU2LWFmYzAyNmNmYjIxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ4WX9Fpl3TJBPIrZo+vun3DRgSW
7+3cF4D4HzgDR9xTdE1Yt5iO/CNFwtBE7xDmfrE8kvLp3Jddj+wkVhz/4Y6Hu9MV
IIB2DDkjHgGgRXkyyMSdaOH1FruFMjnEwJOmNV2q0mLpItQ/J/m4vIGqqDzbzgm5
CxTdKaIgVzXLujVoIRYRlV5cvPt42+xJ/DdG/yuG+dO312S17XE1L6mRUghbLbH8
3te0FPtEWuz57irUZUDxDgY4hRGYM7ahp+x12Yzd1la1x6Py7jhTrNB9A3SYwpup
Sy9s0x7YtE+pYMpwvR5LLacwuM5KNPwGSk8lXzObGHAtCaoTHpvsQEzz4Lk=
-----END CERTIFICATE-----