Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/18611350-4207-41d5-9b90-8607e35a0b26.roa
File:                     18611350-4207-41d5-9b90-8607e35a0b26.roa (raw, json)
Hash identifier:          8BMjJRoU35Iim6OBMkVDSc6av0Cp1o8QEGr8343Vmo8=
Subject key identifier:   84:37:A2:D2:2F:08:77:4E:B2:1A:A9:D7:6F:EF:13:C4:E5:1F:FD:DC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       329D00195D01A76BCCF49EA6BBD1E475709E7FC3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/18611350-4207-41d5-9b90-8607e35a0b26.roa
Signing time:             Sat 08 Mar 2025 13:03:22 +0000
ROA not before:           Sat 08 Mar 2025 13:03:22 +0000
ROA not after:            Sat 12 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:9d:00:19:5d:01:a7:6b:cc:f4:9e:a6:bb:d1:e4:75:70:9e:7f:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  8 13:03:22 2025 GMT
            Not After : Apr 12 23:59:59 2025 GMT
        Subject: serialNumber=68d1a39b4ad92608fd4c3328100a1edf477a6e568c6ae9b09b50e245155865eb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:94:7c:45:07:c0:3c:e4:d1:d6:f3:d1:42:f6:
                    e6:7e:56:a9:71:e7:e4:e6:b9:05:4b:6c:ba:1d:69:
                    bc:85:b5:90:53:82:bd:e7:bd:4e:5f:13:97:11:bd:
                    eb:5e:91:0f:52:47:ef:b3:75:c2:72:6e:79:7d:ee:
                    30:f1:e2:29:2d:7e:67:00:56:42:e4:d2:60:69:aa:
                    90:14:7a:91:e8:c8:da:b2:af:cb:3d:0f:ae:e3:c2:
                    9e:9d:1c:78:cd:e2:12:17:12:20:db:ea:30:f6:71:
                    d0:14:72:62:71:c3:67:2a:d9:15:4b:9c:e9:7b:6e:
                    ea:7a:55:75:ff:99:0c:46:e6:0c:33:9b:95:98:d4:
                    35:6e:14:80:84:d3:e7:a4:70:69:23:9d:6d:e9:18:
                    9c:11:d2:89:5c:b8:3a:ca:b1:a0:22:0d:d2:7f:4c:
                    27:16:3f:b1:aa:23:59:fe:5a:69:4e:34:74:2d:0a:
                    e8:ea:68:20:56:66:cc:01:d8:31:83:8b:32:c1:6d:
                    59:2f:91:7a:88:b6:6c:64:72:89:f7:06:54:c6:96:
                    05:10:db:fd:3a:0c:5f:ce:be:67:53:c9:6c:88:d7:
                    72:1c:a8:a2:4f:dc:94:ef:1a:05:40:d1:3d:96:c4:
                    26:e9:ee:1b:a8:4f:63:42:c8:ba:62:0f:02:54:1c:
                    ec:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:37:A2:D2:2F:08:77:4E:B2:1A:A9:D7:6F:EF:13:C4:E5:1F:FD:DC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/18611350-4207-41d5-9b90-8607e35a0b26.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:7b:47:d3:10:0b:02:ff:ed:76:d1:59:7e:23:11:49:16:da:
         b1:f5:d7:3f:01:25:0b:d8:c1:f1:97:c4:93:54:a1:13:5e:72:
         12:4c:04:6c:dd:eb:60:09:fe:2e:12:4a:05:35:3a:46:19:3c:
         72:af:de:49:7c:08:79:60:90:e3:ce:61:1b:c4:4e:da:63:aa:
         a3:1a:aa:3d:02:de:03:c8:01:ae:7f:f5:06:df:64:ac:ce:6a:
         3e:49:09:01:9d:f9:ca:36:b5:d7:48:bc:2d:65:48:d0:34:c4:
         c4:8a:a3:71:9a:ea:2b:db:95:5c:6f:05:ab:c2:9a:74:f6:d0:
         cf:cf:4f:78:95:20:1f:ac:c4:87:87:63:3c:0e:41:e8:b8:18:
         30:87:35:16:4d:1e:d9:35:40:c7:5d:61:5e:de:78:7c:8c:d3:
         1f:bf:a0:e2:f1:30:48:78:dc:9a:4e:37:6f:31:d6:4a:cb:a4:
         31:62:02:82:4e:64:8a:55:01:59:05:43:23:c1:df:e2:bb:ea:
         03:d8:87:99:14:93:8b:d1:66:b3:64:2a:21:cb:aa:a5:c7:30:
         c4:87:50:3f:19:10:cb:77:b0:18:29:1b:ae:cb:c8:18:bf:d4:
         2f:b1:ae:b1:6a:8c:da:8b:eb:46:f8:8d:31:71:e0:17:1b:e6:
         6f:b4:ae:b6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMp0AGV0Bp2vM9J6mu9HkdXCef8MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA4MTMwMzIyWhcNMjUwNDEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2OGQxYTM5YjRhZDkyNjA4ZmQ0YzMzMjgxMDBhMWVkZjQ3
N2E2ZTU2OGM2YWU5YjA5YjUwZTI0NTE1NTg2NWViMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7lHxFB8A85NHW89FC9uZ+Vqlx5+TmuQVLbLodabyFtZBT
gr3nvU5fE5cRvetekQ9SR++zdcJybnl97jDx4iktfmcAVkLk0mBpqpAUepHoyNqy
r8s9D67jwp6dHHjN4hIXEiDb6jD2cdAUcmJxw2cq2RVLnOl7bup6VXX/mQxG5gwz
m5WY1DVuFICE0+ekcGkjnW3pGJwR0olcuDrKsaAiDdJ/TCcWP7GqI1n+WmlONHQt
CujqaCBWZswB2DGDizLBbVkvkXqItmxkcon3BlTGlgUQ2/06DF/OvmdTyWyI13Ic
qKJP3JTvGgVA0T2WxCbp7huoT2NCyLpiDwJUHOxJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhDei0i8Id06yGqnXb+8TxOUf/dwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE4NjExMzUwLTQyMDctNDFkNS05YjkwLTg2MDdlMzVhMGIyNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJN7R9MQCwL/7XbRWX4jEUkW2rH1
1z8BJQvYwfGXxJNUoRNechJMBGzd62AJ/i4SSgU1OkYZPHKv3kl8CHlgkOPOYRvE
TtpjqqMaqj0C3gPIAa5/9QbfZKzOaj5JCQGd+co2tddIvC1lSNA0xMSKo3Ga6ivb
lVxvBavCmnT20M/PT3iVIB+sxIeHYzwOQei4GDCHNRZNHtk1QMddYV7eeHyM0x+/
oOLxMEh43JpON28x1krLpDFiAoJOZIpVAVkFQyPB3+K76gPYh5kUk4vRZrNkKiHL
qqXHMMSHUD8ZEMt3sBgpG67LyBi/1C+xrrFqjNqL60b4jTFx4Bcb5m+0rrY=
-----END CERTIFICATE-----