Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1c7f0711-586a-4562-a4fe-6bcc5ce68d21.roa
File:                     1c7f0711-586a-4562-a4fe-6bcc5ce68d21.roa (raw, json)
Hash identifier:          WHBdGePNbmca0muCZit5j4hRScZ86MaxNnQiBlM2GGo=
Subject key identifier:   EA:6A:0D:4C:73:E8:00:11:D4:50:8C:B4:81:3F:7E:EC:26:6F:B6:61
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3A685A4C3A87C4092876EDF5BA388D62CCF2523D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1c7f0711-586a-4562-a4fe-6bcc5ce68d21.roa
Signing time:             Sun 11 May 2025 17:23:15 +0000
ROA not before:           Sun 11 May 2025 17:23:15 +0000
ROA not after:            Sun 15 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:68:5a:4c:3a:87:c4:09:28:76:ed:f5:ba:38:8d:62:cc:f2:52:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 11 17:23:15 2025 GMT
            Not After : Jun 15 23:59:59 2025 GMT
        Subject: serialNumber=5613f3300b90fad3fa11c42b522e1d9dd720f5c29a568b1c289f1cb0392167c9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:88:de:d9:38:5b:88:ea:bc:08:b6:aa:59:e5:
                    90:b7:8c:b9:90:f5:fb:fb:b5:e1:be:29:1a:63:dc:
                    26:c9:8c:e3:e0:07:2b:48:08:76:c2:d6:fb:e5:e9:
                    06:3b:66:ca:b3:cb:79:e9:e7:e3:36:50:65:f5:9b:
                    44:dd:e2:0d:47:7d:5b:5b:74:fb:5a:62:56:b7:fe:
                    1d:76:fc:44:56:fc:ab:a5:80:a4:9f:0e:b3:cc:da:
                    d9:78:c2:97:d2:52:91:c6:e4:d4:bb:29:9f:19:9d:
                    3f:0d:70:c3:99:ed:91:5c:fe:76:bc:ce:97:ee:cb:
                    c6:ee:59:93:b8:de:32:d8:69:70:73:5d:f9:59:89:
                    be:5f:fb:f5:dc:5e:e9:78:a3:50:ea:13:16:ff:66:
                    b0:53:92:56:0f:65:47:cf:45:bc:c5:bb:c5:71:98:
                    a8:32:3f:a8:2e:9a:63:01:93:cf:6a:23:f1:dc:bd:
                    8b:a9:33:dc:6d:3b:e1:5b:6b:c5:76:cd:d4:83:c1:
                    be:90:78:0f:73:bd:ec:57:89:a6:7e:b4:0a:0d:1d:
                    2d:e6:70:22:41:e0:93:6b:58:65:80:c2:82:a3:7f:
                    cf:2a:44:d3:37:d6:9c:bb:07:4d:b1:af:3c:de:aa:
                    14:84:12:e2:70:f0:11:83:dc:e4:aa:e9:0c:3a:c6:
                    34:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:6A:0D:4C:73:E8:00:11:D4:50:8C:B4:81:3F:7E:EC:26:6F:B6:61
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1c7f0711-586a-4562-a4fe-6bcc5ce68d21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:44:0d:1c:5c:65:26:85:82:73:8f:6b:4c:d8:72:93:1c:da:
         60:62:b2:59:04:20:0f:aa:40:6a:40:d8:bc:7c:33:c2:37:6f:
         74:5c:9e:73:30:57:a6:a5:54:b0:64:f8:93:92:9f:95:e9:18:
         1c:0c:cc:c8:e2:83:c6:3e:20:3a:90:c2:7c:4d:ac:6e:b0:51:
         91:42:c5:90:fc:d4:b5:4b:af:4b:53:4d:46:0c:ac:e1:d9:a1:
         d6:3b:eb:8e:bf:0e:f4:91:c6:2a:f3:c2:67:8a:ff:c5:d2:db:
         17:63:92:6d:ba:73:55:80:a0:d6:56:ee:b9:9a:e9:4a:01:2a:
         68:e7:7d:e2:9a:d1:05:be:9e:ec:45:68:25:c1:8b:2e:84:90:
         20:83:f0:76:e6:bc:2d:25:87:03:b2:36:8d:11:9a:9d:f0:d3:
         08:dd:81:86:3c:3a:9c:3a:3d:7b:06:d4:95:7b:31:9f:af:5b:
         a2:3b:08:5f:c5:9b:22:43:21:ac:42:18:02:23:6a:10:36:0e:
         71:ca:3b:4c:e6:fe:01:31:8d:2d:e4:e7:c2:c3:00:99:8d:cc:
         4d:01:24:98:9a:36:b2:f3:32:d5:43:e6:ad:b5:1e:b7:d0:34:
         7f:fd:f7:5a:00:25:87:89:d3:50:f0:c0:be:4a:f7:db:08:cb:
         a4:c4:1c:71
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOmhaTDqHxAkodu31ujiNYszyUj0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTExMTcyMzE1WhcNMjUwNjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjEzZjMzMDBiOTBmYWQzZmExMWM0MmI1MjJlMWQ5ZGQ3
MjBmNWMyOWE1NjhiMWMyODlmMWNiMDM5MjE2N2M5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNiN7ZOFuI6rwItqpZ5ZC3jLmQ9fv7teG+KRpj3CbJjOPg
BytICHbC1vvl6QY7Zsqzy3np5+M2UGX1m0Td4g1HfVtbdPtaYla3/h12/ERW/Kul
gKSfDrPM2tl4wpfSUpHG5NS7KZ8ZnT8NcMOZ7ZFc/na8zpfuy8buWZO43jLYaXBz
XflZib5f+/XcXul4o1DqExb/ZrBTklYPZUfPRbzFu8VxmKgyP6gummMBk89qI/Hc
vYupM9xtO+Fba8V2zdSDwb6QeA9zvexXiaZ+tAoNHS3mcCJB4JNrWGWAwoKjf88q
RNM31py7B02xrzzeqhSEEuJw8BGD3OSq6Qw6xjRFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6moNTHPoABHUUIy0gT9+7CZvtmEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFjN2YwNzExLTU4NmEtNDU2Mi1hNGZlLTZiY2M1Y2U2OGQyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEpEDRxcZSaFgnOPa0zYcpMc2mBi
slkEIA+qQGpA2Lx8M8I3b3RcnnMwV6alVLBk+JOSn5XpGBwMzMjig8Y+IDqQwnxN
rG6wUZFCxZD81LVLr0tTTUYMrOHZodY7646/DvSRxirzwmeK/8XS2xdjkm26c1WA
oNZW7rma6UoBKmjnfeKa0QW+nuxFaCXBiy6EkCCD8HbmvC0lhwOyNo0Rmp3w0wjd
gYY8Opw6PXsG1JV7MZ+vW6I7CF/FmyJDIaxCGAIjahA2DnHKO0zm/gExjS3k58LD
AJmNzE0BJJiaNrLzMtVD5q21HrfQNH/991oAJYeJ01DwwL5K99sIy6TEHHE=
-----END CERTIFICATE-----