Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/20aa5826-7c4a-4433-ae65-4583a2a853b4.roa
File:                     20aa5826-7c4a-4433-ae65-4583a2a853b4.roa (raw, json)
Hash identifier:          oVUMFYPE1xL9SGpyhZS8lgpbKSH4TyJd/u0R9636GMY=
Subject key identifier:   4B:16:71:C5:F2:1E:79:76:54:6D:30:6F:B1:CC:EA:36:C6:CD:14:D6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6D4D2632D4A76F37429A5E91A1CB7601E97A9520
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/20aa5826-7c4a-4433-ae65-4583a2a853b4.roa
Signing time:             Sun 27 Apr 2025 00:03:15 +0000
ROA not before:           Sun 27 Apr 2025 00:03:15 +0000
ROA not after:            Sun 01 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:4d:26:32:d4:a7:6f:37:42:9a:5e:91:a1:cb:76:01:e9:7a:95:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 27 00:03:15 2025 GMT
            Not After : Jun  1 23:59:59 2025 GMT
        Subject: serialNumber=7df5cfde6153bee8ecfe992de0e59e24cc2ed2236c0d8c891a9410283e90f9d4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6b:74:31:b8:13:51:0a:ea:02:88:af:ba:28:
                    b6:44:43:a5:e6:2c:07:7e:1f:7e:c6:f5:3f:f9:32:
                    4c:75:9a:e7:49:df:e2:85:df:ea:35:78:b8:e5:93:
                    b1:0f:89:88:1c:ab:f8:80:8c:bb:ab:4e:74:68:0f:
                    60:67:05:e5:13:f3:b9:a2:c5:1b:55:48:5c:23:99:
                    80:d4:bc:b2:b4:3b:0b:da:99:af:0e:fe:4f:46:74:
                    ad:27:cb:e4:78:67:f3:5b:7a:c0:ef:6a:d5:1f:c9:
                    71:de:6c:6c:3d:f3:ad:5e:bd:8a:f6:ff:1a:7e:70:
                    b5:7f:95:6d:26:1a:c5:9c:4d:78:f0:31:fb:3d:ab:
                    02:fa:76:a0:e6:61:e7:11:f6:3c:87:01:2a:e6:5e:
                    83:75:4a:0d:50:28:5b:d3:de:9f:1f:85:ed:94:b6:
                    2b:78:16:12:b9:8e:79:8a:50:93:b3:c2:a4:e1:6b:
                    65:68:ed:4e:de:00:3f:54:32:30:19:b1:b6:e7:0f:
                    ca:4f:2e:74:49:09:da:f0:15:f1:b8:c9:ac:86:ae:
                    46:2f:51:38:b1:c5:93:a8:51:09:67:5e:1c:83:1f:
                    e7:97:dd:99:46:28:61:6e:cc:57:5b:0a:a7:df:99:
                    dc:0b:f9:d2:b3:d1:0e:45:02:7c:58:be:17:8a:42:
                    09:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:16:71:C5:F2:1E:79:76:54:6D:30:6F:B1:CC:EA:36:C6:CD:14:D6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/20aa5826-7c4a-4433-ae65-4583a2a853b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:b1:e6:f4:02:c5:92:a4:9e:b8:83:db:5d:74:fc:44:f0:fa:
         77:bd:ef:1b:27:6c:0c:e2:cf:29:8a:b3:fa:4c:3e:0a:de:b3:
         cc:02:5c:03:68:9b:b1:a4:6b:34:0e:52:ac:61:3d:e6:f4:53:
         1a:1f:fb:a9:e7:32:0c:48:8a:79:56:54:8e:19:c5:36:1e:8a:
         8f:0f:fd:6d:02:46:23:97:f8:42:44:c7:5b:2f:b8:e2:86:fa:
         55:6b:89:1f:bb:46:7f:13:93:d8:8f:fc:e8:2d:18:2b:b0:e4:
         d3:3c:6e:6c:61:4f:56:5d:ce:3c:da:50:5f:2d:1d:ae:0e:0b:
         4d:40:46:8a:03:23:7a:87:7f:46:15:f1:24:f2:37:65:58:1d:
         e8:78:ba:bf:f4:30:95:6a:dc:77:a1:bc:f6:ed:ce:cd:78:ad:
         d0:ae:c6:e1:bf:6b:af:35:bb:24:80:4d:67:29:46:08:60:4a:
         d8:09:95:1b:99:b5:6d:5b:dd:eb:a0:c4:96:5f:f8:01:36:a8:
         d8:2a:01:0a:45:41:81:0a:70:09:03:2e:93:b9:5e:82:12:7c:
         95:2d:64:0b:1c:89:43:dc:9f:98:50:bf:ac:9a:5a:c1:ce:1a:
         c3:62:4a:24:3a:5e:25:c3:cc:0b:81:24:8b:7f:d0:e3:4e:59:
         80:9d:dc:2c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbU0mMtSnbzdCml6Roct2Ael6lSAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDI3MDAwMzE1WhcNMjUwNjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZGY1Y2ZkZTYxNTNiZWU4ZWNmZTk5MmRlMGU1OWUyNGNj
MmVkMjIzNmMwZDhjODkxYTk0MTAyODNlOTBmOWQ0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNa3QxuBNRCuoCiK+6KLZEQ6XmLAd+H37G9T/5Mkx1mudJ
3+KF3+o1eLjlk7EPiYgcq/iAjLurTnRoD2BnBeUT87mixRtVSFwjmYDUvLK0Owva
ma8O/k9GdK0ny+R4Z/NbesDvatUfyXHebGw9861evYr2/xp+cLV/lW0mGsWcTXjw
Mfs9qwL6dqDmYecR9jyHASrmXoN1Sg1QKFvT3p8fhe2Utit4FhK5jnmKUJOzwqTh
a2Vo7U7eAD9UMjAZsbbnD8pPLnRJCdrwFfG4yayGrkYvUTixxZOoUQlnXhyDH+eX
3ZlGKGFuzFdbCqffmdwL+dKz0Q5FAnxYvheKQgmBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSxZxxfIeeXZUbTBvsczqNsbNFNYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIwYWE1ODI2LTdjNGEtNDQzMy1hZTY1LTQ1ODNhMmE4NTNiNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHGx5vQCxZKknriD2110/ETw+ne9
7xsnbAzizymKs/pMPgres8wCXANom7GkazQOUqxhPeb0Uxof+6nnMgxIinlWVI4Z
xTYeio8P/W0CRiOX+EJEx1svuOKG+lVriR+7Rn8Tk9iP/OgtGCuw5NM8bmxhT1Zd
zjzaUF8tHa4OC01ARooDI3qHf0YV8STyN2VYHeh4ur/0MJVq3HehvPbtzs14rdCu
xuG/a681uySATWcpRghgStgJlRuZtW1b3eugxJZf+AE2qNgqAQpFQYEKcAkDLpO5
XoISfJUtZAsciUPcn5hQv6yaWsHOGsNiSiQ6XiXDzAuBJIt/0ONOWYCd3Cw=
-----END CERTIFICATE-----