Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/21b17d8b-0bc9-425f-8506-8ed183e5666d.roa
File:                     21b17d8b-0bc9-425f-8506-8ed183e5666d.roa (raw, json)
Hash identifier:          y7rdctFezJPsMQwxU+q457LvrrYsdMNBq7vfBt4gPxQ=
Subject key identifier:   8B:22:84:34:23:3D:34:B3:47:D0:FD:8A:A4:57:2A:E7:FE:EE:42:D8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2712DDB01D76A5A8920B374D8504CB7810D09E05
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/21b17d8b-0bc9-425f-8506-8ed183e5666d.roa
Signing time:             Thu 01 Feb 2024 00:00:00 +0000
ROA not before:           Thu 01 Feb 2024 00:00:00 +0000
ROA not after:            Thu 07 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:12:dd:b0:1d:76:a5:a8:92:0b:37:4d:85:04:cb:78:10:d0:9e:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  1 00:00:00 2024 GMT
            Not After : Mar  7 23:59:59 2024 GMT
        Subject: serialNumber=3897f90afe6411ea220d44df2a179dbd28ae623fb26a096bbc6ac2ede5badbd4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:07:21:37:83:00:3c:12:65:39:5a:f4:e1:3b:
                    07:9b:9d:0d:28:ae:c7:e1:92:70:85:86:3f:b6:b8:
                    41:e4:13:84:11:02:15:a3:de:45:18:2d:36:e9:b5:
                    e5:65:28:c9:11:db:69:27:d7:20:24:58:e7:55:e6:
                    ee:5e:6b:ad:98:67:1b:13:dc:6f:6a:26:3e:da:48:
                    b6:cc:3e:40:24:86:84:21:b5:b6:09:5b:50:3b:df:
                    1d:5c:f5:c4:45:01:d4:70:38:01:ec:92:da:cf:1c:
                    51:9d:ef:b2:51:68:3f:7c:63:22:1f:dc:af:84:b0:
                    35:83:d0:10:12:02:c0:09:4c:0d:3b:bf:ec:6e:e2:
                    6b:74:83:3d:d4:b3:0e:42:43:4b:ed:3c:20:ac:2b:
                    6a:34:ad:fd:12:21:c9:e5:5b:29:d4:7c:c7:67:c0:
                    8c:44:25:f1:d0:31:9b:d6:86:a8:54:15:6c:5b:ea:
                    43:e8:16:be:d7:83:b9:b4:87:c5:aa:c7:26:fa:58:
                    e2:00:7d:ac:bb:fd:97:34:7f:4b:73:19:b1:d8:bf:
                    fd:77:e5:01:8b:83:3c:69:a3:8b:05:d9:7d:95:5c:
                    90:d3:ba:94:21:ce:d8:c1:2e:73:fc:8b:97:05:52:
                    d7:ce:15:2b:98:0d:76:05:2d:e3:68:4e:20:63:5a:
                    dc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:22:84:34:23:3D:34:B3:47:D0:FD:8A:A4:57:2A:E7:FE:EE:42:D8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/21b17d8b-0bc9-425f-8506-8ed183e5666d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:3a:34:6c:46:52:13:6c:88:de:62:06:31:87:f8:94:db:31:
         8f:e2:90:38:0c:a9:4a:45:48:ee:f7:5c:5e:16:11:02:fd:57:
         de:dd:98:cd:22:54:69:f4:25:db:14:e5:3f:4a:de:fd:a2:52:
         fe:38:24:6b:42:90:21:32:76:0f:44:d9:5b:d7:59:0b:c8:51:
         8d:86:46:dc:0c:b6:ea:71:54:47:d6:b1:8e:4c:1f:ca:df:7d:
         95:a7:7a:7c:3b:75:00:9e:17:e7:c0:f5:79:32:4f:3d:0c:37:
         75:0f:f7:76:90:5e:7c:46:5c:f5:b2:f1:c7:e9:23:7f:ff:65:
         37:e0:aa:a2:e0:9e:fe:e8:ed:33:aa:1f:68:61:76:59:d1:c5:
         be:76:7f:0b:f9:7c:4a:d5:1c:32:29:e2:57:c6:de:d4:49:1c:
         1d:b7:39:1b:59:68:f4:54:38:a4:a8:9d:96:78:24:dd:4f:dc:
         80:fd:ba:9a:99:c9:2b:f5:f3:3d:f8:3a:78:0a:df:94:b4:7f:
         e3:d1:64:50:b1:52:11:84:ce:ed:8d:3d:3a:b4:d3:7c:84:e7:
         92:36:3f:45:7c:fe:db:79:69:ee:5c:1f:b9:52:83:66:76:a1:
         69:ac:15:ab:64:7b:d9:8f:1b:3b:b1:7b:6f:55:07:70:9c:bb:
         a4:b5:57:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJxLdsB12paiSCzdNhQTLeBDQngUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjAxMDAwMDAwWhcNMjQwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzODk3ZjkwYWZlNjQxMWVhMjIwZDQ0ZGYyYTE3OWRiZDI4
YWU2MjNmYjI2YTA5NmJiYzZhYzJlZGU1YmFkYmQ0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUByE3gwA8EmU5WvThOwebnQ0orsfhknCFhj+2uEHkE4QR
AhWj3kUYLTbpteVlKMkR22kn1yAkWOdV5u5ea62YZxsT3G9qJj7aSLbMPkAkhoQh
tbYJW1A73x1c9cRFAdRwOAHsktrPHFGd77JRaD98YyIf3K+EsDWD0BASAsAJTA07
v+xu4mt0gz3Usw5CQ0vtPCCsK2o0rf0SIcnlWynUfMdnwIxEJfHQMZvWhqhUFWxb
6kPoFr7Xg7m0h8Wqxyb6WOIAfay7/Zc0f0tzGbHYv/135QGLgzxpo4sF2X2VXJDT
upQhztjBLnP8i5cFUtfOFSuYDXYFLeNoTiBjWtxRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiyKENCM9NLNH0P2KpFcq5/7uQtgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIxYjE3ZDhiLTBiYzktNDI1Zi04NTA2LThlZDE4M2U1NjY2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFo6NGxGUhNsiN5iBjGH+JTbMY/i
kDgMqUpFSO73XF4WEQL9V97dmM0iVGn0JdsU5T9K3v2iUv44JGtCkCEydg9E2VvX
WQvIUY2GRtwMtupxVEfWsY5MH8rffZWnenw7dQCeF+fA9XkyTz0MN3UP93aQXnxG
XPWy8cfpI3//ZTfgqqLgnv7o7TOqH2hhdlnRxb52fwv5fErVHDIp4lfG3tRJHB23
ORtZaPRUOKSonZZ4JN1P3ID9upqZySv18z34OngK35S0f+PRZFCxUhGEzu2NPTq0
03yE55I2P0V8/tt5ae5cH7lSg2Z2oWmsFatke9mPGzuxe29VB3Ccu6S1V50=
-----END CERTIFICATE-----
Generated at Sun Apr 27 02:53:11 2025 by rpki-client