Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/303fc16d-c142-4472-9eb9-fc239f982a2d.roa
File:                     303fc16d-c142-4472-9eb9-fc239f982a2d.roa (raw, json)
Hash identifier:          PNKWwW2JkLwejqliwESVBTAxHnEmnqVQv+OqdEHb+XU=
Subject key identifier:   8E:96:A0:5D:D0:8D:41:36:6A:DC:79:66:6C:63:44:60:86:C5:D2:D8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       53D692CB3EACA1E36ABC7FA68B86A7F688D360A4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/303fc16d-c142-4472-9eb9-fc239f982a2d.roa
Signing time:             Thu 13 Feb 2025 10:18:21 +0000
ROA not before:           Thu 13 Feb 2025 10:18:21 +0000
ROA not after:            Thu 20 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:d6:92:cb:3e:ac:a1:e3:6a:bc:7f:a6:8b:86:a7:f6:88:d3:60:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 13 10:18:21 2025 GMT
            Not After : Mar 20 23:59:59 2025 GMT
        Subject: serialNumber=134c5884bef217e5a636463bcdc2b64bc5b0a715860819ddb233caa29707eb9c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4c:70:6e:cf:e9:a4:fd:0f:d7:14:33:f3:7e:
                    72:95:65:ea:3b:f3:22:4c:7b:4d:4d:9c:6e:24:e1:
                    ac:87:0b:de:c7:84:ee:4c:83:2b:71:3c:e1:63:7b:
                    56:c3:cc:ec:75:73:75:e2:0e:3a:bf:68:87:d9:e6:
                    26:10:5b:1c:21:50:99:43:a8:18:e2:59:ee:a5:a9:
                    a6:e1:7b:e5:72:73:89:9f:33:c4:70:13:21:03:ac:
                    c6:0a:a2:d8:ea:ad:71:bb:58:eb:4a:e2:ca:c3:e2:
                    b9:23:97:8d:26:3f:50:a5:51:71:31:53:2f:3e:0f:
                    7b:d0:1f:b9:ee:b0:49:df:6b:c5:33:5b:06:ff:6f:
                    07:9d:4b:96:10:66:4f:e4:aa:0f:29:2d:da:b6:d0:
                    41:dd:42:14:40:44:02:ad:86:ab:89:8d:c2:67:f7:
                    fb:41:7a:99:51:73:f9:44:98:b4:6b:f1:24:2c:f9:
                    a6:99:3e:2b:22:17:18:43:e1:2d:35:2c:76:91:93:
                    12:d4:b6:4b:a0:fe:1b:48:b6:8e:c0:be:db:1c:ac:
                    1a:5d:92:2f:d7:b4:f5:2e:44:03:f1:93:ff:fd:71:
                    f8:6c:db:7a:34:09:2c:3d:ba:0d:30:8d:6c:c7:29:
                    8e:70:08:a0:e9:53:37:ad:03:47:e4:b0:9c:53:76:
                    86:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:96:A0:5D:D0:8D:41:36:6A:DC:79:66:6C:63:44:60:86:C5:D2:D8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/303fc16d-c142-4472-9eb9-fc239f982a2d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:e5:6d:56:24:a5:36:71:cc:43:73:aa:33:4d:85:8e:85:ae:
         1b:3e:1c:54:48:88:61:fa:64:a2:30:59:e4:91:a2:62:d1:42:
         06:14:03:52:57:42:a5:75:16:5a:ca:60:af:32:0b:df:ce:0d:
         48:f4:ef:a2:4a:6c:ee:7e:02:1b:61:47:16:fb:8a:28:59:00:
         76:3f:8b:cf:9f:e9:47:bb:be:46:ab:63:65:98:02:96:4b:a9:
         8f:1a:92:8c:8d:fc:d7:2b:83:ff:44:99:41:42:5c:93:fe:00:
         8a:c5:d5:fd:f7:83:47:3a:87:ef:f5:e0:49:b6:f5:bc:4e:c1:
         a7:c9:3b:b7:a3:bc:05:50:49:13:10:83:0f:05:c4:6a:b2:aa:
         d9:4b:27:d9:13:80:c4:bc:fd:15:c8:4d:fa:dc:25:75:30:61:
         b3:62:4f:9f:e7:bd:44:ef:62:ac:79:85:a1:66:af:ae:d6:6c:
         0f:e7:67:dc:d6:b3:3a:25:a3:d0:46:32:34:99:d5:73:03:93:
         f3:8a:70:bd:07:5d:b4:58:99:da:24:74:84:cf:21:5d:60:69:
         ea:ca:ba:14:22:f1:32:a1:45:a7:b8:87:48:a8:b4:16:83:03:
         20:51:80:b3:3d:6c:94:1e:d8:3e:92:1e:cb:8c:33:6a:07:db:
         99:75:b5:b0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU9aSyz6soeNqvH+mi4an9ojTYKQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjEzMTAxODIxWhcNMjUwMzIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzRjNTg4NGJlZjIxN2U1YTYzNjQ2M2JjZGMyYjY0YmM1
YjBhNzE1ODYwODE5ZGRiMjMzY2FhMjk3MDdlYjljMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnTHBuz+mk/Q/XFDPzfnKVZeo78yJMe01NnG4k4ayHC97H
hO5MgytxPOFje1bDzOx1c3XiDjq/aIfZ5iYQWxwhUJlDqBjiWe6lqabhe+Vyc4mf
M8RwEyEDrMYKotjqrXG7WOtK4srD4rkjl40mP1ClUXExUy8+D3vQH7nusEnfa8Uz
Wwb/bwedS5YQZk/kqg8pLdq20EHdQhRARAKthquJjcJn9/tBeplRc/lEmLRr8SQs
+aaZPisiFxhD4S01LHaRkxLUtkug/htIto7AvtscrBpdki/XtPUuRAPxk//9cfhs
23o0CSw9ug0wjWzHKY5wCKDpUzetA0fksJxTdoZVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjpagXdCNQTZq3HlmbGNEYIbF0tgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMwM2ZjMTZkLWMxNDItNDQ3Mi05ZWI5LWZjMjM5Zjk4MmEyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGPlbVYkpTZxzENzqjNNhY6Frhs+
HFRIiGH6ZKIwWeSRomLRQgYUA1JXQqV1FlrKYK8yC9/ODUj076JKbO5+AhthRxb7
iihZAHY/i8+f6Ue7vkarY2WYApZLqY8akoyN/Ncrg/9EmUFCXJP+AIrF1f33g0c6
h+/14Em29bxOwafJO7ejvAVQSRMQgw8FxGqyqtlLJ9kTgMS8/RXITfrcJXUwYbNi
T5/nvUTvYqx5haFmr67WbA/nZ9zWszolo9BGMjSZ1XMDk/OKcL0HXbRYmdokdITP
IV1gaerKuhQi8TKhRae4h0iotBaDAyBRgLM9bJQe2D6SHsuMM2oH25l1tbA=
-----END CERTIFICATE-----