Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/39d03f25-ce84-496b-a5dc-865d3fc736c6.roa
File:                     39d03f25-ce84-496b-a5dc-865d3fc736c6.roa (raw, json)
Hash identifier:          523tuNgZB/SO8PekWTtyUgOkL+UfnCkmPvomFuYFqDM=
Subject key identifier:   D2:8B:11:83:AB:A7:B5:D9:55:E1:EB:5E:4B:C3:52:AC:66:28:52:82
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       39C1C1808B80555ABD9B9B7629EDA065EA868318
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/39d03f25-ce84-496b-a5dc-865d3fc736c6.roa
Signing time:             Sat 05 Apr 2025 23:53:19 +0000
ROA not before:           Sat 05 Apr 2025 23:53:19 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:c1:c1:80:8b:80:55:5a:bd:9b:9b:76:29:ed:a0:65:ea:86:83:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  5 23:53:19 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: serialNumber=159d447525d7de4edeaf3af0e05d7855aac2d4dc07fee0a3520f142156e54457, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:79:c0:6d:3a:7a:bb:98:b1:94:e0:9d:8a:b7:
                    f6:46:7d:71:ef:75:43:4f:3b:bc:63:a8:76:40:23:
                    a0:21:e5:8c:7d:59:27:bb:1c:d1:32:e8:af:c2:7b:
                    ae:df:5b:25:86:c0:3f:d6:99:7c:e7:6c:0e:c6:42:
                    c5:62:1b:f2:51:1c:aa:58:f1:83:4e:04:9f:0d:0f:
                    13:1c:31:0e:af:0e:b2:a0:5e:c2:40:8e:0f:ed:61:
                    34:3a:5e:9b:34:64:b7:06:8b:fe:05:82:25:b9:e7:
                    6a:77:fc:3e:96:f7:b6:74:ca:2b:41:0d:7e:e8:f3:
                    a5:c7:21:bc:cf:39:01:ba:46:14:02:7a:e1:00:4a:
                    ce:7f:54:b0:9f:c8:55:63:3e:b5:23:2c:9d:a4:7e:
                    42:7e:05:28:90:4d:46:e1:d2:f6:3f:69:f4:fe:7a:
                    b2:50:90:42:21:bf:74:1e:13:b8:f6:56:15:20:bf:
                    59:00:60:1e:f4:94:de:6e:38:8b:fa:97:eb:a0:dd:
                    8e:5e:c7:f1:19:d9:98:66:92:e1:8c:9e:51:6b:63:
                    87:af:32:34:83:00:e6:7a:0e:50:8f:da:c3:08:6e:
                    79:68:5b:77:25:ec:50:fe:1d:d7:e8:e1:74:02:c6:
                    8b:1e:fd:4e:64:3b:dc:f3:6b:18:af:ab:3b:59:24:
                    a0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8B:11:83:AB:A7:B5:D9:55:E1:EB:5E:4B:C3:52:AC:66:28:52:82
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/39d03f25-ce84-496b-a5dc-865d3fc736c6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:9a:8f:19:e7:6d:d6:fa:78:b0:b7:d5:c7:d8:d6:06:23:9d:
         f4:91:bc:ea:4f:4e:89:ba:56:e2:e6:a4:87:47:20:26:84:71:
         2a:97:4f:b3:4d:54:a9:56:d3:ca:ca:9c:f9:12:f5:1c:36:c1:
         7a:db:ac:aa:2c:19:b8:61:27:16:0b:3b:6d:cb:fd:3e:2a:4b:
         93:87:0f:77:5c:92:f0:24:c2:22:78:ff:85:32:0d:ed:b9:10:
         45:66:70:4b:85:2a:27:fc:af:3a:e5:b7:8a:a5:f8:13:b8:79:
         f0:de:f1:bc:e8:d8:ec:45:71:59:07:f4:24:44:78:3c:e0:b4:
         87:e6:52:71:28:a7:bd:e7:61:fe:7e:be:11:ef:68:6b:b5:7a:
         c5:73:bf:5f:d1:cf:1c:04:26:70:16:54:96:86:3f:29:14:10:
         fd:78:df:e8:5a:df:a5:14:db:a2:33:99:8b:da:e8:d1:10:03:
         d4:33:66:9d:fb:a0:45:0d:db:df:72:31:07:4b:0b:d9:1b:bd:
         8d:56:d8:29:8f:c9:14:15:d8:f8:51:85:74:1c:08:10:a0:88:
         26:8d:5d:4b:3a:69:7f:20:2b:07:88:46:8b:14:4a:94:7a:d6:
         a9:3c:e4:69:de:6d:9c:91:d6:78:76:bd:2f:94:69:0b:b3:08:
         49:c9:23:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOcHBgIuAVVq9m5t2Ke2gZeqGgxgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDA1MjM1MzE5WhcNMjUwNTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTlkNDQ3NTI1ZDdkZTRlZGVhZjNhZjBlMDVkNzg1NWFh
YzJkNGRjMDdmZWUwYTM1MjBmMTQyMTU2ZTU0NDU3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxecBtOnq7mLGU4J2Kt/ZGfXHvdUNPO7xjqHZAI6Ah5Yx9
WSe7HNEy6K/Ce67fWyWGwD/WmXznbA7GQsViG/JRHKpY8YNOBJ8NDxMcMQ6vDrKg
XsJAjg/tYTQ6Xps0ZLcGi/4FgiW552p3/D6W97Z0yitBDX7o86XHIbzPOQG6RhQC
euEASs5/VLCfyFVjPrUjLJ2kfkJ+BSiQTUbh0vY/afT+erJQkEIhv3QeE7j2VhUg
v1kAYB70lN5uOIv6l+ug3Y5ex/EZ2ZhmkuGMnlFrY4evMjSDAOZ6DlCP2sMIbnlo
W3cl7FD+Hdfo4XQCxose/U5kO9zzaxivqztZJKCXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0osRg6untdlV4eteS8NSrGYoUoIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM5ZDAzZjI1LWNlODQtNDk2Yi1hNWRjLTg2NWQzZmM3MzZjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGGajxnnbdb6eLC31cfY1gYjnfSR
vOpPTom6VuLmpIdHICaEcSqXT7NNVKlW08rKnPkS9Rw2wXrbrKosGbhhJxYLO23L
/T4qS5OHD3dckvAkwiJ4/4UyDe25EEVmcEuFKif8rzrlt4ql+BO4efDe8bzo2OxF
cVkH9CREeDzgtIfmUnEop73nYf5+vhHvaGu1esVzv1/RzxwEJnAWVJaGPykUEP14
3+ha36UU26IzmYva6NEQA9QzZp37oEUN299yMQdLC9kbvY1W2CmPyRQV2PhRhXQc
CBCgiCaNXUs6aX8gKweIRosUSpR61qk85GnebZyR1nh2vS+UaQuzCEnJI+A=
-----END CERTIFICATE-----