Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/400680eb-8845-4df0-b780-5f859aa56ad0.roa
File:                     400680eb-8845-4df0-b780-5f859aa56ad0.roa (raw, json)
Hash identifier:          HqCNDc7AF/UR7AWjxjG5BKvgecuXvGY9N1Bpr/Yzalk=
Subject key identifier:   0A:70:0B:2B:1B:DF:CD:F0:26:7F:F0:32:B0:37:29:B8:4F:05:30:8B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4B4AD6097DAB41335DC5675370ADAE408DEEDE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/400680eb-8845-4df0-b780-5f859aa56ad0.roa
Signing time:             Mon 10 Feb 2025 00:00:00 +0000
ROA not before:           Mon 10 Feb 2025 00:00:00 +0000
ROA not after:            Mon 17 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:4a:d6:09:7d:ab:41:33:5d:c5:67:53:70:ad:ae:40:8d:ee:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 10 00:00:00 2025 GMT
            Not After : Mar 17 23:59:59 2025 GMT
        Subject: serialNumber=3120472c686d05b916eb663cf0eb076cbc1490ccd510bbde4f2e6e4d5f29c45c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cc:b0:da:99:2e:2e:14:ce:ae:bb:fb:5c:80:
                    44:9c:5d:4d:6c:02:24:5b:b4:9f:81:30:97:82:6b:
                    2b:46:83:b9:df:2b:2f:16:de:dd:90:72:00:96:ad:
                    3a:6b:87:e8:c7:fc:6e:73:a3:ae:51:eb:09:70:a1:
                    14:1b:c9:50:02:8a:e8:ac:cc:fd:d8:0d:a0:80:65:
                    33:fc:3f:d1:30:05:d0:70:a5:dd:c8:61:3d:55:ed:
                    5b:fb:eb:5c:21:24:2d:38:9d:94:ac:79:ca:66:40:
                    e9:5f:08:a5:10:1d:9f:54:dd:d8:38:d1:10:b0:25:
                    31:1d:f8:b7:89:2e:7b:0f:2e:97:95:9d:41:12:50:
                    17:e1:ed:29:b2:1a:a6:c1:cb:34:93:7a:f7:a2:1e:
                    95:78:09:84:42:eb:3d:af:01:d4:cf:5c:0b:60:88:
                    81:dc:2b:cf:20:a4:cc:cf:52:1e:71:1d:4b:e4:c9:
                    54:39:9d:01:58:b2:de:85:e9:7f:a8:35:43:f4:4e:
                    f7:ed:53:1a:0b:5d:d2:2b:e6:2e:2e:01:43:df:74:
                    68:a1:26:20:f6:e7:cf:22:4f:8e:d0:e0:fe:7c:12:
                    c9:bf:19:44:c8:ef:dd:28:2a:f4:33:d7:aa:bd:67:
                    57:6e:29:58:1f:71:34:36:58:9f:6f:e8:50:c4:42:
                    88:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:70:0B:2B:1B:DF:CD:F0:26:7F:F0:32:B0:37:29:B8:4F:05:30:8B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/400680eb-8845-4df0-b780-5f859aa56ad0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:9a:30:1f:27:ad:b5:ce:dd:3e:3e:0d:61:75:2a:14:b0:4b:
         bb:bf:cb:f3:89:b5:05:2c:5e:93:06:91:b1:f3:15:4a:65:45:
         30:ac:b9:24:3f:ce:49:7f:58:e5:59:57:24:0a:6d:3a:4c:98:
         ae:73:db:51:08:b4:52:1f:fe:cd:ce:70:fa:4e:2c:13:56:6e:
         02:36:f4:76:51:e1:78:f6:f9:b9:9c:9e:f7:63:32:8f:81:c2:
         8a:2e:8f:5e:59:17:45:59:ea:55:ae:6f:a4:a8:e8:35:3a:57:
         fc:42:5a:0d:be:80:8f:b9:c6:1a:8e:1f:0f:70:ca:44:75:b9:
         2f:c4:ea:65:c1:5d:5e:01:09:f7:60:a0:1b:3a:30:c8:d2:aa:
         cc:66:09:23:d8:88:bb:06:8d:a6:f7:69:2e:07:39:00:3c:56:
         89:e9:89:a6:36:cd:d1:27:47:10:79:68:32:bb:4f:5b:f2:4d:
         31:2b:da:b5:7d:a5:a0:76:e6:24:e9:37:e8:47:18:59:f9:a8:
         d3:0b:1c:ba:6c:de:57:36:3a:81:4c:97:84:3e:d7:a0:e8:99:
         f0:7f:60:5c:62:f5:97:58:95:d8:22:2d:d8:84:91:b4:09:f9:
         f1:8d:62:82:02:eb:00:e4:32:d7:35:19:93:58:91:50:e2:a3:
         24:85:27:bb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITS0rWCX2rQTNdxWdTcK2uQI3u3jANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjY2MmNlMTRlOTA1ZTE4ZWJjYjc1MjJm
OTJiMzY4NGJjNDg2NWI0ZDAeFw0yNTAyMTAwMDAwMDBaFw0yNTAzMTcyMzU5NTla
MHoxSTBHBgNVBAUTQDMxMjA0NzJjNjg2ZDA1YjkxNmViNjYzY2YwZWIwNzZjYmMx
NDkwY2NkNTEwYmJkZTRmMmU2ZTRkNWYyOWM0NWMxLTArBgNVBAMTJGMwY2UyM2Vh
LTQzZmMtNGJlNC1iZWVlLWMwMTQ3ODEyMmEwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKDMsNqZLi4Uzq67+1yARJxdTWwCJFu0n4Ewl4JrK0aDud8r
Lxbe3ZByAJatOmuH6Mf8bnOjrlHrCXChFBvJUAKK6KzM/dgNoIBlM/w/0TAF0HCl
3chhPVXtW/vrXCEkLTidlKx5ymZA6V8IpRAdn1Td2DjRELAlMR34t4kuew8ul5Wd
QRJQF+HtKbIapsHLNJN696IelXgJhELrPa8B1M9cC2CIgdwrzyCkzM9SHnEdS+TJ
VDmdAViy3oXpf6g1Q/RO9+1TGgtd0ivmLi4BQ990aKEmIPbnzyJPjtDg/nwSyb8Z
RMjv3Sgq9DPXqr1nV24pWB9xNDZYn2/oUMRCiDMCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBQKcAsrG9/N8CZ/8DKwNym4TwUwizAfBgNVHSMEGDAWgBRVqN1F2UQT+dGS
9Sxjzoz7xhSWuDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzE0MzNlYmZmLWRm
ZDYtNGM1Yy1iN2ZmLTk5Yzg1MTM5ZDRhOC8yNzhhYWI4NzhmMjY2MmNlMTRlOTA1
ZTE4ZWJjYjc1MjJmOTJiMzY4NGJjNDg2NWI0ZC5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8xNmYxZmZlZS03NDYxLTQ2NzQtYmIwNS1mZGRl
ZmE5YTAyYzYvNDAwNjgwZWItODg0NS00ZGYwLWI3ODAtNWY4NTlhYTU2YWQwLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUt
ZmRkZWZhOWEwMmM2L0ptTE9GT2tGNFk2OHQxSXZrck5vUzhTR1cwMC5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMckeDANBgkqhkiG9w0BAQsFAAOCAQEAsJowHyettc7dPj4NYXUqFLBLu7/L
84m1BSxekwaRsfMVSmVFMKy5JD/OSX9Y5VlXJAptOkyYrnPbUQi0Uh/+zc5w+k4s
E1ZuAjb0dlHhePb5uZye92Myj4HCii6PXlkXRVnqVa5vpKjoNTpX/EJaDb6Aj7nG
Go4fD3DKRHW5L8TqZcFdXgEJ92CgGzowyNKqzGYJI9iIuwaNpvdpLgc5ADxWiemJ
pjbN0SdHEHloMrtPW/JNMSvatX2loHbmJOk36EcYWfmo0wscumzeVzY6gUyXhD7X
oOiZ8H9gXGL1l1iV2CIt2ISRtAn58Y1iggLrAOQy1zUZk1iRUOKjJIUnuw==
-----END CERTIFICATE-----