Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/43e1319d-126f-4cb8-8b30-ff62f82d3ad2.roa
File:                     43e1319d-126f-4cb8-8b30-ff62f82d3ad2.roa (raw, json)
Hash identifier:          LnxzbzbQXc6WFJdAwjajULzR+OSAHkXP5FoCuAJF0JQ=
Subject key identifier:   F1:44:69:91:3F:AD:96:7B:59:EB:D7:6F:75:AE:26:51:3D:84:98:16
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3DC5305DEE478DB64CBAF9C0A7B0654C2A956E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/43e1319d-126f-4cb8-8b30-ff62f82d3ad2.roa
Signing time:             Sun 16 Mar 2025 02:13:15 +0000
ROA not before:           Sun 16 Mar 2025 02:13:15 +0000
ROA not after:            Sun 20 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:c5:30:5d:ee:47:8d:b6:4c:ba:f9:c0:a7:b0:65:4c:2a:95:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 16 02:13:15 2025 GMT
            Not After : Apr 20 23:59:59 2025 GMT
        Subject: serialNumber=ffacdef4d723f90bd779eff1d59803b4ed09f3637b05edfb91eb3b14cc44d190, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ce:69:c1:d1:03:b6:86:a8:fe:08:59:cf:ec:
                    4a:f9:76:ac:2e:20:c1:9c:d4:c4:2b:b3:36:f3:b8:
                    a7:a3:37:fa:8e:e0:1d:d0:96:c4:02:3e:26:02:4e:
                    28:d6:9e:7a:03:49:0c:0c:55:8f:07:c1:46:61:f3:
                    e7:98:9e:2b:65:e4:18:e8:df:7b:e8:ec:a8:97:be:
                    ce:74:6e:c1:9f:39:d5:de:29:61:32:fe:d0:38:0e:
                    f4:81:77:25:73:03:22:c2:ed:d2:d9:7a:96:03:75:
                    f3:ca:a8:09:3e:70:5a:f1:46:c9:04:a5:7e:d7:e6:
                    6f:a9:42:5f:5b:bd:4e:09:83:75:bd:1e:9b:92:a8:
                    5a:79:f6:04:48:3b:cd:92:0c:b5:65:3f:d6:e9:82:
                    8b:a2:5b:2e:07:62:a1:44:ae:d0:20:7a:19:6b:3b:
                    c6:97:42:28:00:d8:41:47:6b:c7:ad:8f:2b:c8:53:
                    20:0c:34:08:cf:21:d1:20:98:fe:43:04:d5:24:78:
                    d0:77:7c:80:be:43:27:23:48:3f:3f:09:e2:14:26:
                    22:22:8b:b7:9c:25:38:8a:32:49:bc:40:44:f2:02:
                    06:fe:2b:b0:32:87:f6:76:57:ba:06:b0:f2:9f:a8:
                    29:28:f0:20:d1:d8:15:28:46:71:37:d5:02:bd:87:
                    4a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:44:69:91:3F:AD:96:7B:59:EB:D7:6F:75:AE:26:51:3D:84:98:16
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/43e1319d-126f-4cb8-8b30-ff62f82d3ad2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:88:bb:1d:f3:f2:d1:bb:07:8d:52:cd:8e:dc:9b:1c:a8:6d:
         91:55:d8:ad:85:cc:b7:9e:27:46:ee:0f:0a:fc:03:3e:46:36:
         78:d6:93:b0:15:a0:f1:81:35:df:07:dd:b7:69:b0:0a:ca:53:
         c2:fa:67:aa:f0:64:96:d6:e6:82:01:39:77:08:5f:c0:22:f1:
         a9:ce:ee:99:d7:fc:e7:4c:e3:e6:c4:14:23:1a:95:59:45:35:
         54:be:6d:14:97:1f:8e:2b:da:97:2a:dc:79:5a:04:d3:a5:cd:
         3b:1a:8f:93:ea:b6:8a:df:6d:5c:0b:45:f2:18:77:b2:5a:94:
         ed:bb:ae:7f:80:f5:b3:a8:04:c8:6d:09:71:b1:53:75:6b:41:
         ea:a3:67:11:40:c0:8c:c6:60:c1:a9:cf:c2:a4:06:80:24:19:
         a5:17:5e:75:2b:3b:6c:00:45:d0:26:2a:10:a2:ab:36:05:53:
         0a:35:7d:5d:e3:ee:dc:06:80:58:75:99:61:4e:fe:5c:ef:67:
         a6:76:13:28:45:73:09:9e:4e:b0:2b:ee:fd:bf:86:fe:df:f4:
         19:01:c7:f5:d2:99:9d:dc:c1:2c:70:67:42:04:9b:f8:dd:1f:
         d8:cd:ed:50:52:d3:d8:d8:41:55:cd:8e:76:12:2a:17:e6:2d:
         1f:42:13:6a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITPcUwXe5HjbZMuvnAp7BlTCqVbjANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjY2MmNlMTRlOTA1ZTE4ZWJjYjc1MjJm
OTJiMzY4NGJjNDg2NWI0ZDAeFw0yNTAzMTYwMjEzMTVaFw0yNTA0MjAyMzU5NTla
MHoxSTBHBgNVBAUTQGZmYWNkZWY0ZDcyM2Y5MGJkNzc5ZWZmMWQ1OTgwM2I0ZWQw
OWYzNjM3YjA1ZWRmYjkxZWIzYjE0Y2M0NGQxOTAxLTArBgNVBAMTJGMwY2UyM2Vh
LTQzZmMtNGJlNC1iZWVlLWMwMTQ3ODEyMmEwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALjOacHRA7aGqP4IWc/sSvl2rC4gwZzUxCuzNvO4p6M3+o7g
HdCWxAI+JgJOKNaeegNJDAxVjwfBRmHz55ieK2XkGOjfe+jsqJe+znRuwZ851d4p
YTL+0DgO9IF3JXMDIsLt0tl6lgN188qoCT5wWvFGyQSlftfmb6lCX1u9TgmDdb0e
m5KoWnn2BEg7zZIMtWU/1umCi6JbLgdioUSu0CB6GWs7xpdCKADYQUdrx62PK8hT
IAw0CM8h0SCY/kME1SR40Hd8gL5DJyNIPz8J4hQmIiKLt5wlOIoySbxARPICBv4r
sDKH9nZXugaw8p+oKSjwINHYFShGcTfVAr2HSuMCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBTxRGmRP62We1nr1291riZRPYSYFjAfBgNVHSMEGDAWgBRVqN1F2UQT+dGS
9Sxjzoz7xhSWuDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzE0MzNlYmZmLWRm
ZDYtNGM1Yy1iN2ZmLTk5Yzg1MTM5ZDRhOC8yNzhhYWI4NzhmMjY2MmNlMTRlOTA1
ZTE4ZWJjYjc1MjJmOTJiMzY4NGJjNDg2NWI0ZC5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8xNmYxZmZlZS03NDYxLTQ2NzQtYmIwNS1mZGRl
ZmE5YTAyYzYvNDNlMTMxOWQtMTI2Zi00Y2I4LThiMzAtZmY2MmY4MmQzYWQyLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUt
ZmRkZWZhOWEwMmM2L0ptTE9GT2tGNFk2OHQxSXZrck5vUzhTR1cwMC5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMckeDANBgkqhkiG9w0BAQsFAAOCAQEAX4i7HfPy0bsHjVLNjtybHKhtkVXY
rYXMt54nRu4PCvwDPkY2eNaTsBWg8YE13wfdt2mwCspTwvpnqvBkltbmggE5dwhf
wCLxqc7umdf850zj5sQUIxqVWUU1VL5tFJcfjivalyrceVoE06XNOxqPk+q2it9t
XAtF8hh3slqU7buuf4D1s6gEyG0JcbFTdWtB6qNnEUDAjMZgwanPwqQGgCQZpRde
dSs7bABF0CYqEKKrNgVTCjV9XePu3AaAWHWZYU7+XO9npnYTKEVzCZ5OsCvu/b+G
/t/0GQHH9dKZndzBLHBnQgSb+N0f2M3tUFLT2NhBVc2OdhIqF+YtH0ITag==
-----END CERTIFICATE-----