Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/441aaca2-69ec-46e7-8187-0e503e0936e5.roa
File:                     441aaca2-69ec-46e7-8187-0e503e0936e5.roa (raw, json)
Hash identifier:          Z587Xm2XFdwS38GZAqHaUbyJ1E2LhqN+nki+kq1EMTk=
Subject key identifier:   04:F2:5B:90:DC:8C:CC:4D:23:9C:74:DB:54:F6:96:BE:AA:FB:61:1D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       01C4054AE346DD4674EDF219B2C20BF0ACF6BABF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/441aaca2-69ec-46e7-8187-0e503e0936e5.roa
Signing time:             Sun 29 Dec 2024 00:00:00 +0000
ROA not before:           Sun 29 Dec 2024 00:00:00 +0000
ROA not after:            Sun 02 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:c4:05:4a:e3:46:dd:46:74:ed:f2:19:b2:c2:0b:f0:ac:f6:ba:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 29 00:00:00 2024 GMT
            Not After : Feb  2 23:59:59 2025 GMT
        Subject: serialNumber=ff684afc0867bc68ddb561f1ddf381687dbf434da5ce791933a7efb362ce168e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:80:ec:64:d7:5a:48:28:5a:07:43:bd:a6:38:
                    54:be:82:18:3f:cd:ac:ef:cb:20:58:8c:6a:90:7b:
                    d7:10:ee:08:88:76:44:69:a2:f0:09:b6:a7:f1:84:
                    14:12:6e:dd:3d:e6:eb:39:84:c3:e1:01:84:70:37:
                    41:bf:8b:b8:01:b4:35:80:f7:cc:76:85:c4:ab:28:
                    a4:03:8a:b6:17:8c:a2:2b:0a:06:a7:48:f9:65:d6:
                    50:b0:5e:f8:28:4b:c3:8b:5a:ed:c1:4f:8b:c2:17:
                    95:da:bc:fb:ef:98:52:19:e7:73:ac:6e:01:2d:f3:
                    66:44:99:4f:da:4c:c5:8b:0e:fa:8b:c8:e4:96:93:
                    be:a4:45:26:91:6b:6c:d4:8a:3a:c6:3e:a4:ac:c4:
                    e3:21:a5:3c:28:bd:1d:b2:0b:be:cd:85:0d:4f:64:
                    b2:c5:71:74:e3:5a:83:56:c4:29:58:2b:8a:61:84:
                    f3:c2:84:43:17:e0:ef:cf:aa:8a:c1:30:fc:93:ef:
                    99:84:0b:ab:d0:d7:b3:a0:5d:5e:2a:36:6d:2e:e3:
                    36:72:6e:33:0a:df:a8:60:97:66:cb:1e:8f:96:6c:
                    62:5b:05:c5:69:08:2d:0a:6a:0c:3b:78:12:1f:e0:
                    94:5d:cc:65:e1:e8:4c:fe:83:d2:81:cf:e1:fc:b4:
                    10:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:F2:5B:90:DC:8C:CC:4D:23:9C:74:DB:54:F6:96:BE:AA:FB:61:1D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/441aaca2-69ec-46e7-8187-0e503e0936e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:02:f8:ee:d1:c8:50:4c:06:84:72:67:7d:80:a5:3b:0d:c1:
         95:83:41:fa:50:f6:97:40:a8:a3:75:f1:03:63:50:bf:ca:3b:
         29:84:c9:c6:af:f7:c4:36:03:44:89:16:31:de:c9:43:3f:7f:
         5e:97:86:82:e0:e8:af:c0:3c:31:41:62:46:a1:6d:ed:58:bd:
         8a:82:7b:e1:f1:35:27:1d:ae:c8:aa:fd:48:0c:a1:6b:ad:5e:
         a2:00:f8:24:81:23:6b:90:79:1d:9c:cd:b0:40:04:75:49:49:
         ee:f0:64:5f:89:b0:d8:38:df:de:f7:a7:ce:71:57:e1:76:33:
         4f:69:b2:17:89:9f:40:c1:58:17:08:69:2a:7e:db:47:a6:17:
         78:0a:ed:54:26:45:d6:7f:0f:d3:ba:39:12:0e:54:ec:98:2c:
         87:08:ac:f6:a1:ed:9e:0e:20:36:d7:bc:d8:d7:81:83:39:51:
         fa:09:f5:aa:31:70:8c:41:ab:12:84:0c:48:6f:7c:d3:f8:55:
         bc:68:0e:bc:b0:f9:9f:10:63:83:25:5c:df:c0:c7:70:d1:8c:
         a5:50:b0:c3:06:e1:c0:f0:6d:48:d4:44:b5:54:d4:6c:0f:b1:
         60:92:4a:51:59:39:2e:4d:7a:d8:bc:1e:0a:65:bc:c3:eb:f0:
         b8:ef:9a:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAcQFSuNG3UZ07fIZssIL8Kz2ur8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjI5MDAwMDAwWhcNMjUwMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjY4NGFmYzA4NjdiYzY4ZGRiNTYxZjFkZGYzODE2ODdk
YmY0MzRkYTVjZTc5MTkzM2E3ZWZiMzYyY2UxNjhlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5gOxk11pIKFoHQ72mOFS+ghg/zazvyyBYjGqQe9cQ7giI
dkRpovAJtqfxhBQSbt095us5hMPhAYRwN0G/i7gBtDWA98x2hcSrKKQDirYXjKIr
CganSPll1lCwXvgoS8OLWu3BT4vCF5XavPvvmFIZ53OsbgEt82ZEmU/aTMWLDvqL
yOSWk76kRSaRa2zUijrGPqSsxOMhpTwovR2yC77NhQ1PZLLFcXTjWoNWxClYK4ph
hPPChEMX4O/PqorBMPyT75mEC6vQ17OgXV4qNm0u4zZybjMK36hgl2bLHo+WbGJb
BcVpCC0Kagw7eBIf4JRdzGXh6Ez+g9KBz+H8tBBbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBPJbkNyMzE0jnHTbVPaWvqr7YR0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ0MWFhY2EyLTY5ZWMtNDZlNy04MTg3LTBlNTAzZTA5MzZlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALcC+O7RyFBMBoRyZ32ApTsNwZWD
QfpQ9pdAqKN18QNjUL/KOymEycav98Q2A0SJFjHeyUM/f16XhoLg6K/APDFBYkah
be1YvYqCe+HxNScdrsiq/UgMoWutXqIA+CSBI2uQeR2czbBABHVJSe7wZF+JsNg4
3973p85xV+F2M09psheJn0DBWBcIaSp+20emF3gK7VQmRdZ/D9O6ORIOVOyYLIcI
rPah7Z4OIDbXvNjXgYM5UfoJ9aoxcIxBqxKEDEhvfNP4VbxoDryw+Z8QY4MlXN/A
x3DRjKVQsMMG4cDwbUjURLVU1GwPsWCSSlFZOS5Neti8HgplvMPr8Ljvmi0=
-----END CERTIFICATE-----