Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/45261c27-63f9-4e7e-98ab-f0ab39a71d42.roa
File:                     45261c27-63f9-4e7e-98ab-f0ab39a71d42.roa (raw, json)
Hash identifier:          PlkqTvaj6BaPyZVA75hdSc/auFs/CQkW7rb2y4STQZQ=
Subject key identifier:   5D:0C:DD:C2:0E:94:0F:19:F8:56:7E:EF:F2:85:27:F7:C0:9F:8D:7F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3007C8E44A7247807703911299ABF770A3775195
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/45261c27-63f9-4e7e-98ab-f0ab39a71d42.roa
Signing time:             Mon 03 Feb 2025 00:00:00 +0000
ROA not before:           Mon 03 Feb 2025 00:00:00 +0000
ROA not after:            Mon 10 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:07:c8:e4:4a:72:47:80:77:03:91:12:99:ab:f7:70:a3:77:51:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  3 00:00:00 2025 GMT
            Not After : Mar 10 23:59:59 2025 GMT
        Subject: serialNumber=056c0f3a38b4c21a86fa700cb4d8ae3eb2124183ce392fc03930f76c13c2ad0f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:20:64:27:6d:d9:0f:33:61:6b:cc:07:bf:68:
                    c0:5b:64:12:5f:2d:01:b4:ab:60:c8:ad:e6:96:6f:
                    3a:61:ad:6b:ef:51:27:a2:0d:16:3c:ee:af:c4:2e:
                    81:64:96:0c:90:e0:b2:c6:5c:ef:37:c4:7a:d4:fc:
                    56:6d:de:12:70:73:71:aa:4b:2b:19:bd:59:e4:6f:
                    d4:37:ff:e1:7f:83:03:f3:98:07:88:0f:4d:31:63:
                    23:f2:80:35:31:bd:09:9a:97:37:31:f7:a4:b3:3f:
                    53:71:e8:0f:e0:9e:51:bd:ab:eb:a3:0d:c9:ff:12:
                    b2:c8:29:74:7e:dc:5c:f4:ed:83:ab:ff:1e:ba:62:
                    39:05:4b:ad:26:ab:ae:9b:e8:5e:0b:80:5b:60:87:
                    95:f1:55:1d:a7:fe:6f:32:00:32:44:a8:87:af:b5:
                    38:7d:41:d7:a6:cd:77:d3:63:8b:e8:2d:32:fe:2d:
                    c1:9b:40:24:47:8b:e2:e6:13:32:0f:8e:6c:e0:24:
                    43:aa:86:10:53:6a:9a:97:5b:4b:f3:eb:66:d8:0d:
                    c2:d4:bf:ed:9d:6d:60:8a:1e:f3:bd:f9:bd:e4:f5:
                    c2:71:dd:d5:f6:8c:fb:1d:39:c9:1c:c5:7f:26:3e:
                    57:dd:f0:18:40:fa:66:0c:fe:5b:5c:73:dc:e7:37:
                    be:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:0C:DD:C2:0E:94:0F:19:F8:56:7E:EF:F2:85:27:F7:C0:9F:8D:7F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/45261c27-63f9-4e7e-98ab-f0ab39a71d42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:8b:2b:7e:d4:11:c3:68:d5:ff:ba:de:e0:fe:c9:d7:ec:66:
         f2:54:42:86:95:97:8f:8e:d2:7d:12:e7:28:11:d4:c1:15:1a:
         39:05:9e:da:98:1a:9b:6d:f4:55:91:af:4d:ae:72:11:f6:96:
         ab:7d:a5:85:1c:28:8e:31:4f:cf:bf:ec:87:53:0d:0c:ab:c5:
         b9:0d:0d:1e:73:dd:1f:93:a8:28:6b:37:f8:bd:ab:26:1e:f1:
         91:54:a7:b2:ab:d2:e5:6e:4b:03:0e:6c:70:d2:18:8c:4e:6f:
         09:e1:7e:27:50:59:4e:f5:d8:e7:fd:1f:49:61:69:ef:63:fb:
         c4:82:54:2e:4f:20:70:11:a9:de:1b:82:6a:51:c6:51:8c:fa:
         fc:ca:d8:72:47:df:66:7c:e0:d8:67:30:ae:74:92:5c:50:90:
         0c:85:d2:8d:bf:b1:7a:de:26:9e:94:fd:06:d7:40:48:6c:4c:
         f2:f6:b2:f9:4c:52:cd:bd:15:6e:b8:26:ad:bc:ec:b4:e4:a1:
         07:61:5f:35:4e:32:e0:da:e4:51:1b:6f:75:0d:ef:cb:f8:e5:
         92:71:41:e1:ae:57:d7:4a:88:b2:f2:91:80:e3:d4:5e:28:70:
         b4:65:97:88:90:29:9a:2b:d0:4e:a7:b5:8e:7d:c7:54:75:2b:
         42:68:7b:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMAfI5EpyR4B3A5ESmav3cKN3UZUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjAzMDAwMDAwWhcNMjUwMzEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTZjMGYzYTM4YjRjMjFhODZmYTcwMGNiNGQ4YWUzZWIy
MTI0MTgzY2UzOTJmYzAzOTMwZjc2YzEzYzJhZDBmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqIGQnbdkPM2FrzAe/aMBbZBJfLQG0q2DIreaWbzphrWvv
USeiDRY87q/ELoFklgyQ4LLGXO83xHrU/FZt3hJwc3GqSysZvVnkb9Q3/+F/gwPz
mAeID00xYyPygDUxvQmalzcx96SzP1Nx6A/gnlG9q+ujDcn/ErLIKXR+3Fz07YOr
/x66YjkFS60mq66b6F4LgFtgh5XxVR2n/m8yADJEqIevtTh9QdemzXfTY4voLTL+
LcGbQCRHi+LmEzIPjmzgJEOqhhBTapqXW0vz62bYDcLUv+2dbWCKHvO9+b3k9cJx
3dX2jPsdOckcxX8mPlfd8BhA+mYM/ltcc9znN77hAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXQzdwg6UDxn4Vn7v8oUn98CfjX8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ1MjYxYzI3LTYzZjktNGU3ZS05OGFiLWYwYWIzOWE3MWQ0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJCLK37UEcNo1f+63uD+ydfsZvJU
QoaVl4+O0n0S5ygR1MEVGjkFntqYGptt9FWRr02uchH2lqt9pYUcKI4xT8+/7IdT
DQyrxbkNDR5z3R+TqChrN/i9qyYe8ZFUp7Kr0uVuSwMObHDSGIxObwnhfidQWU71
2Of9H0lhae9j+8SCVC5PIHARqd4bgmpRxlGM+vzK2HJH32Z84NhnMK50klxQkAyF
0o2/sXreJp6U/QbXQEhsTPL2svlMUs29FW64Jq287LTkoQdhXzVOMuDa5FEbb3UN
78v45ZJxQeGuV9dKiLLykYDj1F4ocLRll4iQKZor0E6ntY59x1R1K0Joe6M=
-----END CERTIFICATE-----