Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4615adbc-f49f-476d-b25d-a54e177cef0a.roa
File:                     4615adbc-f49f-476d-b25d-a54e177cef0a.roa (raw, json)
Hash identifier:          EpBzFT6PaWp/VGjEh+kHXu5+9nHDyUkdul+AMo5/ztE=
Subject key identifier:   56:CE:A2:90:88:8B:20:A4:5E:B1:1B:B3:0F:F9:EE:9F:7F:0F:BC:05
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1B83019B2713FA133C638ED78B3CC6B61020D508
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4615adbc-f49f-476d-b25d-a54e177cef0a.roa
Signing time:             Sun 09 Mar 2025 04:18:32 +0000
ROA not before:           Sun 09 Mar 2025 04:18:32 +0000
ROA not after:            Sun 13 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:83:01:9b:27:13:fa:13:3c:63:8e:d7:8b:3c:c6:b6:10:20:d5:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  9 04:18:32 2025 GMT
            Not After : Apr 13 23:59:59 2025 GMT
        Subject: serialNumber=6fdb8e95a1984b4556f3a13881976d9fe731f9c5c2001dc9f0057dc1cb0ec519, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:56:50:bf:92:f4:14:f3:ec:9e:49:34:23:17:
                    05:fa:35:81:87:2f:1c:c7:5b:08:4c:b6:fa:bc:a0:
                    f8:f6:7b:c7:2d:71:3c:e6:2a:e5:64:e6:b4:78:e6:
                    03:97:f8:31:ee:d6:da:56:11:09:ea:a9:6b:9c:ae:
                    e7:cb:bd:d2:8a:db:4a:17:c3:2b:29:12:0e:b9:b6:
                    68:3b:56:2d:b2:50:8f:9c:94:bd:7f:8a:8b:b6:60:
                    2d:73:01:b1:5b:7a:d8:0c:12:88:62:11:e2:53:d9:
                    2a:4d:24:a4:2f:80:22:81:33:34:c6:4d:fc:7d:cf:
                    c0:65:eb:70:99:3b:72:59:1d:91:eb:b4:92:c3:27:
                    6b:2a:1c:b5:09:b1:b3:1e:5c:02:8e:60:ea:ff:97:
                    b5:35:13:c1:93:d6:b1:e6:ac:1b:0a:5a:0a:b4:2c:
                    93:1c:7c:43:72:fe:70:b4:3c:f4:3d:39:44:30:54:
                    21:8c:45:43:5e:c9:f3:7b:ed:6f:01:71:22:1a:87:
                    28:af:f6:e5:bc:ba:3c:10:27:b0:6b:92:3b:f8:18:
                    df:ac:f5:a1:6e:8b:56:e0:03:7f:ec:a0:ca:df:0b:
                    0b:ee:f6:59:cb:da:bd:03:f2:4a:64:cc:86:17:c1:
                    a0:fc:6b:de:d4:b8:13:bf:f1:56:c9:9d:e2:13:84:
                    83:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:CE:A2:90:88:8B:20:A4:5E:B1:1B:B3:0F:F9:EE:9F:7F:0F:BC:05
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4615adbc-f49f-476d-b25d-a54e177cef0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:35:e6:48:89:dd:dd:1f:f6:ab:e1:33:f1:00:97:a2:1e:0c:
         3d:40:09:a4:e3:f0:ec:b3:40:18:46:e7:8d:ea:40:0c:9b:f6:
         03:78:67:fb:17:5b:01:78:a9:90:cb:98:d4:1d:08:2b:05:7c:
         5f:b3:2f:43:c6:ff:14:00:c4:1e:10:c7:1f:02:fe:c3:46:6d:
         40:33:6f:aa:6b:45:9f:43:04:07:7a:fd:67:51:b6:c9:32:f7:
         42:07:63:9f:fd:39:d6:b5:a6:76:dd:33:db:94:b0:28:6d:ef:
         25:d2:db:80:b1:ad:ac:70:c8:27:e9:76:f5:70:6e:1a:d2:5c:
         4c:b0:4f:e7:a0:8e:c6:11:34:7a:29:fc:01:9b:eb:4d:81:a5:
         96:65:f4:10:e2:84:94:c3:ed:84:ef:82:ae:60:cc:6e:97:0a:
         ee:73:a7:19:f5:bd:4f:b3:b0:58:f7:27:b4:da:60:97:45:8c:
         7a:c6:a3:61:8b:95:2b:6e:c0:cf:23:fa:1a:d3:b0:31:c4:e8:
         80:b4:88:00:77:9a:85:d4:b6:ca:1e:8c:64:04:63:65:65:85:
         45:39:93:11:74:ae:71:18:53:f3:28:97:1c:1c:5e:41:86:c7:
         26:9e:be:04:2d:dd:08:9b:d3:df:7c:fa:b3:22:b4:90:b0:7c:
         bc:85:df:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG4MBmycT+hM8Y47XizzGthAg1QgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA5MDQxODMyWhcNMjUwNDEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZmRiOGU5NWExOTg0YjQ1NTZmM2ExMzg4MTk3NmQ5ZmU3
MzFmOWM1YzIwMDFkYzlmMDA1N2RjMWNiMGVjNTE5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRVlC/kvQU8+yeSTQjFwX6NYGHLxzHWwhMtvq8oPj2e8ct
cTzmKuVk5rR45gOX+DHu1tpWEQnqqWucrufLvdKK20oXwyspEg65tmg7Vi2yUI+c
lL1/iou2YC1zAbFbetgMEohiEeJT2SpNJKQvgCKBMzTGTfx9z8Bl63CZO3JZHZHr
tJLDJ2sqHLUJsbMeXAKOYOr/l7U1E8GT1rHmrBsKWgq0LJMcfENy/nC0PPQ9OUQw
VCGMRUNeyfN77W8BcSIahyiv9uW8ujwQJ7Brkjv4GN+s9aFui1bgA3/soMrfCwvu
9lnL2r0D8kpkzIYXwaD8a97UuBO/8VbJneIThIN3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVs6ikIiLIKResRuzD/nun38PvAUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ2MTVhZGJjLWY0OWYtNDc2ZC1iMjVkLWE1NGUxNzdjZWYwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKY15kiJ3d0f9qvhM/EAl6IeDD1A
CaTj8OyzQBhG543qQAyb9gN4Z/sXWwF4qZDLmNQdCCsFfF+zL0PG/xQAxB4Qxx8C
/sNGbUAzb6prRZ9DBAd6/WdRtsky90IHY5/9Oda1pnbdM9uUsCht7yXS24Cxraxw
yCfpdvVwbhrSXEywT+egjsYRNHop/AGb602BpZZl9BDihJTD7YTvgq5gzG6XCu5z
pxn1vU+zsFj3J7TaYJdFjHrGo2GLlStuwM8j+hrTsDHE6IC0iAB3moXUtsoejGQE
Y2VlhUU5kxF0rnEYU/MolxwcXkGGxyaevgQt3Qib0998+rMitJCwfLyF35s=
-----END CERTIFICATE-----