Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/47b69444-6d5b-43d6-b983-e6e6fc5b95c2.roa
File:                     47b69444-6d5b-43d6-b983-e6e6fc5b95c2.roa (raw, json)
Hash identifier:          X0/fa5q7ZPXIerigkk4CN4aJjq0Gm8k6UGp+47FIClM=
Subject key identifier:   67:D4:0B:D1:EE:65:BD:C1:26:11:11:6E:CD:CE:61:46:73:75:A6:81
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2C660EE1A2FB7214C13BB53F4D1A9D4E96605909
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/47b69444-6d5b-43d6-b983-e6e6fc5b95c2.roa
Signing time:             Thu 13 Feb 2025 03:38:22 +0000
ROA not before:           Thu 13 Feb 2025 03:38:22 +0000
ROA not after:            Thu 20 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:66:0e:e1:a2:fb:72:14:c1:3b:b5:3f:4d:1a:9d:4e:96:60:59:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 13 03:38:22 2025 GMT
            Not After : Mar 20 23:59:59 2025 GMT
        Subject: serialNumber=548d2b47afa336d6ba8e0660aece69b675a386a5b4c69f0407c970e566ef943d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:60:92:cb:cd:02:38:d2:57:d5:1c:24:6a:68:
                    b8:a9:d7:c6:d7:cd:5f:16:39:4b:b4:1c:fe:c4:b5:
                    a7:cd:ee:e3:9a:f4:1c:e8:0e:04:e6:4c:cb:36:9a:
                    0f:86:5c:3a:70:75:f2:81:ca:b7:db:1a:d2:21:0f:
                    e1:eb:6f:bf:77:d1:9e:09:d0:57:d0:bb:d3:3a:b5:
                    bc:4b:38:94:83:c1:0f:3d:02:0c:b4:f5:d4:3f:05:
                    7b:7d:22:9f:16:b6:1e:fa:b8:51:c6:b9:ce:2c:b6:
                    18:5b:e3:06:b8:15:31:55:4b:d7:2c:3b:77:41:cd:
                    b0:38:b0:03:eb:2b:ce:ba:bc:94:ff:8b:78:d5:56:
                    1c:94:a2:d9:96:f0:d9:0a:7b:44:69:31:ca:5f:ae:
                    57:96:26:f6:55:60:b7:0c:82:03:3c:50:66:f7:88:
                    f7:47:a7:9c:89:d2:ea:51:93:74:80:3e:55:4c:b2:
                    ce:35:d0:68:55:dd:c7:1f:14:a7:f0:ed:35:ad:e2:
                    f2:ec:2d:bf:f2:d9:72:58:cd:3d:9b:14:81:c1:fe:
                    79:d1:7b:de:70:ff:3d:3a:88:ed:54:54:a3:bb:f5:
                    02:dc:a7:ea:ee:d3:a8:e7:a7:c9:c0:be:8e:78:02:
                    f7:ee:47:d0:0c:ad:6d:3b:f7:00:a3:f2:8e:25:fb:
                    14:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D4:0B:D1:EE:65:BD:C1:26:11:11:6E:CD:CE:61:46:73:75:A6:81
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/47b69444-6d5b-43d6-b983-e6e6fc5b95c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:00:1c:1e:1a:ed:78:c1:2c:7f:a6:cf:1e:d8:bc:1b:fe:b0:
         a7:1e:47:a2:6d:90:f4:ca:cf:b2:a4:be:f9:64:09:f1:74:fe:
         bb:56:3c:a6:b4:d7:2a:19:6d:6e:19:59:7e:4d:11:01:42:7b:
         5b:57:90:fc:c7:19:d3:4d:41:62:4e:5e:fb:ce:cf:f4:83:99:
         1d:72:81:f5:52:41:25:48:a9:17:a6:60:df:90:17:0d:8d:49:
         5e:2f:4a:1c:79:e3:e2:1c:7c:12:67:70:27:85:d6:ac:b4:e4:
         bf:0e:c9:e1:81:2b:fa:aa:85:69:7a:aa:16:3b:0d:ad:0f:de:
         37:73:51:ed:59:3b:4f:b9:76:d6:8f:09:b7:cf:8a:7b:3a:e2:
         52:21:2f:27:cc:ab:29:77:8b:be:12:0d:4c:56:e8:c9:39:36:
         74:89:d0:56:37:94:09:3c:03:2f:c5:8a:11:6c:a0:95:f3:f8:
         14:34:16:29:07:ee:42:d7:55:bc:26:c4:bc:cd:77:25:f0:3d:
         d9:d5:eb:8a:e7:a5:5b:18:e5:1e:74:31:1a:4d:96:23:c8:60:
         77:27:14:2c:17:de:6f:b8:b5:85:98:ae:eb:f6:c4:b4:e0:3e:
         4c:53:fa:d5:d7:33:2a:35:ed:31:37:b9:f2:14:c2:c7:86:f1:
         ee:aa:9f:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULGYO4aL7chTBO7U/TRqdTpZgWQkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjEzMDMzODIyWhcNMjUwMzIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NDhkMmI0N2FmYTMzNmQ2YmE4ZTA2NjBhZWNlNjliNjc1
YTM4NmE1YjRjNjlmMDQwN2M5NzBlNTY2ZWY5NDNkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3YJLLzQI40lfVHCRqaLip18bXzV8WOUu0HP7EtafN7uOa
9BzoDgTmTMs2mg+GXDpwdfKByrfbGtIhD+Hrb7930Z4J0FfQu9M6tbxLOJSDwQ89
Agy09dQ/BXt9Ip8Wth76uFHGuc4sthhb4wa4FTFVS9csO3dBzbA4sAPrK866vJT/
i3jVVhyUotmW8NkKe0RpMcpfrleWJvZVYLcMggM8UGb3iPdHp5yJ0upRk3SAPlVM
ss410GhV3ccfFKfw7TWt4vLsLb/y2XJYzT2bFIHB/nnRe95w/z06iO1UVKO79QLc
p+ru06jnp8nAvo54AvfuR9AMrW079wCj8o4l+xQ3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ9QL0e5lvcEmERFuzc5hRnN1poEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ3YjY5NDQ0LTZkNWItNDNkNi1iOTgzLWU2ZTZmYzViOTVjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACMAHB4a7XjBLH+mzx7YvBv+sKce
R6JtkPTKz7KkvvlkCfF0/rtWPKa01yoZbW4ZWX5NEQFCe1tXkPzHGdNNQWJOXvvO
z/SDmR1ygfVSQSVIqRemYN+QFw2NSV4vShx54+IcfBJncCeF1qy05L8OyeGBK/qq
hWl6qhY7Da0P3jdzUe1ZO0+5dtaPCbfPins64lIhLyfMqyl3i74SDUxW6Mk5NnSJ
0FY3lAk8Ay/FihFsoJXz+BQ0FikH7kLXVbwmxLzNdyXwPdnV64rnpVsY5R50MRpN
liPIYHcnFCwX3m+4tYWYruv2xLTgPkxT+tXXMyo17TE3ufIUwseG8e6qn0g=
-----END CERTIFICATE-----