Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/49bfb7e4-33c7-4162-8a4c-46bafe052d2a.roa
File:                     49bfb7e4-33c7-4162-8a4c-46bafe052d2a.roa (raw, json)
Hash identifier:          /6vvGLWWAPINayFwLN7iEp3VGgKoEtnzlbHAnrcvZNE=
Subject key identifier:   66:DE:4A:8A:00:4A:B0:9F:67:B8:CC:9E:14:29:78:4E:31:99:9C:76
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1A18A6EE58FA0C703E454449B9788530280D91A2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/49bfb7e4-33c7-4162-8a4c-46bafe052d2a.roa
Signing time:             Thu 13 Mar 2025 17:58:23 +0000
ROA not before:           Thu 13 Mar 2025 17:58:23 +0000
ROA not after:            Thu 17 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:18:a6:ee:58:fa:0c:70:3e:45:44:49:b9:78:85:30:28:0d:91:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 13 17:58:23 2025 GMT
            Not After : Apr 17 23:59:59 2025 GMT
        Subject: serialNumber=648f23aa04fa5ac7b507b1f35e0a9930537fc110acb7aef35ee43aad3720e1e7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b2:b3:46:28:29:d9:dc:6d:4a:c7:ff:62:93:
                    69:05:fa:24:03:0b:ee:bf:a7:a9:e8:de:af:1f:bb:
                    0d:43:08:24:a5:9a:f4:19:e2:41:80:28:3a:d3:06:
                    3e:4d:65:06:25:8d:10:31:6c:79:0d:33:0c:a0:eb:
                    56:3e:a3:e0:dd:11:2f:74:6c:7e:77:45:6c:bc:2b:
                    2f:7c:7c:66:7f:0b:9a:e1:12:5a:af:7f:b7:c5:0e:
                    e0:46:35:2e:1e:a7:95:21:0e:8c:11:f9:d6:71:eb:
                    c7:1c:fd:e8:84:ad:a5:6e:35:71:61:c0:69:fc:58:
                    da:08:f6:85:30:c5:b2:83:a3:23:1a:e8:10:38:15:
                    cc:bf:aa:06:33:30:88:02:4b:1b:ee:49:ec:0a:64:
                    39:8e:5e:1e:54:98:f5:4a:17:82:55:60:34:b3:3c:
                    85:a5:fa:e6:bd:94:32:26:b6:9d:0a:60:43:4b:9f:
                    b4:f2:21:dc:48:15:f7:25:1c:70:4f:2c:1c:53:35:
                    c7:8f:db:dc:08:d1:e6:76:f8:71:ef:aa:50:3a:be:
                    67:53:1e:84:89:17:3c:b7:ea:76:3c:66:35:c1:51:
                    cd:89:8b:35:8a:1c:03:fd:71:09:7b:47:2b:23:4e:
                    22:3a:1d:cc:83:20:67:e7:cb:d1:c9:31:d4:4c:9d:
                    9d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:DE:4A:8A:00:4A:B0:9F:67:B8:CC:9E:14:29:78:4E:31:99:9C:76
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/49bfb7e4-33c7-4162-8a4c-46bafe052d2a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:e6:e8:1f:c9:9c:2b:b3:a7:e6:bb:86:9c:f5:d0:c3:6e:1f:
         ba:a1:75:f4:00:6a:24:99:27:54:7b:09:9f:36:58:bb:91:e3:
         c8:54:91:90:57:6c:94:dd:ab:1c:50:e4:13:8a:b7:4a:47:fa:
         8a:30:7c:c2:91:d9:c2:2e:9d:c8:06:91:b9:17:69:7b:f4:e7:
         5f:9e:e0:26:8e:0c:3e:56:13:6d:49:3c:63:be:c9:15:89:86:
         af:ce:84:e1:c4:eb:e2:0d:de:7d:f1:78:c8:4f:42:e7:91:4b:
         04:14:ed:d2:29:e0:7a:78:8e:4d:85:50:47:14:08:0d:2e:75:
         94:12:e5:56:c3:6b:41:d6:b2:90:ef:4d:de:15:9e:8d:5e:b1:
         e9:cb:7b:c0:76:ef:7a:54:b6:74:99:8f:65:62:e6:f5:7d:42:
         93:93:5e:88:bd:17:8f:52:53:a8:8e:55:11:59:34:77:51:9d:
         2b:99:75:19:17:e5:ba:a8:9b:46:48:bc:20:74:a3:98:06:60:
         39:e1:2d:e9:e8:ce:1f:0b:77:ca:2e:f5:8a:01:f7:1d:b8:af:
         b5:4e:31:1c:9b:ea:54:a0:47:4a:56:1d:0b:88:9d:f4:f3:f7:
         00:eb:a3:f4:42:4a:20:46:9c:4b:78:99:9f:01:50:ee:8f:5f:
         72:c6:f8:6d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGhim7lj6DHA+RURJuXiFMCgNkaIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzEzMTc1ODIzWhcNMjUwNDE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NDhmMjNhYTA0ZmE1YWM3YjUwN2IxZjM1ZTBhOTkzMDUz
N2ZjMTEwYWNiN2FlZjM1ZWU0M2FhZDM3MjBlMWU3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCesrNGKCnZ3G1Kx/9ik2kF+iQDC+6/p6no3q8fuw1DCCSl
mvQZ4kGAKDrTBj5NZQYljRAxbHkNMwyg61Y+o+DdES90bH53RWy8Ky98fGZ/C5rh
Elqvf7fFDuBGNS4ep5UhDowR+dZx68cc/eiEraVuNXFhwGn8WNoI9oUwxbKDoyMa
6BA4Fcy/qgYzMIgCSxvuSewKZDmOXh5UmPVKF4JVYDSzPIWl+ua9lDImtp0KYENL
n7TyIdxIFfclHHBPLBxTNceP29wI0eZ2+HHvqlA6vmdTHoSJFzy36nY8ZjXBUc2J
izWKHAP9cQl7RysjTiI6HcyDIGfny9HJMdRMnZ2BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZt5KigBKsJ9nuMyeFCl4TjGZnHYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ5YmZiN2U0LTMzYzctNDE2Mi04YTRjLTQ2YmFmZTA1MmQyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAATm6B/JnCuzp+a7hpz10MNuH7qh
dfQAaiSZJ1R7CZ82WLuR48hUkZBXbJTdqxxQ5BOKt0pH+oowfMKR2cIuncgGkbkX
aXv051+e4CaODD5WE21JPGO+yRWJhq/OhOHE6+IN3n3xeMhPQueRSwQU7dIp4Hp4
jk2FUEcUCA0udZQS5VbDa0HWspDvTd4Vno1esenLe8B273pUtnSZj2Vi5vV9QpOT
Xoi9F49SU6iOVRFZNHdRnSuZdRkX5bqom0ZIvCB0o5gGYDnhLenozh8Ld8ou9YoB
9x24r7VOMRyb6lSgR0pWHQuInfTz9wDro/RCSiBGnEt4mZ8BUO6PX3LG+G0=
-----END CERTIFICATE-----