Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4e11df97-98cd-4bf0-83ae-ae650f67cae7.roa
File:                     4e11df97-98cd-4bf0-83ae-ae650f67cae7.roa (raw, json)
Hash identifier:          azOHip7w6I/I2NrUQUqTGEFsoAyGyZaL6D8p/9/qIe4=
Subject key identifier:   92:47:19:43:DB:3F:90:10:8A:32:B8:F9:E8:1C:61:21:02:3B:14:21
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0390638E878B89179C4DCE04C76D0B429136164D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4e11df97-98cd-4bf0-83ae-ae650f67cae7.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:90:63:8e:87:8b:89:17:9c:4d:ce:04:c7:6d:0b:42:91:36:16:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=f3f54ea6e572f6c863ea98f0d64e3cab46f6e812e7eae89dc6d3aaf03a77a8f3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e6:db:b0:a3:ba:59:a0:e9:a0:a9:d1:e6:61:
                    0a:d9:ce:85:d8:3e:21:38:ae:a7:90:7d:4c:4c:ca:
                    57:df:cf:6d:e8:c0:b2:00:2c:6a:67:ae:6f:d4:08:
                    1b:ba:13:2a:03:4a:50:ed:8b:9c:88:43:0b:a5:cb:
                    e5:4a:2f:31:9f:98:11:7b:cc:f3:73:b8:67:2f:b7:
                    f3:28:d5:dd:86:17:d1:06:ad:57:70:b7:25:09:6a:
                    73:7f:04:06:3c:86:3f:9c:b9:07:e7:87:26:89:55:
                    1b:66:93:08:02:79:fe:a4:b9:f2:a1:ed:af:d3:05:
                    ec:f5:bc:47:97:f4:cd:07:78:cb:98:06:4d:8e:b8:
                    7f:b7:f3:00:b6:67:dd:5a:ac:10:c0:4e:3b:35:23:
                    d7:07:76:bc:06:95:3c:bf:86:63:9a:9b:21:a4:5c:
                    50:95:e2:8a:6e:b4:d1:40:18:3b:08:4f:28:b7:dd:
                    8a:51:d5:46:4c:ac:47:a2:d8:b0:e8:e4:0a:db:28:
                    5c:09:79:9a:d4:3b:5e:54:cf:ce:a4:17:a8:0a:8b:
                    2e:a3:49:d0:ff:a5:81:2b:8f:8c:98:99:f0:a8:3d:
                    23:71:5e:f1:14:45:9d:99:4b:6c:58:55:5c:dd:60:
                    6f:d3:84:24:d4:5b:91:1f:44:0d:6f:2b:20:1c:94:
                    05:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:47:19:43:DB:3F:90:10:8A:32:B8:F9:E8:1C:61:21:02:3B:14:21
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4e11df97-98cd-4bf0-83ae-ae650f67cae7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:b4:6d:31:91:a6:4b:bb:42:bb:55:73:89:1a:c1:d3:34:9f:
         9d:7f:20:39:59:a6:58:65:36:ba:0e:43:32:c6:c3:7a:11:a2:
         4f:26:de:af:ba:74:ce:f8:e5:d8:b6:bf:04:fc:68:15:61:dd:
         41:7e:c8:f6:06:6d:74:b9:2d:4f:9f:6d:bf:1d:9c:26:8c:94:
         af:c3:70:d5:aa:74:2f:7f:4d:1a:c2:ba:c0:16:d8:9e:43:36:
         aa:ef:79:14:b1:0d:48:ab:f8:d0:4c:3f:2f:ce:db:2a:1e:69:
         49:aa:83:79:8f:1e:f5:29:af:a9:0d:cd:9f:2a:06:5f:e8:e1:
         07:4d:3f:45:61:d0:1b:5e:58:b0:5e:fc:7e:84:c4:48:b2:af:
         6b:e5:2a:af:44:a9:2a:78:e3:eb:ec:b2:2b:52:ca:8a:6d:d8:
         54:0b:34:13:0e:e3:3d:e0:ac:d0:99:a5:7b:3f:6f:13:f9:79:
         18:c4:80:34:f9:e5:61:95:91:f5:79:5e:dd:94:f2:7e:dc:e8:
         81:34:6b:3b:17:96:10:e0:c1:8e:e5:de:cc:05:8e:c2:7e:08:
         94:68:2a:27:5e:c6:fa:47:52:da:3f:13:d5:c0:d9:f7:a3:a0:
         e6:39:59:53:ea:4a:4a:e9:11:6e:5d:e9:e6:aa:f2:1d:6c:ef:
         2a:8e:16:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA5BjjoeLiRecTc4Ex20LQpE2Fk0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjE0MDAwMDAwWhcNMjUwMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmM2Y1NGVhNmU1NzJmNmM4NjNlYTk4ZjBkNjRlM2NhYjQ2
ZjZlODEyZTdlYWU4OWRjNmQzYWFmMDNhNzdhOGYzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDb5tuwo7pZoOmgqdHmYQrZzoXYPiE4rqeQfUxMylffz23o
wLIALGpnrm/UCBu6EyoDSlDti5yIQwuly+VKLzGfmBF7zPNzuGcvt/Mo1d2GF9EG
rVdwtyUJanN/BAY8hj+cuQfnhyaJVRtmkwgCef6kufKh7a/TBez1vEeX9M0HeMuY
Bk2OuH+38wC2Z91arBDATjs1I9cHdrwGlTy/hmOamyGkXFCV4oputNFAGDsITyi3
3YpR1UZMrEei2LDo5ArbKFwJeZrUO15Uz86kF6gKiy6jSdD/pYErj4yYmfCoPSNx
XvEURZ2ZS2xYVVzdYG/ThCTUW5EfRA1vKyAclAWvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkkcZQ9s/kBCKMrj56BxhIQI7FCEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRlMTFkZjk3LTk4Y2QtNGJmMC04M2FlLWFlNjUwZjY3Y2FlNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJC0bTGRpku7QrtVc4kawdM0n51/
IDlZplhlNroOQzLGw3oRok8m3q+6dM745di2vwT8aBVh3UF+yPYGbXS5LU+fbb8d
nCaMlK/DcNWqdC9/TRrCusAW2J5DNqrveRSxDUir+NBMPy/O2yoeaUmqg3mPHvUp
r6kNzZ8qBl/o4QdNP0Vh0BteWLBe/H6ExEiyr2vlKq9EqSp44+vssitSyopt2FQL
NBMO4z3grNCZpXs/bxP5eRjEgDT55WGVkfV5Xt2U8n7c6IE0azsXlhDgwY7l3swF
jsJ+CJRoKidexvpHUto/E9XA2fejoOY5WVPqSkrpEW5d6eaq8h1s7yqOFtg=
-----END CERTIFICATE-----