Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/500152c9-ad4c-4aef-9862-a7524a133c89.roa
File:                     500152c9-ad4c-4aef-9862-a7524a133c89.roa (raw, json)
Hash identifier:          ++/VmWiU6PntwuZO5yQNHsKdAdpaTFXw58Wd66TL4X0=
Subject key identifier:   83:8D:6C:0B:C8:28:3C:90:60:D9:A7:29:E9:71:EC:07:B0:0C:62:09
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       146203307803D40CBE4859010F4FBC45970953F1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/500152c9-ad4c-4aef-9862-a7524a133c89.roa
Signing time:             Sun 16 Mar 2025 03:43:18 +0000
ROA not before:           Sun 16 Mar 2025 03:43:18 +0000
ROA not after:            Sun 20 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:62:03:30:78:03:d4:0c:be:48:59:01:0f:4f:bc:45:97:09:53:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 16 03:43:18 2025 GMT
            Not After : Apr 20 23:59:59 2025 GMT
        Subject: serialNumber=0fdf40535aa4587a371e05aca48964bdd947675b256f1a67c2f176af0723f2b1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6c:67:ed:68:fc:d7:3c:7e:11:58:0d:28:f2:
                    be:20:d4:05:b4:53:c4:0b:65:44:fd:d0:1b:10:7f:
                    03:11:7c:0b:67:8b:9d:5c:42:3e:db:d1:84:e2:1e:
                    cb:1a:b1:0b:e2:00:b9:fe:c1:ae:b0:9c:3c:20:ee:
                    21:96:d2:dc:d4:4e:8d:bd:89:66:de:c9:01:f0:12:
                    d2:c9:ea:7c:10:90:23:76:05:26:5d:24:7c:91:6b:
                    20:a2:f5:05:cd:b1:89:e4:b9:ef:3f:9c:21:39:cb:
                    1b:81:22:56:f2:1d:c4:31:50:b3:b9:88:4d:c6:0f:
                    01:a0:b7:f4:51:ca:94:3e:aa:70:d4:b8:ab:6a:1e:
                    35:ed:cc:f4:80:7e:61:5e:9a:1f:ba:0e:e5:e8:a3:
                    41:7b:4c:4f:bf:08:a8:81:9b:20:e9:fb:52:03:a7:
                    b7:54:9c:fb:17:dc:dc:6f:62:d3:39:de:c0:35:bc:
                    a1:bc:1c:8c:50:c2:09:8b:cb:8e:70:8c:bf:c8:ed:
                    7a:91:84:18:5f:a2:24:c8:b9:09:e4:3c:43:93:dd:
                    90:58:47:f0:d8:9e:6d:e2:28:9f:7a:7b:0b:46:24:
                    1a:76:44:b9:88:80:7c:77:a4:ef:0f:76:01:87:92:
                    b2:aa:63:65:9b:1a:06:db:1b:69:61:dc:82:63:84:
                    74:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:8D:6C:0B:C8:28:3C:90:60:D9:A7:29:E9:71:EC:07:B0:0C:62:09
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/500152c9-ad4c-4aef-9862-a7524a133c89.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:60:19:87:7d:2d:09:b1:cf:1e:7d:88:43:3e:93:91:89:6d:
         f1:aa:a4:da:5e:09:13:b7:d4:39:24:e1:77:aa:fc:04:a9:b5:
         70:4d:a4:09:1e:58:39:cd:85:70:eb:54:b0:71:74:c2:af:c8:
         a9:3d:eb:a5:f7:60:a9:fb:d4:6c:4d:d3:d4:04:62:b0:dc:1a:
         66:70:66:d0:b5:d8:9f:fa:5c:40:65:ba:a5:b7:d6:40:76:29:
         26:64:5d:c5:ae:07:d8:18:d3:67:72:1c:f7:4f:35:66:2b:1e:
         f1:59:f9:03:74:34:6e:bd:57:4e:08:70:57:05:a5:8b:20:19:
         d0:06:20:ab:46:f1:10:ee:77:32:52:c2:aa:13:35:35:03:bc:
         ed:20:0c:19:17:74:fc:e4:22:11:11:92:1d:04:88:b7:12:89:
         cc:9e:cf:3f:ab:d5:ec:a0:8b:b7:c6:09:a1:c7:4b:a6:e0:10:
         a8:56:3a:73:a2:ab:8e:0e:47:3d:d3:45:2c:d2:7e:91:56:52:
         f6:27:07:56:13:c0:13:9e:4b:b6:26:f9:62:f8:a8:da:2c:ae:
         18:15:41:56:ae:f6:d8:3e:27:fe:2c:09:e7:2b:62:21:e2:cc:
         8b:c0:a9:65:d8:18:7f:c9:df:12:08:01:1e:cc:04:38:8d:44:
         de:16:d6:06
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFGIDMHgD1Ay+SFkBD0+8RZcJU/EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzE2MDM0MzE4WhcNMjUwNDIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmRmNDA1MzVhYTQ1ODdhMzcxZTA1YWNhNDg5NjRiZGQ5
NDc2NzViMjU2ZjFhNjdjMmYxNzZhZjA3MjNmMmIxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNbGftaPzXPH4RWA0o8r4g1AW0U8QLZUT90BsQfwMRfAtn
i51cQj7b0YTiHssasQviALn+wa6wnDwg7iGW0tzUTo29iWbeyQHwEtLJ6nwQkCN2
BSZdJHyRayCi9QXNsYnkue8/nCE5yxuBIlbyHcQxULO5iE3GDwGgt/RRypQ+qnDU
uKtqHjXtzPSAfmFemh+6DuXoo0F7TE+/CKiBmyDp+1IDp7dUnPsX3NxvYtM53sA1
vKG8HIxQwgmLy45wjL/I7XqRhBhfoiTIuQnkPEOT3ZBYR/DYnm3iKJ96ewtGJBp2
RLmIgHx3pO8PdgGHkrKqY2WbGgbbG2lh3IJjhHR/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUg41sC8goPJBg2acp6XHsB7AMYgkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUwMDE1MmM5LWFkNGMtNGFlZi05ODYyLWE3NTI0YTEzM2M4OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAlgGYd9LQmxzx59iEM+k5GJbfGq
pNpeCRO31Dkk4Xeq/ASptXBNpAkeWDnNhXDrVLBxdMKvyKk966X3YKn71GxN09QE
YrDcGmZwZtC12J/6XEBluqW31kB2KSZkXcWuB9gY02dyHPdPNWYrHvFZ+QN0NG69
V04IcFcFpYsgGdAGIKtG8RDudzJSwqoTNTUDvO0gDBkXdPzkIhERkh0EiLcSicye
zz+r1eygi7fGCaHHS6bgEKhWOnOiq44ORz3TRSzSfpFWUvYnB1YTwBOeS7Ym+WL4
qNosrhgVQVau9tg+J/4sCecrYiHizIvAqWXYGH/J3xIIAR7MBDiNRN4W1gY=
-----END CERTIFICATE-----