Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/50d66479-2daf-4a48-9eec-9a970a43f844.roa
File:                     50d66479-2daf-4a48-9eec-9a970a43f844.roa (raw, json)
Hash identifier:          Sf5qyqzShEeN6x+qqA6VeiSfTT0CT10GfcIkYfxw/7U=
Subject key identifier:   BE:4A:13:DB:8E:93:C8:A9:33:48:8E:D2:66:E2:DE:05:A6:2A:99:29
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2251D1E89BFF9F1BAEE0C9A0B1D4B6D4FF24EAF7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/50d66479-2daf-4a48-9eec-9a970a43f844.roa
Signing time:             Mon 03 Mar 2025 16:18:23 +0000
ROA not before:           Mon 03 Mar 2025 16:18:23 +0000
ROA not after:            Mon 07 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:51:d1:e8:9b:ff:9f:1b:ae:e0:c9:a0:b1:d4:b6:d4:ff:24:ea:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  3 16:18:23 2025 GMT
            Not After : Apr  7 23:59:59 2025 GMT
        Subject: serialNumber=cb26cb339adc6f76c4d4ce372fe3607f89441ae0011032b746ae94f8c3fd580a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ce:86:48:0b:93:b7:10:b8:61:bf:7f:89:8f:
                    13:e9:2c:85:15:22:d7:63:57:82:ec:45:e5:97:a9:
                    69:fa:c3:49:00:28:d3:24:ed:8b:16:42:6f:d1:b2:
                    2a:87:eb:4a:c0:c2:74:88:c1:f4:80:42:e1:ab:2a:
                    92:9c:a9:e5:81:37:5f:97:10:56:a5:08:42:7a:89:
                    3c:17:c3:af:40:11:c5:39:30:0b:82:a7:6c:74:36:
                    a5:d9:6c:78:22:1f:6a:23:ab:ed:7c:b3:98:85:62:
                    5d:08:58:c7:82:88:2f:12:33:00:8d:8c:90:54:4f:
                    2c:8d:65:04:20:38:1a:45:0a:67:4d:14:99:4c:91:
                    d1:5c:78:80:f5:11:de:90:4d:e0:8d:c8:b8:4d:3f:
                    11:9e:34:d7:56:fe:85:fb:eb:fa:f1:1f:35:c6:01:
                    d5:57:7a:ee:11:d5:cc:97:84:29:65:73:4f:7a:d6:
                    8f:06:e0:bd:7d:fd:e2:1b:07:0d:40:4f:95:72:32:
                    7f:74:ea:6c:3c:4f:a8:72:86:f8:53:ff:89:58:de:
                    9a:17:e4:cc:d2:c6:bd:97:7b:2b:38:9c:29:6d:a6:
                    b9:62:e1:a6:d8:d9:86:bd:9a:57:9f:11:73:57:8f:
                    db:9d:fc:30:e6:34:09:0b:f9:82:74:58:e1:0b:0e:
                    99:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:4A:13:DB:8E:93:C8:A9:33:48:8E:D2:66:E2:DE:05:A6:2A:99:29
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/50d66479-2daf-4a48-9eec-9a970a43f844.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:a0:59:f4:f3:2b:7d:37:ab:67:46:1e:1d:a2:3d:9c:ff:b2:
         34:44:4f:66:5d:74:fd:92:5a:72:56:ed:ed:45:0d:2f:ff:04:
         62:6d:2f:26:4f:f4:81:dd:49:7e:1a:6e:30:67:ec:aa:ce:17:
         38:fc:05:70:61:dc:8a:eb:00:a2:32:7b:47:e9:d4:a4:a0:c9:
         93:3b:c1:74:a2:a8:6a:64:b4:25:fe:7c:cf:13:33:9f:2e:58:
         27:5e:45:f8:9c:7b:97:73:d8:92:0a:a8:79:b6:7e:66:9e:04:
         59:fd:58:a0:ad:ea:c6:c2:8b:ca:4a:38:65:1d:75:3f:0d:70:
         b4:5c:05:12:b7:1c:75:28:0d:b7:60:85:98:ed:cf:91:17:1d:
         29:17:e3:74:c3:ea:41:2e:f2:01:a9:e5:1e:46:27:e8:b0:24:
         b4:18:60:ab:e1:3e:de:79:cc:42:98:59:73:8b:68:a0:71:44:
         f4:68:18:4a:d7:38:f2:c6:78:b3:98:d2:a8:e7:94:9c:30:5d:
         62:c5:51:50:de:cb:d5:10:b3:4a:92:bb:7c:49:ce:84:84:1d:
         8d:e5:fb:fd:cf:de:e8:d7:45:97:12:e9:fc:a0:c4:60:2c:e4:
         1b:60:9a:40:b0:d3:6e:6e:d6:f7:fc:ce:fe:ad:5f:8a:1a:9f:
         92:65:75:49
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIlHR6Jv/nxuu4MmgsdS21P8k6vcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzAzMTYxODIzWhcNMjUwNDA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjI2Y2IzMzlhZGM2Zjc2YzRkNGNlMzcyZmUzNjA3Zjg5
NDQxYWUwMDExMDMyYjc0NmFlOTRmOGMzZmQ1ODBhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSzoZIC5O3ELhhv3+JjxPpLIUVItdjV4LsReWXqWn6w0kA
KNMk7YsWQm/RsiqH60rAwnSIwfSAQuGrKpKcqeWBN1+XEFalCEJ6iTwXw69AEcU5
MAuCp2x0NqXZbHgiH2ojq+18s5iFYl0IWMeCiC8SMwCNjJBUTyyNZQQgOBpFCmdN
FJlMkdFceID1Ed6QTeCNyLhNPxGeNNdW/oX76/rxHzXGAdVXeu4R1cyXhCllc096
1o8G4L19/eIbBw1AT5VyMn906mw8T6hyhvhT/4lY3poX5MzSxr2Xeys4nCltprli
4abY2Ya9mlefEXNXj9ud/DDmNAkL+YJ0WOELDpkzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvkoT246TyKkzSI7SZuLeBaYqmSkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUwZDY2NDc5LTJkYWYtNGE0OC05ZWVjLTlhOTcwYTQzZjg0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEKgWfTzK303q2dGHh2iPZz/sjRE
T2ZddP2SWnJW7e1FDS//BGJtLyZP9IHdSX4abjBn7KrOFzj8BXBh3IrrAKIye0fp
1KSgyZM7wXSiqGpktCX+fM8TM58uWCdeRfice5dz2JIKqHm2fmaeBFn9WKCt6sbC
i8pKOGUddT8NcLRcBRK3HHUoDbdghZjtz5EXHSkX43TD6kEu8gGp5R5GJ+iwJLQY
YKvhPt55zEKYWXOLaKBxRPRoGErXOPLGeLOY0qjnlJwwXWLFUVDey9UQs0qSu3xJ
zoSEHY3l+/3P3ujXRZcS6fygxGAs5BtgmkCw025u1vf8zv6tX4oan5JldUk=
-----END CERTIFICATE-----