Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/549ef6bc-b35c-4e1f-8bdd-0c314e6eeb13.roa
File:                     549ef6bc-b35c-4e1f-8bdd-0c314e6eeb13.roa (raw, json)
Hash identifier:          EkGptGDQ5T38ZCmEsCWVJW9vXBA+nbdhXlRmlo1wYU0=
Subject key identifier:   18:71:5C:26:2C:0A:D1:BE:3A:1A:B2:F5:0C:32:D0:07:28:F8:C1:8C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1E31505430EE9FEEE173D7EBBD48AA87E6E60E40
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/549ef6bc-b35c-4e1f-8bdd-0c314e6eeb13.roa
Signing time:             Thu 06 Feb 2025 00:00:00 +0000
ROA not before:           Thu 06 Feb 2025 00:00:00 +0000
ROA not after:            Thu 13 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:31:50:54:30:ee:9f:ee:e1:73:d7:eb:bd:48:aa:87:e6:e6:0e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  6 00:00:00 2025 GMT
            Not After : Mar 13 23:59:59 2025 GMT
        Subject: serialNumber=9dae4d6af23a088030df5350b0accd659be9093a2700ecd0bea2503e7809b44d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:79:af:e0:ab:88:93:25:b1:ba:c8:91:1f:10:
                    78:cb:f5:23:c6:72:93:96:91:4e:0c:ab:f9:f3:95:
                    86:38:61:70:f6:41:52:1c:e7:02:da:78:85:70:c8:
                    da:82:0f:a0:9a:c3:0d:a9:f2:0f:f2:2b:59:99:51:
                    a5:b8:87:8c:09:12:5a:81:41:72:60:75:44:89:43:
                    a5:85:b2:52:66:f9:62:b5:fc:f7:2b:01:55:38:5a:
                    19:ac:bd:d1:6f:7e:ce:b8:8a:50:fe:72:51:85:3f:
                    71:d1:6b:9d:1f:ec:8a:4d:62:99:8f:e4:30:11:20:
                    2f:a1:2c:c4:09:db:66:77:28:d1:78:62:a6:80:f0:
                    2b:2e:3a:24:69:a9:53:4d:27:1a:c3:17:f1:b5:e5:
                    d5:64:77:66:bb:54:df:c5:34:08:92:2a:b5:4d:78:
                    8f:e5:0c:f9:5a:e3:f1:45:4a:e9:3f:b6:88:c1:77:
                    e8:40:5f:19:82:e6:f6:60:4e:60:7d:74:9c:a4:82:
                    4d:c9:23:e3:82:bf:8a:5c:6b:88:80:15:45:fc:50:
                    c8:9c:c6:53:dc:7d:59:d3:72:78:d0:90:df:bd:58:
                    b4:77:e7:29:05:f4:4b:c1:37:ca:70:f1:8b:32:8a:
                    de:78:77:04:11:6b:86:79:fe:9f:5d:31:a5:ea:8f:
                    e9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:71:5C:26:2C:0A:D1:BE:3A:1A:B2:F5:0C:32:D0:07:28:F8:C1:8C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/549ef6bc-b35c-4e1f-8bdd-0c314e6eeb13.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:8c:ed:4c:d9:a9:6d:24:c0:18:90:bb:71:59:a8:77:52:09:
         ce:ff:a6:65:d1:7a:b8:29:28:46:42:60:b7:c4:e3:1f:e3:89:
         cb:11:29:65:56:d6:93:9e:b1:7e:50:fd:d1:92:14:4e:83:74:
         b5:b2:24:c4:c8:0d:a2:32:9b:c1:f1:1f:79:7f:3a:6d:f6:0b:
         6d:e1:1e:5d:79:ab:80:0f:c8:27:10:ad:09:b2:96:ea:53:96:
         20:d0:bd:ee:a6:9b:81:7b:44:49:54:36:19:a3:e4:5e:ba:8d:
         0c:c2:07:35:f1:d6:23:6b:cb:ed:61:55:5e:6e:d8:cb:11:bc:
         90:28:35:6b:a9:65:95:74:87:8e:af:ae:f7:dd:42:a1:b8:c2:
         06:c5:72:3a:09:6b:ca:80:dc:76:55:e0:de:06:b3:63:df:05:
         22:87:47:fd:3e:f2:54:6f:2a:25:43:c8:45:27:a1:5b:69:a1:
         f2:89:94:e8:7f:ae:2f:41:67:ea:3c:32:fb:d6:cc:17:67:bc:
         cd:55:5d:51:dd:99:ab:5a:9f:59:2d:74:c0:25:3b:fd:80:a2:
         cd:de:f4:91:12:61:b5:cb:df:b6:29:20:9e:41:da:a9:05:79:
         3d:c1:7d:56:b8:22:62:39:08:5e:b8:2d:cb:22:45:ed:cc:23:
         7c:6a:df:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHjFQVDDun+7hc9frvUiqh+bmDkAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjA2MDAwMDAwWhcNMjUwMzEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZGFlNGQ2YWYyM2EwODgwMzBkZjUzNTBiMGFjY2Q2NTli
ZTkwOTNhMjcwMGVjZDBiZWEyNTAzZTc4MDliNDRkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+ea/gq4iTJbG6yJEfEHjL9SPGcpOWkU4Mq/nzlYY4YXD2
QVIc5wLaeIVwyNqCD6Caww2p8g/yK1mZUaW4h4wJElqBQXJgdUSJQ6WFslJm+WK1
/PcrAVU4WhmsvdFvfs64ilD+clGFP3HRa50f7IpNYpmP5DARIC+hLMQJ22Z3KNF4
YqaA8CsuOiRpqVNNJxrDF/G15dVkd2a7VN/FNAiSKrVNeI/lDPla4/FFSuk/tojB
d+hAXxmC5vZgTmB9dJykgk3JI+OCv4pca4iAFUX8UMicxlPcfVnTcnjQkN+9WLR3
5ykF9EvBN8pw8Ysyit54dwQRa4Z5/p9dMaXqj+ndAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGHFcJiwK0b46GrL1DDLQByj4wYwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU0OWVmNmJjLWIzNWMtNGUxZi04YmRkLTBjMzE0ZTZlZWIxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGKM7UzZqW0kwBiQu3FZqHdSCc7/
pmXRergpKEZCYLfE4x/jicsRKWVW1pOesX5Q/dGSFE6DdLWyJMTIDaIym8HxH3l/
Om32C23hHl15q4APyCcQrQmylupTliDQve6mm4F7RElUNhmj5F66jQzCBzXx1iNr
y+1hVV5u2MsRvJAoNWupZZV0h46vrvfdQqG4wgbFcjoJa8qA3HZV4N4Gs2PfBSKH
R/0+8lRvKiVDyEUnoVtpofKJlOh/ri9BZ+o8MvvWzBdnvM1VXVHdmatan1ktdMAl
O/2Aos3e9JESYbXL37YpIJ5B2qkFeT3BfVa4ImI5CF64LcsiRe3MI3xq390=
-----END CERTIFICATE-----