Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/694f6be0-c2d1-4ecf-a444-83f85ab8bd91.roa
File:                     694f6be0-c2d1-4ecf-a444-83f85ab8bd91.roa (raw, json)
Hash identifier:          seHBfH5aSS8dNdGElTtgGQSQ4XAHj7MdZK11Hj2t72A=
Subject key identifier:   58:D9:62:35:A7:94:A9:E9:60:60:2B:F9:A8:18:96:AA:9C:98:88:3A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       549A061DF96A27FB065C43C3B566375D0BED8EAE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/694f6be0-c2d1-4ecf-a444-83f85ab8bd91.roa
Signing time:             Thu 27 Feb 2025 21:08:20 +0000
ROA not before:           Thu 27 Feb 2025 21:08:20 +0000
ROA not after:            Thu 03 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:9a:06:1d:f9:6a:27:fb:06:5c:43:c3:b5:66:37:5d:0b:ed:8e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 27 21:08:20 2025 GMT
            Not After : Apr  3 23:59:59 2025 GMT
        Subject: serialNumber=e5d605dd80f951deb362475aac170e85db0c7ce6b9a57313d1dbfb160fc28b8f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:36:73:83:6d:28:fd:85:eb:7b:22:88:e9:ae:
                    be:08:e4:ea:ea:50:bb:d5:89:5a:ed:85:1a:1d:e4:
                    75:50:bb:5b:39:63:96:6c:14:99:4c:60:7c:d3:85:
                    db:1f:6b:8f:4c:15:3a:20:cf:0f:00:0a:5e:42:e6:
                    0b:41:6c:ad:ec:ed:9f:0f:46:37:bd:b1:b8:e6:5c:
                    14:45:bb:cb:95:ff:bd:ae:83:b5:b4:be:05:93:be:
                    c4:15:c7:77:5c:13:29:bc:ea:66:46:87:ab:75:92:
                    e8:96:44:c7:fe:8b:c9:d7:1d:dd:62:c8:09:b2:f4:
                    7d:c4:73:f7:f8:5a:84:a7:e8:fa:24:71:be:58:58:
                    3d:be:a2:fa:49:4b:1f:54:8c:0d:56:d4:da:43:a2:
                    35:cf:4d:4a:ec:da:b4:65:93:94:c5:6b:8e:2f:33:
                    90:4b:ec:85:1b:eb:af:fc:05:e3:1c:cd:54:2a:a9:
                    d7:a9:e4:b5:fc:f4:05:e6:d4:7a:dd:15:b4:80:ed:
                    d0:87:e0:a5:e3:06:d9:81:6d:2f:1f:c8:c0:0b:c5:
                    cd:03:5b:53:2e:63:7a:43:d7:b2:e0:1c:13:6b:71:
                    63:b9:aa:4f:2e:7f:1e:39:37:95:3b:17:8f:d0:31:
                    0e:bc:c1:76:dd:51:68:9c:af:9b:e1:a9:28:83:23:
                    ba:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D9:62:35:A7:94:A9:E9:60:60:2B:F9:A8:18:96:AA:9C:98:88:3A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/694f6be0-c2d1-4ecf-a444-83f85ab8bd91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:65:26:7e:e3:6d:c0:c6:d0:0d:21:3e:51:3b:f9:f4:61:86:
         af:db:04:d9:ee:e1:7c:d5:61:7c:93:4f:a9:ff:59:73:89:82:
         37:7f:6b:ec:5b:cd:0e:43:f2:47:3f:79:a4:5a:24:15:d1:2c:
         7c:44:1e:23:6a:42:da:01:a4:ef:16:4e:35:b7:ce:ee:02:d6:
         c3:c5:e1:9e:08:62:42:83:79:7e:60:2a:25:fb:9f:e6:3c:e7:
         47:5d:78:23:bb:01:53:16:df:f5:96:4e:c7:aa:c0:83:69:1d:
         46:ad:f4:cc:21:ec:65:3b:27:2b:80:be:60:03:43:0a:3f:d7:
         d1:0d:8d:cd:25:ed:a7:96:77:37:d8:0e:97:57:52:3d:df:34:
         cd:04:1b:ca:fe:6f:3a:03:aa:c7:93:35:82:e1:96:5f:77:09:
         89:6a:2b:dc:7b:8d:f5:a3:a9:99:85:e2:fc:f9:d1:05:d0:b9:
         be:31:3e:41:92:0c:44:4e:82:83:2e:8e:41:a0:fc:0c:62:9d:
         65:a8:36:bc:a8:9b:7e:ed:47:82:4e:b2:22:54:13:b6:c6:b4:
         e0:ba:9f:91:b4:a0:08:f2:06:80:7c:55:06:a7:62:7f:5e:aa:
         08:a0:6e:b7:9c:4a:43:61:aa:d4:d1:9d:01:d1:0e:d1:63:9e:
         12:ec:41:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVJoGHflqJ/sGXEPDtWY3XQvtjq4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjI3MjEwODIwWhcNMjUwNDAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNWQ2MDVkZDgwZjk1MWRlYjM2MjQ3NWFhYzE3MGU4NWRi
MGM3Y2U2YjlhNTczMTNkMWRiZmIxNjBmYzI4YjhmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4NnODbSj9het7Iojprr4I5OrqULvViVrthRod5HVQu1s5
Y5ZsFJlMYHzThdsfa49MFTogzw8ACl5C5gtBbK3s7Z8PRje9sbjmXBRFu8uV/72u
g7W0vgWTvsQVx3dcEym86mZGh6t1kuiWRMf+i8nXHd1iyAmy9H3Ec/f4WoSn6Pok
cb5YWD2+ovpJSx9UjA1W1NpDojXPTUrs2rRlk5TFa44vM5BL7IUb66/8BeMczVQq
qdep5LX89AXm1HrdFbSA7dCH4KXjBtmBbS8fyMALxc0DW1MuY3pD17LgHBNrcWO5
qk8ufx45N5U7F4/QMQ68wXbdUWicr5vhqSiDI7pTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWNliNaeUqelgYCv5qBiWqpyYiDowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY5NGY2YmUwLWMyZDEtNGVjZi1hNDQ0LTgzZjg1YWI4YmQ5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABNlJn7jbcDG0A0hPlE7+fRhhq/b
BNnu4XzVYXyTT6n/WXOJgjd/a+xbzQ5D8kc/eaRaJBXRLHxEHiNqQtoBpO8WTjW3
zu4C1sPF4Z4IYkKDeX5gKiX7n+Y850ddeCO7AVMW3/WWTseqwINpHUat9Mwh7GU7
JyuAvmADQwo/19ENjc0l7aeWdzfYDpdXUj3fNM0EG8r+bzoDqseTNYLhll93CYlq
K9x7jfWjqZmF4vz50QXQub4xPkGSDEROgoMujkGg/AxinWWoNryom37tR4JOsiJU
E7bGtOC6n5G0oAjyBoB8VQanYn9eqgigbrecSkNhqtTRnQHRDtFjnhLsQek=
-----END CERTIFICATE-----