Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7050ebd5-5a89-4211-86d4-ee3b87bd10ac.roa
File:                     7050ebd5-5a89-4211-86d4-ee3b87bd10ac.roa (raw, json)
Hash identifier:          62iZsSE/Pp0Ts30YcjHQ29DqSfhHtpkWJV4lDK7TkEY=
Subject key identifier:   ED:39:BB:93:01:FE:43:8E:A9:F2:BA:41:2A:AA:E2:1E:8D:F9:09:E0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       385115FCE74E47764FF6948FEF5728FA2CF6A99F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7050ebd5-5a89-4211-86d4-ee3b87bd10ac.roa
Signing time:             Sat 15 Mar 2025 11:33:16 +0000
ROA not before:           Sat 15 Mar 2025 11:33:16 +0000
ROA not after:            Sat 19 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:51:15:fc:e7:4e:47:76:4f:f6:94:8f:ef:57:28:fa:2c:f6:a9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 15 11:33:16 2025 GMT
            Not After : Apr 19 23:59:59 2025 GMT
        Subject: serialNumber=4a99fc127be5003b7fc6dedd6e6ec82c636e1d834fd1614409fcdafef56f8f0b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ba:5e:0a:0e:b4:c3:2b:df:39:a2:1f:3f:70:
                    c3:bd:d1:0e:70:6a:db:db:53:d4:a9:d2:d4:79:77:
                    c5:b0:3c:27:f0:9a:94:a0:39:10:fb:e3:c0:0a:35:
                    45:cd:4a:72:21:7c:56:7f:90:48:0d:3a:68:e1:9d:
                    c3:f4:50:38:4e:cd:ee:6b:e2:ba:0a:00:3d:f0:94:
                    af:d0:43:ca:b8:43:c9:ac:cb:2a:bc:b3:06:74:5a:
                    68:bf:28:c4:fe:48:50:d9:b6:f2:2b:cb:77:a8:18:
                    c9:d0:4c:29:db:c4:e4:c8:43:7c:f3:4d:62:94:87:
                    22:49:ef:c3:8c:12:1a:b9:47:7d:46:0e:99:48:e3:
                    cc:9d:d0:3e:dc:16:80:a6:7c:37:ed:77:ea:5a:bf:
                    3b:50:22:95:c6:83:1c:85:19:81:c8:9b:47:a3:a6:
                    14:5d:e9:f9:4e:2c:60:20:72:ec:63:4e:8f:15:b9:
                    ce:ed:58:3b:71:96:0e:a2:53:73:e7:54:28:9e:c8:
                    bc:02:92:99:c5:99:88:5d:a1:d9:e2:42:c3:ad:25:
                    56:31:d7:dd:ed:f9:01:39:a7:e8:5e:a0:3a:8b:d5:
                    f4:79:65:74:56:1c:4c:b4:ec:2e:b8:51:fc:24:13:
                    f1:68:a8:5b:a3:52:bb:d4:4e:af:21:f1:7a:33:3f:
                    73:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:39:BB:93:01:FE:43:8E:A9:F2:BA:41:2A:AA:E2:1E:8D:F9:09:E0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7050ebd5-5a89-4211-86d4-ee3b87bd10ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:91:bd:cc:2c:2f:c6:3b:e1:77:90:5b:bd:ff:cf:35:32:5e:
         43:17:f8:82:55:c9:d0:34:f5:0d:fb:f2:25:bd:dd:0c:cb:46:
         1a:f6:e4:8d:f7:29:a1:66:d5:dd:5c:79:02:b3:c6:c1:7b:2e:
         f9:ad:e1:ec:af:66:57:0a:72:bd:64:a5:25:d8:bb:1e:45:40:
         37:73:76:9d:be:84:f3:aa:af:96:e5:bd:68:e7:29:69:59:94:
         1c:ab:a2:72:11:35:ec:1f:e7:70:09:64:22:01:04:ec:3a:9e:
         af:0b:da:b9:e8:d8:ad:ec:3e:65:46:d4:2b:1b:a1:25:d3:94:
         f4:7d:ed:13:04:6d:bf:5f:c9:6b:be:e8:8d:c0:aa:03:6e:93:
         27:68:74:5d:68:5d:28:2b:0c:d9:db:cf:8b:1e:41:3b:60:00:
         b9:f9:17:d2:40:cb:3d:94:5a:50:1e:93:ca:86:34:d5:94:34:
         08:d8:9c:6f:3d:ce:0e:5d:cf:b5:c9:e0:bf:54:65:3f:26:7b:
         7e:3a:8f:b4:ac:85:fb:aa:d7:d0:4d:13:05:ac:52:d5:a5:2c:
         13:a2:c5:fb:d3:71:85:23:a9:f0:6f:63:9b:2a:5b:91:d2:22:
         cf:2d:fc:46:a8:7c:26:17:84:65:96:93:38:2a:0e:87:d5:ff:
         3b:27:80:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOFEV/OdOR3ZP9pSP71co+iz2qZ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzE1MTEzMzE2WhcNMjUwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YTk5ZmMxMjdiZTUwMDNiN2ZjNmRlZGQ2ZTZlYzgyYzYz
NmUxZDgzNGZkMTYxNDQwOWZjZGFmZWY1NmY4ZjBiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8ul4KDrTDK985oh8/cMO90Q5watvbU9Sp0tR5d8WwPCfw
mpSgORD748AKNUXNSnIhfFZ/kEgNOmjhncP0UDhOze5r4roKAD3wlK/QQ8q4Q8ms
yyq8swZ0Wmi/KMT+SFDZtvIry3eoGMnQTCnbxOTIQ3zzTWKUhyJJ78OMEhq5R31G
DplI48yd0D7cFoCmfDftd+pavztQIpXGgxyFGYHIm0ejphRd6flOLGAgcuxjTo8V
uc7tWDtxlg6iU3PnVCieyLwCkpnFmYhdodniQsOtJVYx193t+QE5p+heoDqL1fR5
ZXRWHEy07C64UfwkE/FoqFujUrvUTq8h8XozP3NXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7Tm7kwH+Q46p8rpBKqriHo35CeAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcwNTBlYmQ1LTVhODktNDIxMS04NmQ0LWVlM2I4N2JkMTBhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC2RvcwsL8Y74XeQW73/zzUyXkMX
+IJVydA09Q378iW93QzLRhr25I33KaFm1d1ceQKzxsF7Lvmt4eyvZlcKcr1kpSXY
ux5FQDdzdp2+hPOqr5blvWjnKWlZlByronIRNewf53AJZCIBBOw6nq8L2rno2K3s
PmVG1CsboSXTlPR97RMEbb9fyWu+6I3AqgNukydodF1oXSgrDNnbz4seQTtgALn5
F9JAyz2UWlAek8qGNNWUNAjYnG89zg5dz7XJ4L9UZT8me346j7Sshfuq19BNEwWs
UtWlLBOixfvTcYUjqfBvY5sqW5HSIs8t/EaofCYXhGWWkzgqDofV/zsngK0=
-----END CERTIFICATE-----