Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/808ff875-07c5-4317-8069-6c4a165ed6ff.roa
File:                     808ff875-07c5-4317-8069-6c4a165ed6ff.roa (raw, json)
Hash identifier:          qivOr/S62I7V8mqq5Yko109eTbrxNUnYIrllYolMC4A=
Subject key identifier:   6C:31:E5:D4:94:2F:D3:83:BC:8F:D7:57:58:12:9D:EF:54:E4:0D:D7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1835FC4A2E0983D3F001A8D54DDB77CD44C4CE13
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/808ff875-07c5-4317-8069-6c4a165ed6ff.roa
Signing time:             Tue 04 Mar 2025 21:58:20 +0000
ROA not before:           Tue 04 Mar 2025 21:58:20 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:35:fc:4a:2e:09:83:d3:f0:01:a8:d5:4d:db:77:cd:44:c4:ce:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  4 21:58:20 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: serialNumber=9ba0d55eaa8606b869e7a1e89a7418c89dac5011691f5edb87f3975806d02493, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:be:7b:66:a8:b8:22:bd:46:10:10:5b:81:23:
                    3f:8d:83:87:58:87:12:d3:de:38:b1:ee:a9:c6:15:
                    ef:a9:09:b7:93:49:2e:de:c7:f1:73:68:a4:5c:bd:
                    60:6a:63:c0:41:81:eb:ad:66:97:f3:82:5e:8a:86:
                    74:91:bd:e0:13:76:fa:85:4d:f2:77:43:fe:29:9a:
                    b5:32:1f:fe:e4:57:6c:a1:c8:a2:37:8d:11:bf:48:
                    94:7f:6b:0b:af:78:0b:ac:dc:8f:2e:4b:a4:ab:20:
                    9a:d8:74:b4:31:58:f2:4c:b8:ec:58:25:4a:5b:34:
                    d8:78:a2:d4:70:f9:7a:ab:c7:ec:13:dc:c7:79:3c:
                    7b:6f:42:4f:ea:58:72:b3:ef:22:66:2c:58:02:de:
                    6e:a3:54:3c:47:6d:d3:1c:aa:29:72:62:a0:08:af:
                    8b:e8:4a:43:55:bc:27:1b:f4:7c:2a:d4:8c:57:8f:
                    2f:9b:2d:c2:68:c4:58:ed:e9:e8:e7:31:2b:b3:c2:
                    92:f4:72:e2:e6:c9:f6:20:78:c5:db:28:5e:d8:f0:
                    9f:b9:45:0a:84:e5:d4:bd:c0:84:ef:e2:2a:4b:95:
                    f5:f3:18:d5:8e:af:7d:36:91:f0:9c:5e:c6:73:e4:
                    79:ad:47:88:64:22:29:6f:28:4f:87:76:af:c3:23:
                    b9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:31:E5:D4:94:2F:D3:83:BC:8F:D7:57:58:12:9D:EF:54:E4:0D:D7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/808ff875-07c5-4317-8069-6c4a165ed6ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:e1:cd:f8:33:7e:01:81:17:b2:d6:4c:df:37:ea:c4:dc:7c:
         b6:7d:ba:4d:38:28:4e:10:3a:e0:02:ff:34:38:64:02:b4:fc:
         a9:ee:12:ad:19:68:ee:3b:c1:7d:1c:86:47:02:06:e5:c0:16:
         dc:30:fb:e3:16:39:c1:d4:f3:69:d1:12:8e:ec:e0:b9:3f:e2:
         cd:86:85:5e:b6:f0:9f:92:3a:a3:d6:e3:74:93:4a:28:f7:8e:
         3c:4d:8c:7e:ac:db:2f:36:60:b4:ec:a6:a7:29:41:4a:c7:51:
         f0:43:bc:d4:ad:ab:3a:a9:d2:84:ed:6b:40:73:eb:bc:ff:07:
         0b:f5:30:39:94:e6:75:9e:83:ce:76:86:08:64:a9:28:3f:cd:
         17:01:98:d6:43:74:9f:80:51:8f:77:59:24:25:b2:52:59:52:
         45:5e:db:9f:6d:00:91:56:93:55:cb:87:e5:59:03:5b:c2:18:
         b7:03:8b:e0:3f:00:07:8e:bb:d4:3d:b2:16:fd:dd:56:14:a6:
         a9:40:3b:65:71:1c:88:78:3b:bf:2c:68:a9:e7:f3:d1:62:16:
         b3:6d:f9:a5:f1:b6:0c:e4:54:ab:9e:44:d9:db:45:4d:2d:f7:
         e5:4d:e0:90:99:63:e9:28:64:0b:b8:ce:7b:5e:b7:12:3f:79:
         2c:be:7c:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGDX8Si4Jg9PwAajVTdt3zUTEzhMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA0MjE1ODIwWhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YmEwZDU1ZWFhODYwNmI4NjllN2ExZTg5YTc0MThjODlk
YWM1MDExNjkxZjVlZGI4N2YzOTc1ODA2ZDAyNDkzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmvntmqLgivUYQEFuBIz+Ng4dYhxLT3jix7qnGFe+pCbeT
SS7ex/FzaKRcvWBqY8BBgeutZpfzgl6KhnSRveATdvqFTfJ3Q/4pmrUyH/7kV2yh
yKI3jRG/SJR/awuveAus3I8uS6SrIJrYdLQxWPJMuOxYJUpbNNh4otRw+Xqrx+wT
3Md5PHtvQk/qWHKz7yJmLFgC3m6jVDxHbdMcqilyYqAIr4voSkNVvCcb9Hwq1IxX
jy+bLcJoxFjt6ejnMSuzwpL0cuLmyfYgeMXbKF7Y8J+5RQqE5dS9wITv4ipLlfXz
GNWOr302kfCcXsZz5HmtR4hkIilvKE+Hdq/DI7nVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbDHl1JQv04O8j9dXWBKd71TkDdcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgwOGZmODc1LTA3YzUtNDMxNy04MDY5LTZjNGExNjVlZDZmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFLhzfgzfgGBF7LWTN836sTcfLZ9
uk04KE4QOuAC/zQ4ZAK0/KnuEq0ZaO47wX0chkcCBuXAFtww++MWOcHU82nREo7s
4Lk/4s2GhV628J+SOqPW43STSij3jjxNjH6s2y82YLTspqcpQUrHUfBDvNStqzqp
0oTta0Bz67z/Bwv1MDmU5nWeg852hghkqSg/zRcBmNZDdJ+AUY93WSQlslJZUkVe
259tAJFWk1XLh+VZA1vCGLcDi+A/AAeOu9Q9shb93VYUpqlAO2VxHIh4O78saKnn
89FiFrNt+aXxtgzkVKueRNnbRU0t9+VN4JCZY+koZAu4zntetxI/eSy+fJE=
-----END CERTIFICATE-----