Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/823fed0e-bfd3-49a6-98b1-aade53f51461.roa
File:                     823fed0e-bfd3-49a6-98b1-aade53f51461.roa (raw, json)
Hash identifier:          tqGqdBkl6L6f7Os3YNwnqBzKiieq++WcedvjNABrZso=
Subject key identifier:   63:B6:16:05:A2:03:53:97:C5:DF:4A:79:46:9F:AE:9C:19:A5:E5:F5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       68A6E8DFD1926C403E340A500B92849887D9050D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/823fed0e-bfd3-49a6-98b1-aade53f51461.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:a6:e8:df:d1:92:6c:40:3e:34:0a:50:0b:92:84:98:87:d9:05:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=67ac5d8c9fb087451d3629f18ce3092c4499b0f6f24e512a9db102f7e0cc08bd, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:43:af:a6:d7:39:6c:7d:31:88:c6:67:cd:40:
                    cd:a2:4e:10:3b:86:02:60:2f:57:40:9d:6f:4d:b5:
                    a0:fc:47:ea:c4:d5:5b:e6:c0:ae:f0:0b:cd:b4:ea:
                    dc:e6:98:9f:50:d9:f7:33:9f:ce:ca:5c:c1:21:8d:
                    76:4f:8b:e5:85:3e:ba:92:9a:c0:81:b7:fd:aa:61:
                    c2:e0:40:4a:74:d4:75:89:23:80:5e:ff:fe:56:64:
                    59:f6:64:10:60:85:e4:8d:b0:dc:24:c5:89:62:7a:
                    e3:6d:ca:6f:b5:6f:85:d3:67:ed:16:69:54:5c:d2:
                    2f:4e:18:e3:18:46:30:c5:19:a0:93:85:ff:b1:f5:
                    16:b4:9c:fa:82:9c:b8:c2:cf:de:6f:a8:30:4c:94:
                    d8:b2:85:e0:d2:64:06:09:4e:d3:e6:13:f8:b6:12:
                    80:9d:8c:33:b4:06:96:ef:58:a6:6a:fc:40:74:77:
                    98:37:a0:62:2b:59:be:93:dd:77:2b:60:25:c5:1b:
                    8d:f1:51:41:a4:80:02:d0:cd:3d:df:45:03:77:4e:
                    d1:d9:b0:05:c4:9b:02:74:f3:b8:67:46:cf:f9:02:
                    53:5c:56:c2:82:a2:7d:fb:86:9e:dd:a5:50:5f:b0:
                    53:33:4f:f4:a0:e0:b3:06:cc:20:13:27:75:ee:6f:
                    a3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B6:16:05:A2:03:53:97:C5:DF:4A:79:46:9F:AE:9C:19:A5:E5:F5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/823fed0e-bfd3-49a6-98b1-aade53f51461.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:bf:7f:da:e2:97:56:af:b6:df:de:82:e7:88:7c:db:60:17:
         95:da:fa:09:97:37:a7:99:6a:6e:18:9d:c2:27:87:c0:e5:a3:
         a0:6a:ba:d5:95:e4:c8:bc:fd:e7:0b:ec:a1:d5:87:c5:d3:ec:
         d4:d7:c3:ce:97:90:36:e8:7b:07:02:cd:70:08:0f:59:d9:76:
         9f:ca:13:dc:ff:0a:9d:77:dd:34:f7:3a:5e:f2:75:e6:0f:d4:
         17:ad:b3:80:54:e8:0d:e8:7a:9a:3c:04:bb:b2:a1:fb:ad:39:
         fc:c3:7b:27:3a:23:43:78:1b:6e:b7:13:a7:51:b8:bd:22:dc:
         25:16:74:57:70:df:9e:9d:8c:e5:34:ef:c6:9a:49:28:c0:d5:
         45:b0:78:dd:65:63:34:73:1e:c0:43:e1:db:09:5a:0b:7c:02:
         ca:07:3d:77:42:6c:0e:37:97:fb:13:13:dd:4f:a1:e6:53:0e:
         0d:ad:aa:61:9e:96:18:49:8c:fe:c0:4b:f4:4e:b9:9a:f5:16:
         eb:c4:53:32:a7:22:bc:7e:c4:c9:92:04:83:dd:e3:32:b8:f3:
         9a:3d:85:0f:02:ec:5d:8f:0c:87:f1:c1:14:ba:25:1c:d6:8e:
         01:8e:a8:7f:d7:a1:26:52:c9:0e:75:ec:6c:8b:55:7f:b5:d5:
         ec:95:98:fa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaKbo39GSbEA+NApQC5KEmIfZBQ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2N2FjNWQ4YzlmYjA4NzQ1MWQzNjI5ZjE4Y2UzMDkyYzQ0
OTliMGY2ZjI0ZTUxMmE5ZGIxMDJmN2UwY2MwOGJkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbQ6+m1zlsfTGIxmfNQM2iThA7hgJgL1dAnW9NtaD8R+rE
1VvmwK7wC8206tzmmJ9Q2fczn87KXMEhjXZPi+WFPrqSmsCBt/2qYcLgQEp01HWJ
I4Be//5WZFn2ZBBgheSNsNwkxYlieuNtym+1b4XTZ+0WaVRc0i9OGOMYRjDFGaCT
hf+x9Ra0nPqCnLjCz95vqDBMlNiyheDSZAYJTtPmE/i2EoCdjDO0BpbvWKZq/EB0
d5g3oGIrWb6T3XcrYCXFG43xUUGkgALQzT3fRQN3TtHZsAXEmwJ087hnRs/5AlNc
VsKCon37hp7dpVBfsFMzT/Sg4LMGzCATJ3Xub6M1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY7YWBaIDU5fF30p5Rp+unBml5fUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyM2ZlZDBlLWJmZDMtNDlhNi05OGIxLWFhZGU1M2Y1MTQ2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFm/f9ril1avtt/egueIfNtgF5Xa
+gmXN6eZam4YncInh8Dlo6BqutWV5Mi8/ecL7KHVh8XT7NTXw86XkDboewcCzXAI
D1nZdp/KE9z/Cp133TT3Ol7ydeYP1Bets4BU6A3oepo8BLuyofutOfzDeyc6I0N4
G263E6dRuL0i3CUWdFdw356djOU078aaSSjA1UWweN1lYzRzHsBD4dsJWgt8AsoH
PXdCbA43l/sTE91PoeZTDg2tqmGelhhJjP7AS/ROuZr1FuvEUzKnIrx+xMmSBIPd
4zK485o9hQ8C7F2PDIfxwRS6JRzWjgGOqH/XoSZSyQ517GyLVX+11eyVmPo=
-----END CERTIFICATE-----