Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82dd88be-3d45-403c-a78f-03ecb4beb6ce.roa
File:                     82dd88be-3d45-403c-a78f-03ecb4beb6ce.roa (raw, json)
Hash identifier:          8eKbQZGxHVQgViQFJH9G/8RF9dsi719TQxju+Xn5BL8=
Subject key identifier:   21:FA:77:F7:41:65:C4:EE:2D:F5:91:B7:47:98:AB:CA:F8:AB:DD:76
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       08AB3AAEC51E3E0438150373BE5384A40768CA0B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82dd88be-3d45-403c-a78f-03ecb4beb6ce.roa
Signing time:             Thu 27 Mar 2025 06:38:18 +0000
ROA not before:           Thu 27 Mar 2025 06:38:18 +0000
ROA not after:            Thu 01 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:ab:3a:ae:c5:1e:3e:04:38:15:03:73:be:53:84:a4:07:68:ca:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 27 06:38:18 2025 GMT
            Not After : May  1 23:59:59 2025 GMT
        Subject: serialNumber=1ded5dc21d3faa52acca688e1ccbf3750afc2c47171916acc49f57e3a2dbb259, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f3:cd:9a:70:f2:50:95:fb:c5:33:9c:64:8c:
                    22:79:de:31:72:6f:6e:dc:23:a6:cd:0f:ac:62:2b:
                    9e:35:f8:5a:8b:ca:de:c0:ce:72:de:3e:b7:a2:bd:
                    7d:be:1f:38:f4:43:c8:4d:3d:69:5c:68:5d:0f:92:
                    e1:51:42:c0:34:d6:90:b1:c9:6f:59:79:72:0d:cd:
                    cf:6e:01:97:90:5a:a6:06:d1:ef:b9:58:72:8d:2f:
                    85:6c:71:6b:28:f2:f0:43:f3:9c:ce:c4:d2:30:31:
                    31:3a:75:b8:06:e2:91:91:2b:5e:d4:f7:77:e5:02:
                    c3:6d:14:1e:4f:e2:0f:58:7b:9c:f7:2b:8c:5a:46:
                    11:f2:6c:2f:69:fc:c8:ee:6c:e5:dd:22:56:cc:4f:
                    56:7a:6e:11:bf:4d:1c:be:f4:92:eb:0e:f5:61:54:
                    00:dd:7b:1b:90:30:8a:a5:b4:bb:2e:27:c4:aa:11:
                    28:61:ac:2b:d3:f4:9f:52:a9:31:6e:59:45:09:fb:
                    bf:65:2f:39:d5:88:34:54:7d:c7:17:d8:1d:c8:da:
                    30:44:10:80:0c:59:94:fc:0c:4f:5f:90:f7:b0:a6:
                    6e:0f:87:5b:27:ef:d0:4e:33:3a:40:99:7a:b2:42:
                    06:95:d9:0c:ae:76:49:f0:da:d2:b1:a5:9b:5c:56:
                    89:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:FA:77:F7:41:65:C4:EE:2D:F5:91:B7:47:98:AB:CA:F8:AB:DD:76
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/82dd88be-3d45-403c-a78f-03ecb4beb6ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:c4:49:b7:1a:77:82:03:73:1b:a1:87:34:12:10:a7:80:03:
         9b:79:cf:8f:2c:1c:76:a8:80:ee:75:3a:3e:33:c8:bf:17:ea:
         13:0b:ae:0a:a5:14:b7:8f:83:63:32:cf:e2:84:bc:7a:10:c4:
         d7:fe:66:66:87:61:48:2a:71:20:75:63:49:84:50:bc:1a:71:
         ce:5d:5f:6c:b9:9c:1a:21:80:f8:15:24:6c:7e:fe:c8:eb:52:
         7a:9f:9d:4c:4b:07:1b:25:12:39:49:46:bd:ac:22:2b:df:86:
         1d:13:3a:26:ab:68:76:95:51:e6:02:b1:b3:86:3b:22:c3:6d:
         09:bb:0e:48:37:f5:f4:69:30:d9:63:d5:cf:35:91:c4:4f:7e:
         06:ad:bc:02:1d:e8:61:ad:f0:77:74:52:ec:eb:89:14:eb:08:
         d5:bf:eb:fb:b4:b3:36:5c:28:a0:46:ae:ad:d9:87:87:0e:62:
         91:49:35:99:35:4c:a0:f9:7e:99:83:d9:2e:f7:b3:51:18:85:
         42:c0:77:1d:63:3c:30:7a:7b:1d:9a:a7:91:78:56:d6:f4:a6:
         de:43:f3:a6:62:cf:d3:c9:e5:29:fe:bd:cb:37:3b:dd:f9:d1:
         82:ad:23:04:f5:43:4b:09:68:67:d7:f4:a8:ec:67:0f:0d:47:
         4f:a2:a1:d2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCKs6rsUePgQ4FQNzvlOEpAdoygswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI3MDYzODE4WhcNMjUwNTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZGVkNWRjMjFkM2ZhYTUyYWNjYTY4OGUxY2NiZjM3NTBh
ZmMyYzQ3MTcxOTE2YWNjNDlmNTdlM2EyZGJiMjU5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCH882acPJQlfvFM5xkjCJ53jFyb27cI6bND6xiK541+FqL
yt7AznLePreivX2+Hzj0Q8hNPWlcaF0PkuFRQsA01pCxyW9ZeXINzc9uAZeQWqYG
0e+5WHKNL4VscWso8vBD85zOxNIwMTE6dbgG4pGRK17U93flAsNtFB5P4g9Ye5z3
K4xaRhHybC9p/MjubOXdIlbMT1Z6bhG/TRy+9JLrDvVhVADdexuQMIqltLsuJ8Sq
EShhrCvT9J9SqTFuWUUJ+79lLznViDRUfccX2B3I2jBEEIAMWZT8DE9fkPewpm4P
h1sn79BOMzpAmXqyQgaV2Qyudknw2tKxpZtcVonzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIfp390FlxO4t9ZG3R5iryvir3XYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyZGQ4OGJlLTNkNDUtNDAzYy1hNzhmLTAzZWNiNGJlYjZjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAETESbcad4IDcxuhhzQSEKeAA5t5
z48sHHaogO51Oj4zyL8X6hMLrgqlFLePg2Myz+KEvHoQxNf+ZmaHYUgqcSB1Y0mE
ULwacc5dX2y5nBohgPgVJGx+/sjrUnqfnUxLBxslEjlJRr2sIivfhh0TOiaraHaV
UeYCsbOGOyLDbQm7Dkg39fRpMNlj1c81kcRPfgatvAId6GGt8Hd0UuzriRTrCNW/
6/u0szZcKKBGrq3Zh4cOYpFJNZk1TKD5fpmD2S73s1EYhULAdx1jPDB6ex2ap5F4
Vtb0pt5D86Ziz9PJ5Sn+vcs3O9350YKtIwT1Q0sJaGfX9KjsZw8NR0+iodI=
-----END CERTIFICATE-----