Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9de0c2a8-9fe9-4daa-8649-1de2e0950779.roa
File:                     9de0c2a8-9fe9-4daa-8649-1de2e0950779.roa (raw, json)
Hash identifier:          qCR4RRDV1xs2JOhPu2roLg7L5sd+s9KOGb/7lMOOP+k=
Subject key identifier:   4E:B4:3B:63:BE:20:21:AE:8F:33:A2:0C:21:07:96:83:63:21:49:B2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       039A2C01850942452A62C02AD25EAA3862B49ECB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9de0c2a8-9fe9-4daa-8649-1de2e0950779.roa
Signing time:             Fri 07 Mar 2025 06:08:19 +0000
ROA not before:           Fri 07 Mar 2025 06:08:19 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:9a:2c:01:85:09:42:45:2a:62:c0:2a:d2:5e:aa:38:62:b4:9e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  7 06:08:19 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: serialNumber=5fb7c4d9508161e84cd1e66bdeb400767939c43394f732baf28984d4592c68de, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4d:0b:3f:dc:a9:d2:93:a3:6f:c7:f0:4b:85:
                    87:42:fe:e7:f7:b4:c8:45:44:88:f2:62:41:3f:08:
                    7d:99:d1:41:d8:78:90:4e:b3:f5:58:69:08:f0:d3:
                    71:55:46:e8:ea:02:1e:46:2e:13:15:45:65:3d:46:
                    0a:03:e7:d6:a2:a1:40:80:7a:13:42:a5:0e:2a:ca:
                    3c:90:35:af:c1:b1:a0:be:d4:7b:1d:7f:9f:62:5b:
                    06:d8:d5:e3:e5:7b:90:a7:83:6e:c3:7a:1b:1a:6e:
                    39:a8:f8:0c:87:ee:c5:e2:b0:38:08:2d:83:76:af:
                    63:a4:12:77:22:7e:71:9c:f0:1d:56:69:a5:11:ed:
                    4d:38:0e:2a:c4:d3:74:0c:5c:27:6f:4e:5a:e1:1c:
                    dc:3f:f7:1b:60:a9:fb:76:bf:c9:26:6c:b0:c5:32:
                    fa:4c:49:cd:e7:0d:30:30:30:dc:90:91:14:dc:d5:
                    93:8f:e1:b5:ef:c4:b1:27:bb:2f:5f:cc:3c:f7:1f:
                    a5:86:22:41:cb:26:57:0b:ba:15:03:17:ae:f5:97:
                    a9:36:9b:2c:12:80:fd:88:6f:f5:fc:04:72:4a:13:
                    0b:aa:24:94:1b:f1:a1:0c:b4:65:87:d0:11:cf:45:
                    99:e4:be:96:2f:88:a3:80:74:4a:11:fd:b1:89:4b:
                    c2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:B4:3B:63:BE:20:21:AE:8F:33:A2:0C:21:07:96:83:63:21:49:B2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9de0c2a8-9fe9-4daa-8649-1de2e0950779.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:b3:ce:82:59:6f:b5:d9:40:4b:d7:2a:b2:ea:6d:87:9b:f1:
         d0:cb:18:80:8b:fb:1c:c8:6f:66:66:04:34:fd:14:fb:99:83:
         61:45:8c:f8:70:94:19:fe:5f:e4:f1:79:17:e1:8c:bf:77:ae:
         6b:1f:84:48:e9:39:8d:34:5c:63:c3:4a:fc:18:0a:70:04:28:
         1d:24:29:07:d0:2d:79:de:f6:f2:8c:75:4d:fd:48:26:8a:d3:
         12:46:4d:7a:62:cf:0f:80:c8:0b:11:96:81:85:e9:b7:8d:37:
         71:38:a7:db:da:b7:7a:b4:e3:14:c7:77:30:38:c8:ed:b2:26:
         b9:59:97:32:e7:32:0e:55:0c:4c:28:71:44:07:c7:c6:f0:69:
         d1:21:67:17:f3:b3:57:98:7a:0b:2e:c9:fd:0e:3f:6c:97:80:
         3e:35:5f:e5:8b:83:c6:db:55:a4:e8:e8:04:f5:00:ec:72:fd:
         92:3a:14:3e:0f:cc:9d:01:66:bd:53:0d:d4:3a:b5:e5:a1:c8:
         90:a2:8d:d5:94:06:c5:d1:eb:90:de:4b:7c:af:65:6e:ec:eb:
         d6:3c:0b:1f:76:9e:55:68:57:13:5d:23:c4:6d:20:29:80:b8:
         9c:84:db:bf:7b:a8:d9:d7:9f:57:9f:5a:ae:cb:64:38:b1:b6:
         ad:b1:b7:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA5osAYUJQkUqYsAq0l6qOGK0nsswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA3MDYwODE5WhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZmI3YzRkOTUwODE2MWU4NGNkMWU2NmJkZWI0MDA3Njc5
MzljNDMzOTRmNzMyYmFmMjg5ODRkNDU5MmM2OGRlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLTQs/3KnSk6Nvx/BLhYdC/uf3tMhFRIjyYkE/CH2Z0UHY
eJBOs/VYaQjw03FVRujqAh5GLhMVRWU9RgoD59aioUCAehNCpQ4qyjyQNa/BsaC+
1Hsdf59iWwbY1ePle5Cng27Dehsabjmo+AyH7sXisDgILYN2r2OkEncifnGc8B1W
aaUR7U04DirE03QMXCdvTlrhHNw/9xtgqft2v8kmbLDFMvpMSc3nDTAwMNyQkRTc
1ZOP4bXvxLEnuy9fzDz3H6WGIkHLJlcLuhUDF671l6k2mywSgP2Ib/X8BHJKEwuq
JJQb8aEMtGWH0BHPRZnkvpYviKOAdEoR/bGJS8J3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTrQ7Y74gIa6PM6IMIQeWg2MhSbIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlkZTBjMmE4LTlmZTktNGRhYS04NjQ5LTFkZTJlMDk1MDc3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAImzzoJZb7XZQEvXKrLqbYeb8dDL
GICL+xzIb2ZmBDT9FPuZg2FFjPhwlBn+X+TxeRfhjL93rmsfhEjpOY00XGPDSvwY
CnAEKB0kKQfQLXne9vKMdU39SCaK0xJGTXpizw+AyAsRloGF6beNN3E4p9vat3q0
4xTHdzA4yO2yJrlZlzLnMg5VDEwocUQHx8bwadEhZxfzs1eYegsuyf0OP2yXgD41
X+WLg8bbVaTo6AT1AOxy/ZI6FD4PzJ0BZr1TDdQ6teWhyJCijdWUBsXR65DeS3yv
ZW7s69Y8Cx92nlVoVxNdI8RtICmAuJyE2797qNnXn1efWq7LZDixtq2xt/k=
-----END CERTIFICATE-----