Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a3c0b864-da1d-4503-b04a-8c79708c2431.roa
File:                     a3c0b864-da1d-4503-b04a-8c79708c2431.roa (raw, json)
Hash identifier:          5w7Jcp655Vxjs0kg9GjAHU9C4HCz+ytjPXp54cZA8PU=
Subject key identifier:   F5:EC:66:AB:6E:9C:1C:69:5E:99:52:98:08:E2:5B:AE:98:C0:E9:7B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5D6406645F38EFF1ADC9306594F450A5D8974B9B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a3c0b864-da1d-4503-b04a-8c79708c2431.roa
Signing time:             Thu 08 May 2025 06:43:21 +0000
ROA not before:           Thu 08 May 2025 06:43:21 +0000
ROA not after:            Thu 12 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:64:06:64:5f:38:ef:f1:ad:c9:30:65:94:f4:50:a5:d8:97:4b:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May  8 06:43:21 2025 GMT
            Not After : Jun 12 23:59:59 2025 GMT
        Subject: serialNumber=856fe13257dbf2bd04e96e78a978a3a980d5ac35cdd4e8f36b0423038dc0fa4d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f8:20:46:8d:91:95:de:f1:4e:9f:a2:1f:de:
                    8b:f2:3b:4f:2f:3c:a6:c5:5a:7f:e3:4d:55:0b:49:
                    ef:ac:17:8a:1c:d5:fd:d3:26:cf:24:3e:61:bc:9c:
                    eb:16:82:57:a1:f1:07:ac:41:47:33:df:8d:91:99:
                    5f:6d:10:df:e4:63:c5:bb:c5:8c:ce:e1:b3:85:73:
                    21:e3:15:fa:1e:43:06:1c:1d:68:1f:e1:1f:0b:6e:
                    11:e2:1d:a0:05:45:8f:84:dc:25:48:b9:7b:28:9c:
                    16:90:89:aa:f7:2d:f7:4f:13:d7:d1:7c:9a:82:d3:
                    ca:fd:db:75:f9:cb:f8:65:c2:0a:3c:7e:0e:6f:48:
                    17:a4:68:d3:78:5e:e4:4b:c6:81:6f:01:3b:f4:8e:
                    1a:4b:76:c4:41:10:b2:4b:c8:69:1c:96:04:44:9e:
                    67:f8:20:e2:d7:65:79:31:d5:26:fd:f8:53:ed:5e:
                    6a:d0:d3:d2:8b:fb:7c:81:c7:74:db:41:8d:46:5b:
                    20:bf:60:43:ab:35:80:ca:0f:f9:97:3d:31:e8:2d:
                    ae:64:27:27:20:24:de:61:f6:fd:29:6d:6f:09:cb:
                    5f:3f:c6:98:b4:ab:56:85:91:8b:33:cc:27:c3:88:
                    03:4b:5e:fb:49:d0:07:42:ba:51:55:06:70:e2:8a:
                    1d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:EC:66:AB:6E:9C:1C:69:5E:99:52:98:08:E2:5B:AE:98:C0:E9:7B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a3c0b864-da1d-4503-b04a-8c79708c2431.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:81:52:85:c1:75:f4:36:e9:8b:06:0c:a3:1f:1e:61:2a:7e:
         13:fc:5b:5b:a5:59:c6:26:23:b1:46:f7:17:7e:15:6f:d3:11:
         c5:92:41:26:48:ea:fe:4a:90:56:6e:36:e8:ca:f3:b3:38:c2:
         1a:80:45:16:c8:86:d3:3e:0f:45:a8:67:d0:1e:70:56:8b:7b:
         bf:69:cb:5b:4c:f3:57:d7:58:bc:81:e4:e5:e1:21:29:30:4e:
         2a:bd:af:0f:bb:11:d2:89:8e:d1:a8:01:ad:10:0e:95:bc:b7:
         04:ca:1d:a2:e7:de:82:03:19:c5:2a:62:9d:a3:a8:ef:2d:fb:
         a0:2f:d8:5c:89:75:d2:b9:ef:c1:9f:6f:e2:b1:35:c8:52:d5:
         30:e5:41:d7:3e:6f:3c:f5:d4:51:1a:5a:bf:80:75:71:e5:5a:
         9f:57:7b:90:ee:2f:56:92:83:ba:08:f7:40:10:67:bd:29:93:
         1a:7a:88:de:b4:c9:44:34:4c:9d:8d:17:47:be:bb:64:54:a4:
         f7:b1:df:ec:65:c4:32:63:8b:8e:b9:df:35:63:87:6a:b5:05:
         ab:18:f4:63:6f:35:b8:8a:ad:ab:3b:8c:50:54:b0:92:03:37:
         79:50:80:e8:d7:ac:55:ad:82:1f:16:57:1b:ec:89:b6:45:05:
         78:cd:fc:a5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXWQGZF847/GtyTBllPRQpdiXS5swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTA4MDY0MzIxWhcNMjUwNjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTZmZTEzMjU3ZGJmMmJkMDRlOTZlNzhhOTc4YTNhOTgw
ZDVhYzM1Y2RkNGU4ZjM2YjA0MjMwMzhkYzBmYTRkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2+CBGjZGV3vFOn6If3ovyO08vPKbFWn/jTVULSe+sF4oc
1f3TJs8kPmG8nOsWgleh8QesQUcz342RmV9tEN/kY8W7xYzO4bOFcyHjFfoeQwYc
HWgf4R8LbhHiHaAFRY+E3CVIuXsonBaQiar3LfdPE9fRfJqC08r923X5y/hlwgo8
fg5vSBekaNN4XuRLxoFvATv0jhpLdsRBELJLyGkclgREnmf4IOLXZXkx1Sb9+FPt
XmrQ09KL+3yBx3TbQY1GWyC/YEOrNYDKD/mXPTHoLa5kJycgJN5h9v0pbW8Jy18/
xpi0q1aFkYszzCfDiANLXvtJ0AdCulFVBnDiih1FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9exmq26cHGlemVKYCOJbrpjA6XswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2EzYzBiODY0LWRhMWQtNDUwMy1iMDRhLThjNzk3MDhjMjQzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJKBUoXBdfQ26YsGDKMfHmEqfhP8
W1ulWcYmI7FG9xd+FW/TEcWSQSZI6v5KkFZuNujK87M4whqARRbIhtM+D0WoZ9Ae
cFaLe79py1tM81fXWLyB5OXhISkwTiq9rw+7EdKJjtGoAa0QDpW8twTKHaLn3oID
GcUqYp2jqO8t+6Av2FyJddK578Gfb+KxNchS1TDlQdc+bzz11FEaWr+AdXHlWp9X
e5DuL1aSg7oI90AQZ70pkxp6iN60yUQ0TJ2NF0e+u2RUpPex3+xlxDJji4653zVj
h2q1BasY9GNvNbiKras7jFBUsJIDN3lQgOjXrFWtgh8WVxvsibZFBXjN/KU=
-----END CERTIFICATE-----