Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b4b2c39a-7596-4b68-b8dd-3cb9b3990954.roa
File:                     b4b2c39a-7596-4b68-b8dd-3cb9b3990954.roa (raw, json)
Hash identifier:          b1eoBfpsbUIv8XklQTq2mVQ+FBthFndGM9K2mSynv6g=
Subject key identifier:   21:A7:17:8C:46:2E:F4:22:4D:54:52:E8:74:50:D9:22:27:D6:EB:EE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       78032F54733A8885B613242C07AE9538785663FD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b4b2c39a-7596-4b68-b8dd-3cb9b3990954.roa
Signing time:             Sun 09 Feb 2025 00:00:00 +0000
ROA not before:           Sun 09 Feb 2025 00:00:00 +0000
ROA not after:            Sun 16 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:03:2f:54:73:3a:88:85:b6:13:24:2c:07:ae:95:38:78:56:63:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  9 00:00:00 2025 GMT
            Not After : Mar 16 23:59:59 2025 GMT
        Subject: serialNumber=891579b77e56f13d1eb6e12675d434fa14aa7729dc08929694ee9c92e2aae8fc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:24:76:a3:93:7a:2c:b4:b7:51:20:f0:69:c2:
                    68:db:92:12:cb:a6:97:9d:38:12:24:59:a8:cb:22:
                    2f:73:9b:27:60:28:6c:40:5a:ac:93:6b:56:2c:19:
                    16:09:2f:8d:a8:6e:50:ee:8e:11:59:1d:d8:bc:e6:
                    13:80:cf:17:0d:aa:0a:17:c2:d1:3c:b7:92:1a:07:
                    b1:11:cd:e4:7e:7b:02:21:69:23:6e:db:90:c8:d2:
                    24:17:b9:04:b1:44:14:6b:6c:70:16:94:e1:53:bd:
                    a1:f1:3f:eb:be:95:3d:63:eb:16:1e:8d:82:16:68:
                    ff:e8:5f:f2:0d:81:a8:74:48:0a:b4:b4:79:66:c5:
                    e2:f4:12:a1:8d:d6:b0:b3:2b:44:9a:53:e1:9a:09:
                    f8:c9:ab:b7:73:e7:fa:07:24:de:fe:25:ce:e0:5e:
                    b0:40:0a:89:fe:e6:b6:08:76:2f:35:9e:9a:4d:c4:
                    8e:f0:9e:98:86:f2:ce:21:b1:95:b4:db:cc:5b:9f:
                    b2:f4:c2:20:2c:f3:f8:7d:ec:7e:b9:76:f2:b8:b2:
                    c5:b2:f8:b8:0d:e4:78:40:02:36:d9:f1:69:a2:9a:
                    f1:56:88:36:28:41:e5:51:6f:39:f5:8b:e6:d3:52:
                    53:20:e3:d6:23:62:2b:7e:43:fb:05:52:8e:39:d0:
                    7d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A7:17:8C:46:2E:F4:22:4D:54:52:E8:74:50:D9:22:27:D6:EB:EE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b4b2c39a-7596-4b68-b8dd-3cb9b3990954.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:16:88:12:24:3c:62:80:94:10:b1:35:44:d5:fe:5c:ea:d0:
         07:e1:8d:96:27:29:76:8f:1f:fb:50:1a:06:84:74:a6:63:ac:
         f0:07:3d:31:99:6e:05:5e:6b:9f:ab:36:af:e2:f9:25:7c:e1:
         61:37:28:81:6a:ed:73:ed:d8:30:c9:ff:f3:ca:74:e1:3d:e1:
         4a:60:46:b1:a7:70:9b:2d:9a:11:32:d1:73:1a:03:bd:87:47:
         65:4e:5a:f5:d4:43:23:04:65:fc:66:48:b9:af:c8:8d:63:f3:
         f4:9d:33:fd:f0:e4:d0:85:b7:42:fa:da:88:1b:7f:b8:8c:5d:
         61:a3:fe:8b:61:2e:22:47:d1:5a:91:d4:df:e9:9f:92:88:0a:
         d9:7a:82:9b:ea:c1:24:7d:1a:c9:f6:4f:7c:b9:2b:e9:58:8e:
         c9:6a:35:e5:6e:e7:0d:bf:15:90:9d:8b:8b:19:f7:95:a6:7e:
         f6:4f:17:79:85:fc:2e:15:37:19:d8:d0:f7:24:bf:e1:48:fb:
         7a:0c:89:4b:b6:60:be:75:30:ff:fe:57:ea:bf:12:a3:26:2f:
         47:cf:97:a0:ac:a1:db:64:d8:ab:8e:fe:49:88:60:21:ac:24:
         5c:e0:db:3d:c2:39:92:16:f4:4e:c4:b5:b4:a6:85:c4:25:b1:
         27:db:0a:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeAMvVHM6iIW2EyQsB66VOHhWY/0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjA5MDAwMDAwWhcNMjUwMzE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OTE1NzliNzdlNTZmMTNkMWViNmUxMjY3NWQ0MzRmYTE0
YWE3NzI5ZGMwODkyOTY5NGVlOWM5MmUyYWFlOGZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUJHajk3ostLdRIPBpwmjbkhLLppedOBIkWajLIi9zmydg
KGxAWqyTa1YsGRYJL42oblDujhFZHdi85hOAzxcNqgoXwtE8t5IaB7ERzeR+ewIh
aSNu25DI0iQXuQSxRBRrbHAWlOFTvaHxP+u+lT1j6xYejYIWaP/oX/INgah0SAq0
tHlmxeL0EqGN1rCzK0SaU+GaCfjJq7dz5/oHJN7+Jc7gXrBACon+5rYIdi81nppN
xI7wnpiG8s4hsZW028xbn7L0wiAs8/h97H65dvK4ssWy+LgN5HhAAjbZ8WmimvFW
iDYoQeVRbzn1i+bTUlMg49YjYit+Q/sFUo450H33AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIacXjEYu9CJNVFLodFDZIifW6+4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I0YjJjMzlhLTc1OTYtNGI2OC1iOGRkLTNjYjliMzk5MDk1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKAWiBIkPGKAlBCxNUTV/lzq0Afh
jZYnKXaPH/tQGgaEdKZjrPAHPTGZbgVea5+rNq/i+SV84WE3KIFq7XPt2DDJ//PK
dOE94UpgRrGncJstmhEy0XMaA72HR2VOWvXUQyMEZfxmSLmvyI1j8/SdM/3w5NCF
t0L62ogbf7iMXWGj/othLiJH0VqR1N/pn5KICtl6gpvqwSR9Gsn2T3y5K+lYjslq
NeVu5w2/FZCdi4sZ95WmfvZPF3mF/C4VNxnY0Pckv+FI+3oMiUu2YL51MP/+V+q/
EqMmL0fPl6Csodtk2KuO/kmIYCGsJFzg2z3COZIW9E7EtbSmhcQlsSfbCvM=
-----END CERTIFICATE-----