Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ba069149-f134-4c83-9858-a613b108e324.roa
File:                     ba069149-f134-4c83-9858-a613b108e324.roa (raw, json)
Hash identifier:          QcCUpRu18vbU7uGFapjSKy+vE8nOLMzrTLYeZ2CV9X4=
Subject key identifier:   E3:A1:AE:B8:9C:CE:DE:47:4F:41:FF:DE:BB:C7:5A:88:7B:80:61:6A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       768958901C928FF6BB3C865C64CC19F3EAD7478A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ba069149-f134-4c83-9858-a613b108e324.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:89:58:90:1c:92:8f:f6:bb:3c:86:5c:64:cc:19:f3:ea:d7:47:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=ea9215a19e14c6d21f89eafd0613157ab1bc6e4a3a32a5bce39ba7f037b762dd, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:36:d6:b4:88:c8:ce:0f:fd:a5:a2:7c:a1:b6:
                    51:ec:41:65:9f:35:59:38:c7:5f:70:b7:70:e7:1b:
                    15:69:75:cf:56:f9:bc:3a:0d:35:6c:96:d5:34:06:
                    bc:0c:84:74:79:ff:0c:5b:48:1f:b3:1f:d8:cd:74:
                    91:9b:17:d5:e4:e7:5a:d1:24:73:11:93:b6:c5:51:
                    ec:7b:d2:39:d2:fd:4d:61:bd:00:61:e6:89:a5:54:
                    be:94:ca:7a:e2:b3:dd:91:60:41:0f:81:9a:88:4c:
                    5e:54:36:c5:33:61:85:61:77:96:05:41:d0:e7:bf:
                    c6:be:7d:0b:15:d4:d9:03:5d:7f:9e:c0:e0:ff:cc:
                    97:12:c3:20:84:0f:dd:4e:f3:5b:57:cd:73:dd:d0:
                    4e:fd:f8:d3:46:0d:54:d6:cf:1b:12:36:d2:df:bf:
                    97:31:ff:fb:fa:dd:4b:51:c2:40:2c:0d:0f:64:fa:
                    5d:0c:a1:7f:45:0e:df:c0:91:95:2f:93:47:b5:ca:
                    d2:c3:19:23:7e:8f:6b:5f:65:89:8c:18:dc:29:0d:
                    d0:1b:48:3d:a5:59:ec:12:f0:cd:c8:66:89:6f:68:
                    ed:ba:c9:8c:36:ee:65:4e:1c:48:8b:0e:90:01:69:
                    7c:3e:b9:55:e0:e1:81:68:aa:bd:ac:55:f7:64:e8:
                    36:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A1:AE:B8:9C:CE:DE:47:4F:41:FF:DE:BB:C7:5A:88:7B:80:61:6A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ba069149-f134-4c83-9858-a613b108e324.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:96:a9:e0:1b:4b:2b:a8:dd:62:23:a3:6e:02:39:1c:44:f0:
         a7:d5:5a:23:38:19:ec:9b:e5:e0:e9:66:2d:45:06:68:69:c5:
         0d:bd:87:d6:00:ba:93:71:53:a5:ed:c7:32:cd:a6:d1:39:a7:
         92:f1:fc:8f:c2:56:ca:33:bd:19:1e:46:8e:bf:d5:14:c6:5c:
         14:7b:f0:e9:4a:a7:ae:97:b1:cb:e9:97:aa:51:7c:8a:b6:79:
         64:08:ac:38:be:2a:23:9f:c9:72:d1:f6:dd:e7:a1:64:4e:5d:
         42:ba:4c:85:ce:fc:22:15:75:68:a1:01:4e:70:2c:45:83:17:
         5a:23:b5:19:72:6c:25:d7:cb:72:9e:f0:58:48:05:5d:bb:80:
         16:0f:82:95:f8:66:a8:b2:5a:99:9b:cf:9a:84:6b:69:5a:8a:
         8d:fb:08:0a:c5:72:18:ba:60:95:0f:a6:dd:8a:f7:c6:e2:0f:
         6c:ae:c5:5f:67:7c:f0:00:43:7a:c2:eb:bc:72:24:6a:1b:16:
         75:ef:92:74:c6:7b:4b:d8:5c:73:e0:50:0f:9b:46:87:7c:7c:
         c4:e2:5a:35:01:28:d8:ee:c9:64:54:ed:3a:b4:39:64:89:29:
         02:c7:b8:1d:cc:3f:cc:59:8b:61:f8:1e:62:16:f5:6c:bd:39:
         e0:3c:73:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdolYkBySj/a7PIZcZMwZ8+rXR4owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTkyMTVhMTllMTRjNmQyMWY4OWVhZmQwNjEzMTU3YWIx
YmM2ZTRhM2EzMmE1YmNlMzliYTdmMDM3Yjc2MmRkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2Nta0iMjOD/2lonyhtlHsQWWfNVk4x19wt3DnGxVpdc9W
+bw6DTVsltU0BrwMhHR5/wxbSB+zH9jNdJGbF9Xk51rRJHMRk7bFUex70jnS/U1h
vQBh5omlVL6Uynris92RYEEPgZqITF5UNsUzYYVhd5YFQdDnv8a+fQsV1NkDXX+e
wOD/zJcSwyCED91O81tXzXPd0E79+NNGDVTWzxsSNtLfv5cx//v63UtRwkAsDQ9k
+l0MoX9FDt/AkZUvk0e1ytLDGSN+j2tfZYmMGNwpDdAbSD2lWewS8M3IZolvaO26
yYw27mVOHEiLDpABaXw+uVXg4YFoqr2sVfdk6DZvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU46GuuJzO3kdPQf/eu8daiHuAYWowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JhMDY5MTQ5LWYxMzQtNGM4My05ODU4LWE2MTNiMTA4ZTMyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFSWqeAbSyuo3WIjo24CORxE8KfV
WiM4Geyb5eDpZi1FBmhpxQ29h9YAupNxU6XtxzLNptE5p5Lx/I/CVsozvRkeRo6/
1RTGXBR78OlKp66Xscvpl6pRfIq2eWQIrDi+KiOfyXLR9t3noWROXUK6TIXO/CIV
dWihAU5wLEWDF1ojtRlybCXXy3Ke8FhIBV27gBYPgpX4ZqiyWpmbz5qEa2laio37
CArFchi6YJUPpt2K98biD2yuxV9nfPAAQ3rC67xyJGobFnXvknTGe0vYXHPgUA+b
Rod8fMTiWjUBKNjuyWRU7Tq0OWSJKQLHuB3MP8xZi2H4HmIW9Wy9OeA8cw8=
-----END CERTIFICATE-----