Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ba6a4252-54e5-4ba3-8137-9e2c907c9ba0.roa
File:                     ba6a4252-54e5-4ba3-8137-9e2c907c9ba0.roa (raw, json)
Hash identifier:          cVCEYAzjeVEkoGuTFBekB3aRowMUXR1i3ksqYlxxFms=
Subject key identifier:   34:A1:95:C0:F4:87:75:63:1C:B4:23:E3:15:23:1A:E7:9E:A8:65:3F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4635C4DB34BAD33E95C79BB71C72861CA2452A2A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ba6a4252-54e5-4ba3-8137-9e2c907c9ba0.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:35:c4:db:34:ba:d3:3e:95:c7:9b:b7:1c:72:86:1c:a2:45:2a:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=5cfc3ed591f3d2706e976aeb6a67e2420e36091368f8f770e9bbd48c95f81870, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e6:02:15:26:a3:84:27:7e:93:fc:14:12:4e:
                    f0:50:fb:a5:9a:0b:03:52:b2:2f:77:64:ec:f1:3a:
                    18:66:e1:18:90:5b:1b:18:74:96:20:d6:f2:31:6b:
                    e2:d8:5b:6a:20:eb:75:ef:f0:f2:24:e5:a8:0e:54:
                    c7:44:2b:da:08:bf:67:1c:ea:aa:00:a4:8c:ff:b7:
                    91:6b:cd:b9:df:b3:10:bf:87:2b:41:5f:75:a6:8e:
                    89:35:4c:a5:23:c1:24:cf:1e:00:2c:2c:a9:b4:a4:
                    c8:0f:14:f3:c8:84:09:42:ed:c1:b0:73:77:41:1f:
                    10:11:65:c4:64:41:ee:1d:b6:44:d2:3e:e3:30:43:
                    85:65:6b:7b:9e:c2:00:2a:b2:17:07:ac:88:c3:f3:
                    8d:02:e0:90:44:bd:5f:bc:69:ca:82:cc:a7:2a:2b:
                    03:02:07:5a:9b:6b:b5:f8:fa:a6:c6:49:4b:00:32:
                    32:52:06:0c:b6:6c:dc:a1:ee:dd:69:58:82:54:c2:
                    63:a4:47:25:81:90:23:e8:9d:9f:b9:09:fe:c1:5c:
                    cf:b2:30:7a:2b:2c:b6:c8:a6:b2:b8:d8:5b:e9:a6:
                    da:a6:71:c6:0d:99:44:2b:64:69:e3:9a:dd:8c:b0:
                    10:ed:ad:a5:ed:b2:73:cf:a1:3c:c6:6b:b2:a1:ab:
                    e5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A1:95:C0:F4:87:75:63:1C:B4:23:E3:15:23:1A:E7:9E:A8:65:3F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ba6a4252-54e5-4ba3-8137-9e2c907c9ba0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f1:37:31:de:2d:c9:c2:79:af:b9:dd:96:d9:5a:66:64:7a:
         c9:b0:91:db:a2:56:4f:48:19:4c:36:7b:72:af:11:c9:a0:50:
         52:c2:0c:17:a0:ef:2f:1e:2b:a6:60:82:b0:fd:27:e5:65:68:
         e3:37:ce:cd:ff:21:53:78:f0:0e:60:9c:46:6d:1c:c9:63:77:
         35:cb:19:52:25:77:49:f3:8e:fa:d6:25:c7:62:02:17:cb:c3:
         7e:84:3c:9d:1f:ad:a1:d6:bd:83:90:e9:f2:0d:6d:e4:73:10:
         fa:62:4d:94:82:bf:27:06:7e:90:0b:af:37:91:d3:8d:92:5c:
         a5:8a:85:15:ad:6c:3b:72:8f:f5:1c:b3:dc:eb:18:51:02:41:
         c2:19:49:0b:75:8f:2b:b3:3d:2d:ad:a5:87:f1:bc:63:a4:4f:
         e2:13:f8:b4:3b:4c:75:83:41:86:57:3c:41:21:35:78:55:c6:
         0c:e4:47:57:81:c3:5a:c4:e4:a4:e2:fc:00:2e:48:29:02:8a:
         7c:f1:3e:8b:d4:35:58:01:9a:0d:2d:f7:ea:f2:dc:ef:b2:65:
         69:b1:9d:9e:bf:77:b0:45:88:51:b1:e5:51:d4:81:60:ce:d8:
         99:45:a3:b5:ae:af:50:ec:9e:89:24:67:d4:4d:98:5a:d4:43:
         09:a9:e0:d4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURjXE2zS60z6Vx5u3HHKGHKJFKiowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Y2ZjM2VkNTkxZjNkMjcwNmU5NzZhZWI2YTY3ZTI0MjBl
MzYwOTEzNjhmOGY3NzBlOWJiZDQ4Yzk1ZjgxODcwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCf5gIVJqOEJ36T/BQSTvBQ+6WaCwNSsi93ZOzxOhhm4RiQ
WxsYdJYg1vIxa+LYW2og63Xv8PIk5agOVMdEK9oIv2cc6qoApIz/t5FrzbnfsxC/
hytBX3Wmjok1TKUjwSTPHgAsLKm0pMgPFPPIhAlC7cGwc3dBHxARZcRkQe4dtkTS
PuMwQ4Vla3uewgAqshcHrIjD840C4JBEvV+8acqCzKcqKwMCB1qba7X4+qbGSUsA
MjJSBgy2bNyh7t1pWIJUwmOkRyWBkCPonZ+5Cf7BXM+yMHorLLbIprK42Fvpptqm
ccYNmUQrZGnjmt2MsBDtraXtsnPPoTzGa7Khq+W5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNKGVwPSHdWMctCPjFSMa556oZT8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JhNmE0MjUyLTU0ZTUtNGJhMy04MTM3LTllMmM5MDdjOWJhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAArxNzHeLcnCea+53ZbZWmZkesmw
kduiVk9IGUw2e3KvEcmgUFLCDBeg7y8eK6ZggrD9J+VlaOM3zs3/IVN48A5gnEZt
HMljdzXLGVIld0nzjvrWJcdiAhfLw36EPJ0fraHWvYOQ6fINbeRzEPpiTZSCvycG
fpALrzeR042SXKWKhRWtbDtyj/Ucs9zrGFECQcIZSQt1jyuzPS2tpYfxvGOkT+IT
+LQ7THWDQYZXPEEhNXhVxgzkR1eBw1rE5KTi/AAuSCkCinzxPovUNVgBmg0t9+ry
3O+yZWmxnZ6/d7BFiFGx5VHUgWDO2JlFo7Wur1DsnokkZ9RNmFrUQwmp4NQ=
-----END CERTIFICATE-----