Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c039e7c5-4205-4dfd-95c2-0396c95f3615.roa
File:                     c039e7c5-4205-4dfd-95c2-0396c95f3615.roa (raw, json)
Hash identifier:          rGFs4N1g54xMnogS5YT38amVEiln+mDzZpfArixymUI=
Subject key identifier:   3A:7B:E0:0D:58:99:02:BE:26:DD:40:9F:29:5A:1D:5A:8B:C3:84:52
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       290636C64E0C71611A856463BC601D9CEE0E0B7A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c039e7c5-4205-4dfd-95c2-0396c95f3615.roa
Signing time:             Thu 01 May 2025 06:23:16 +0000
ROA not before:           Thu 01 May 2025 06:23:16 +0000
ROA not after:            Thu 05 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:06:36:c6:4e:0c:71:61:1a:85:64:63:bc:60:1d:9c:ee:0e:0b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May  1 06:23:16 2025 GMT
            Not After : Jun  5 23:59:59 2025 GMT
        Subject: serialNumber=4be6d2066d2c3f84134daac7ec5984a04364ab8b31e8d1db16513c809c38fa89, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:c3:51:5a:00:07:3b:c8:68:d8:20:f1:d9:06:
                    82:52:b5:4b:1e:b6:2a:c6:25:ac:c5:f0:d6:5d:92:
                    ce:97:88:54:63:46:f5:cb:d1:34:87:0b:b5:9b:62:
                    a6:8d:a9:05:72:67:a9:a5:20:5e:47:6c:95:4f:90:
                    e4:21:1a:88:b1:59:c1:f1:80:9a:4d:df:53:60:31:
                    69:6c:b3:c2:3a:bd:10:84:b0:c0:88:26:8f:93:a0:
                    91:d4:c8:f0:c1:0e:5f:2f:73:89:66:89:c4:41:09:
                    97:97:56:39:c0:f1:e3:13:70:98:a0:28:f0:0a:a7:
                    85:b2:b1:3a:2f:5e:a5:bb:e5:fd:1b:76:1b:d0:26:
                    c6:8a:ce:66:ed:f7:3b:c5:db:60:1e:89:c7:b0:72:
                    71:0b:6e:fa:3c:0f:98:a4:3e:28:26:55:85:78:93:
                    5a:a7:8e:97:c2:5f:b4:3e:75:b8:5d:f9:75:48:0e:
                    44:62:bf:e7:7b:4c:bf:4e:23:bd:bb:8f:d1:24:fd:
                    75:7e:3b:a7:45:97:5d:19:23:42:a2:42:dc:8e:cb:
                    75:36:6f:b2:69:20:dd:66:d2:c3:2b:3b:e4:11:f5:
                    c5:dd:7d:4a:7f:3c:d9:48:dc:69:f8:e7:b2:f4:b0:
                    53:6b:84:ea:6f:d3:f6:3f:ca:3e:92:bd:7c:14:4a:
                    2e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:7B:E0:0D:58:99:02:BE:26:DD:40:9F:29:5A:1D:5A:8B:C3:84:52
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c039e7c5-4205-4dfd-95c2-0396c95f3615.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:6d:ab:75:0f:8e:ea:fc:98:25:4b:02:37:a4:68:9d:ab:2f:
         23:82:1d:8b:d0:2e:75:da:38:cf:27:9b:8d:1b:f3:d5:11:e9:
         ec:41:c9:aa:65:70:b7:a3:30:d9:93:92:b0:83:01:16:e3:a1:
         05:ed:c2:59:8f:59:e1:bc:f4:69:0e:37:36:21:41:2d:b2:c3:
         5c:9f:0b:ee:6b:24:d3:2c:b3:10:1e:bc:80:07:c5:21:86:38:
         82:d8:68:13:d9:7c:ef:d6:21:5c:8a:ae:3f:7a:db:f1:5e:90:
         a5:b0:81:aa:86:54:8d:08:03:fa:8a:e5:17:24:65:4b:1f:60:
         5c:a2:9a:20:56:39:09:00:fa:47:0a:d7:49:ef:a2:3c:73:06:
         96:3e:ca:86:92:87:d3:13:1a:ef:1d:50:f0:52:28:2f:a7:74:
         8b:8b:86:cd:bd:53:ff:52:74:00:f6:68:07:7a:d4:f3:6b:81:
         fc:54:2c:e6:89:24:ea:2f:8e:5a:6f:2c:b0:b8:dd:7b:8c:19:
         78:a5:70:1a:d7:93:06:74:c8:56:23:2d:aa:06:30:2c:02:fc:
         25:98:51:f8:1e:27:b0:a0:bf:08:45:21:97:95:4b:44:7b:d9:
         9c:28:cf:ca:d7:fb:10:e5:88:c0:3e:21:2b:ab:7a:8e:68:26:
         a4:ba:69:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKQY2xk4McWEahWRjvGAdnO4OC3owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTAxMDYyMzE2WhcNMjUwNjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YmU2ZDIwNjZkMmMzZjg0MTM0ZGFhYzdlYzU5ODRhMDQz
NjRhYjhiMzFlOGQxZGIxNjUxM2M4MDljMzhmYTg5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtw1FaAAc7yGjYIPHZBoJStUsetirGJazF8NZdks6XiFRj
RvXL0TSHC7WbYqaNqQVyZ6mlIF5HbJVPkOQhGoixWcHxgJpN31NgMWlss8I6vRCE
sMCIJo+ToJHUyPDBDl8vc4lmicRBCZeXVjnA8eMTcJigKPAKp4WysTovXqW75f0b
dhvQJsaKzmbt9zvF22AeicewcnELbvo8D5ikPigmVYV4k1qnjpfCX7Q+dbhd+XVI
DkRiv+d7TL9OI727j9Ek/XV+O6dFl10ZI0KiQtyOy3U2b7JpIN1m0sMrO+QR9cXd
fUp/PNlI3Gn457L0sFNrhOpv0/Y/yj6SvXwUSi5VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOnvgDViZAr4m3UCfKVodWovDhFIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2MwMzllN2M1LTQyMDUtNGRmZC05NWMyLTAzOTZjOTVmMzYxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABttq3UPjur8mCVLAjekaJ2rLyOC
HYvQLnXaOM8nm40b89UR6exByaplcLejMNmTkrCDARbjoQXtwlmPWeG89GkONzYh
QS2yw1yfC+5rJNMssxAevIAHxSGGOILYaBPZfO/WIVyKrj962/FekKWwgaqGVI0I
A/qK5RckZUsfYFyimiBWOQkA+kcK10nvojxzBpY+yoaSh9MTGu8dUPBSKC+ndIuL
hs29U/9SdAD2aAd61PNrgfxULOaJJOovjlpvLLC43XuMGXilcBrXkwZ0yFYjLaoG
MCwC/CWYUfgeJ7CgvwhFIZeVS0R72Zwoz8rX+xDliMA+ISureo5oJqS6aSU=
-----END CERTIFICATE-----