Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c2be1c26-243b-4c89-8880-d19c3ef4de9e.roa
File:                     c2be1c26-243b-4c89-8880-d19c3ef4de9e.roa (raw, json)
Hash identifier:          YT2MZMn8l66Tfur19ItKqAva/hHF8xtDKVcbQdjTVOw=
Subject key identifier:   BC:B9:BB:91:00:FE:35:15:9A:70:5C:C0:7F:C4:AB:8E:0A:F3:D3:0D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       415042DD78BC59608EC6F7245DADE2CD44364C84
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c2be1c26-243b-4c89-8880-d19c3ef4de9e.roa
Signing time:             Sun 29 Dec 2024 00:00:00 +0000
ROA not before:           Sun 29 Dec 2024 00:00:00 +0000
ROA not after:            Sun 02 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:50:42:dd:78:bc:59:60:8e:c6:f7:24:5d:ad:e2:cd:44:36:4c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 29 00:00:00 2024 GMT
            Not After : Feb  2 23:59:59 2025 GMT
        Subject: serialNumber=e4995d9611210d0f3b7a387fcb3748bf47c8d335e7de93dc642eb1e0a7d5012a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:84:5c:d6:9b:f1:9b:26:95:78:1f:aa:83:af:
                    3e:c3:32:00:2a:49:05:b1:57:18:da:3b:ef:d5:10:
                    fc:62:79:1b:8f:32:ba:57:0d:52:88:4b:55:ef:98:
                    95:97:c4:55:a3:a7:09:f1:95:f8:db:c1:f7:a0:83:
                    38:9b:7a:61:2e:a3:9f:57:8a:c1:7f:2b:a1:ac:9a:
                    61:9a:71:f1:25:d5:cd:27:ac:05:3e:b9:a4:e3:e0:
                    64:2a:42:7e:73:a3:aa:de:2d:c7:e1:51:dd:d2:0f:
                    b8:31:33:10:6f:7b:10:ad:84:fa:b6:1f:d5:d4:96:
                    35:ec:21:53:f2:15:f9:39:70:78:cd:b5:92:f5:60:
                    75:4a:d8:64:b7:55:4c:a7:70:24:07:1e:1e:6a:c5:
                    d3:02:dc:cb:af:63:f9:84:94:32:7d:f4:2d:b5:57:
                    5e:58:91:d4:a7:50:2d:20:04:64:d0:0f:5e:e1:4a:
                    18:0e:84:71:c1:7c:35:15:35:6d:c9:51:3e:ca:0a:
                    81:54:73:11:bb:89:ae:bc:b6:c4:b9:fc:40:2a:eb:
                    7a:73:51:b7:20:a2:60:46:d7:b4:8e:4e:c0:2e:45:
                    24:23:0c:e0:e0:b2:66:61:d9:7e:eb:b9:a4:d3:d7:
                    c9:19:8a:d1:2c:8a:aa:03:bf:77:bb:6d:58:19:af:
                    e3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B9:BB:91:00:FE:35:15:9A:70:5C:C0:7F:C4:AB:8E:0A:F3:D3:0D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c2be1c26-243b-4c89-8880-d19c3ef4de9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:7b:5f:2e:a8:9a:c8:62:95:c3:78:82:3d:1a:e0:06:d2:a0:
         0b:51:0c:6d:3f:97:f2:05:21:5a:2e:0c:ea:27:2f:9a:b5:6c:
         f6:87:74:7f:a6:b7:dc:4f:8f:9b:ce:29:ea:db:f7:54:69:16:
         fa:3f:e7:49:70:70:8d:68:eb:f2:c9:ef:82:0f:f5:e3:c2:02:
         dc:2e:ad:1d:eb:39:5a:be:f5:94:c4:17:a3:b5:0d:43:14:97:
         96:9a:a8:05:34:86:a9:a0:78:95:3e:2b:c4:3b:35:aa:ae:a6:
         02:aa:50:e6:39:d9:44:7a:3f:a0:8c:b0:cc:db:ee:59:1c:37:
         2a:b9:b6:9b:24:93:a2:a0:68:a2:6c:9e:64:7f:72:fd:6a:bb:
         3c:b3:68:11:ee:5e:4b:20:fb:35:35:bb:f5:36:56:48:9f:fa:
         86:22:36:b2:be:39:10:9f:87:41:72:f9:3f:4c:59:24:7f:cf:
         cc:b6:91:36:8e:32:90:31:e9:fa:a9:c9:3c:90:8d:f2:c9:05:
         41:58:6c:ae:7e:75:70:a4:9f:4a:db:d7:49:59:ec:57:90:aa:
         ce:c6:94:ec:b5:32:fd:51:19:55:f7:6e:2f:05:07:a0:1a:5b:
         d8:13:f6:7e:0a:a5:25:9d:e1:32:ba:24:ed:27:fb:e4:2d:b9:
         cf:5e:fc:07
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQVBC3Xi8WWCOxvckXa3izUQ2TIQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjI5MDAwMDAwWhcNMjUwMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNDk5NWQ5NjExMjEwZDBmM2I3YTM4N2ZjYjM3NDhiZjQ3
YzhkMzM1ZTdkZTkzZGM2NDJlYjFlMGE3ZDUwMTJhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOhFzWm/GbJpV4H6qDrz7DMgAqSQWxVxjaO+/VEPxieRuP
MrpXDVKIS1XvmJWXxFWjpwnxlfjbwfeggzibemEuo59XisF/K6GsmmGacfEl1c0n
rAU+uaTj4GQqQn5zo6reLcfhUd3SD7gxMxBvexCthPq2H9XUljXsIVPyFfk5cHjN
tZL1YHVK2GS3VUyncCQHHh5qxdMC3MuvY/mElDJ99C21V15YkdSnUC0gBGTQD17h
ShgOhHHBfDUVNW3JUT7KCoFUcxG7ia68tsS5/EAq63pzUbcgomBG17SOTsAuRSQj
DODgsmZh2X7ruaTT18kZitEsiqoDv3e7bVgZr+O5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvLm7kQD+NRWacFzAf8Srjgrz0w0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2MyYmUxYzI2LTI0M2ItNGM4OS04ODgwLWQxOWMzZWY0ZGU5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKh7Xy6omshilcN4gj0a4AbSoAtR
DG0/l/IFIVouDOonL5q1bPaHdH+mt9xPj5vOKerb91RpFvo/50lwcI1o6/LJ74IP
9ePCAtwurR3rOVq+9ZTEF6O1DUMUl5aaqAU0hqmgeJU+K8Q7NaqupgKqUOY52UR6
P6CMsMzb7lkcNyq5tpskk6KgaKJsnmR/cv1quzyzaBHuXksg+zU1u/U2Vkif+oYi
NrK+ORCfh0Fy+T9MWSR/z8y2kTaOMpAx6fqpyTyQjfLJBUFYbK5+dXCkn0rb10lZ
7FeQqs7GlOy1Mv1RGVX3bi8FB6AaW9gT9n4KpSWd4TK6JO0n++Qtuc9e/Ac=
-----END CERTIFICATE-----