Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ca11b704-8a16-4194-9604-23775448ef7e.roa
File:                     ca11b704-8a16-4194-9604-23775448ef7e.roa (raw, json)
Hash identifier:          +Er73sOBe2CXc5CMM5UjzJNd/uX/+e6rbOS07PjZj3A=
Subject key identifier:   B5:8B:F5:78:EA:D5:63:2C:44:AA:B0:5A:73:14:D6:4D:99:D6:8D:24
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5844811132660F43400B6E75DEBF5DF97EED6CD8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ca11b704-8a16-4194-9604-23775448ef7e.roa
Signing time:             Tue 11 Mar 2025 23:13:23 +0000
ROA not before:           Tue 11 Mar 2025 23:13:23 +0000
ROA not after:            Tue 15 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:44:81:11:32:66:0f:43:40:0b:6e:75:de:bf:5d:f9:7e:ed:6c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 11 23:13:23 2025 GMT
            Not After : Apr 15 23:59:59 2025 GMT
        Subject: serialNumber=264d532871bcd11a3b7f702b544bc5d0215925db5db4ca4c75b35075e0202de3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:14:f8:15:e7:7f:8f:23:d5:1c:d3:4e:4a:9c:
                    03:ee:93:87:25:ce:31:4d:76:4c:5c:34:82:40:a0:
                    5c:0b:4f:34:cc:1c:29:15:ab:1b:60:25:79:a6:b5:
                    2b:a5:e5:22:2d:5a:34:10:a7:03:7d:a0:9f:98:9e:
                    51:ba:38:8d:ae:28:9d:68:92:f0:12:da:c7:0c:f6:
                    be:89:1b:67:2c:47:57:1e:fd:cc:02:95:5c:be:b8:
                    71:b2:8f:84:f5:87:2c:69:41:cc:75:0c:00:b2:6f:
                    ce:be:46:d9:69:58:42:09:4c:b4:8c:23:48:4b:f6:
                    35:4d:ea:11:c0:7e:e3:bb:3f:19:2d:7f:4b:05:63:
                    5b:3c:2a:45:a9:a0:c4:17:ea:11:1e:20:1e:74:67:
                    c9:45:d1:fc:7b:6e:b6:f7:f3:8b:1d:b4:b4:c1:cb:
                    c1:77:16:01:ea:d2:e2:f0:b6:03:d3:b1:4c:aa:62:
                    d5:54:c8:c3:ff:d7:81:21:33:f0:95:41:20:55:ed:
                    3c:1a:10:c4:9a:68:38:11:2a:83:0c:11:93:27:be:
                    05:10:be:47:8a:80:b7:0f:d6:82:30:80:99:b0:d5:
                    63:f1:67:f2:23:68:16:0a:68:3a:04:d6:d7:34:40:
                    e4:d5:c0:c5:c0:50:df:0f:6f:56:9c:1d:3b:4a:11:
                    a2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:8B:F5:78:EA:D5:63:2C:44:AA:B0:5A:73:14:D6:4D:99:D6:8D:24
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ca11b704-8a16-4194-9604-23775448ef7e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:5f:01:c1:44:2d:b9:4d:b0:99:1a:6b:98:53:7b:bd:87:4f:
         29:69:d2:aa:db:eb:cf:46:e6:bb:d5:24:64:f6:5a:b6:c9:64:
         56:66:f2:d1:10:48:98:c2:90:27:fd:37:4a:2a:4e:30:cf:aa:
         0a:04:19:19:fd:84:35:61:5f:39:a1:cb:46:06:45:75:95:8c:
         94:c4:df:11:96:1e:8d:1b:88:de:a2:6f:87:c0:f0:8f:37:c4:
         33:a0:ed:7f:fd:63:b5:3d:89:55:df:13:f2:3f:17:5c:29:ed:
         6c:18:64:31:c9:a2:6b:c4:48:6f:0e:5c:64:10:64:59:77:a0:
         a5:2d:01:c9:91:b4:d7:d3:66:60:a7:14:01:f0:36:97:ab:63:
         90:ff:c7:8e:56:29:da:f7:91:06:0f:bc:23:d0:f9:57:ac:60:
         6d:64:55:8c:2e:d0:43:e1:44:3a:ed:c5:ad:12:18:1c:46:1a:
         c5:eb:93:b0:9a:b6:57:81:b8:61:2a:2e:3d:1b:5d:9e:6e:3a:
         06:e9:26:b1:65:5c:45:c4:1b:9f:5f:c9:15:3d:09:1e:c7:f8:
         6a:77:95:97:71:1b:6e:df:03:3a:d3:d7:72:40:a9:b2:ef:48:
         0f:89:52:11:e1:20:5a:6b:85:f1:c3:0c:db:b1:6a:6d:b0:63:
         48:92:8e:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWESBETJmD0NAC2513r9d+X7tbNgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzExMjMxMzIzWhcNMjUwNDE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNjRkNTMyODcxYmNkMTFhM2I3ZjcwMmI1NDRiYzVkMDIx
NTkyNWRiNWRiNGNhNGM3NWIzNTA3NWUwMjAyZGUzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkFPgV53+PI9Uc005KnAPuk4clzjFNdkxcNIJAoFwLTzTM
HCkVqxtgJXmmtSul5SItWjQQpwN9oJ+YnlG6OI2uKJ1okvAS2scM9r6JG2csR1ce
/cwClVy+uHGyj4T1hyxpQcx1DACyb86+RtlpWEIJTLSMI0hL9jVN6hHAfuO7Pxkt
f0sFY1s8KkWpoMQX6hEeIB50Z8lF0fx7brb384sdtLTBy8F3FgHq0uLwtgPTsUyq
YtVUyMP/14EhM/CVQSBV7TwaEMSaaDgRKoMMEZMnvgUQvkeKgLcP1oIwgJmw1WPx
Z/IjaBYKaDoE1tc0QOTVwMXAUN8Pb1acHTtKEaJrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtYv1eOrVYyxEqrBacxTWTZnWjSQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NhMTFiNzA0LThhMTYtNDE5NC05NjA0LTIzNzc1NDQ4ZWY3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABxfAcFELblNsJkaa5hTe72HTylp
0qrb689G5rvVJGT2WrbJZFZm8tEQSJjCkCf9N0oqTjDPqgoEGRn9hDVhXzmhy0YG
RXWVjJTE3xGWHo0biN6ib4fA8I83xDOg7X/9Y7U9iVXfE/I/F1wp7WwYZDHJomvE
SG8OXGQQZFl3oKUtAcmRtNfTZmCnFAHwNperY5D/x45WKdr3kQYPvCPQ+VesYG1k
VYwu0EPhRDrtxa0SGBxGGsXrk7CatleBuGEqLj0bXZ5uOgbpJrFlXEXEG59fyRU9
CR7H+Gp3lZdxG27fAzrT13JAqbLvSA+JUhHhIFprhfHDDNuxam2wY0iSjv8=
-----END CERTIFICATE-----