Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cdf7028b-2ed9-4f70-af28-5ca2e1a77777.roa
File:                     cdf7028b-2ed9-4f70-af28-5ca2e1a77777.roa (raw, json)
Hash identifier:          QEueWkE8uNEmunqOmCRWlUY/W+OYd9cnDIouo9Tthkc=
Subject key identifier:   9C:96:68:DA:89:D8:2E:B4:22:C2:3F:02:17:35:FE:FB:7F:88:67:16
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       294C52699C67C70799576ECBD9D53A980505F829
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cdf7028b-2ed9-4f70-af28-5ca2e1a77777.roa
Signing time:             Thu 09 Jan 2025 00:00:00 +0000
ROA not before:           Thu 09 Jan 2025 00:00:00 +0000
ROA not after:            Thu 13 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:4c:52:69:9c:67:c7:07:99:57:6e:cb:d9:d5:3a:98:05:05:f8:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan  9 00:00:00 2025 GMT
            Not After : Feb 13 23:59:59 2025 GMT
        Subject: serialNumber=edc247e985aafe41e5746cf0985453d498a4d9d57c8dc22bbdf5c7fb8e05f2c0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:76:bb:36:f6:96:70:2e:e5:f7:66:37:8b:88:
                    c9:c5:8c:2e:84:83:14:f0:c4:69:e5:e7:e8:63:4b:
                    64:89:68:55:c8:f9:1c:fe:de:80:05:e4:4e:22:ba:
                    cf:95:d3:f0:62:92:c4:3d:7a:13:dd:42:c8:87:45:
                    2a:da:5a:ef:eb:24:c1:e5:ac:71:cc:7f:c4:62:20:
                    42:51:22:14:58:61:bc:01:11:07:c6:25:cd:f0:73:
                    95:90:24:5f:e1:e2:df:35:cf:30:54:86:69:7f:58:
                    a3:61:01:6e:61:c6:3f:1d:46:da:7a:15:2f:2c:25:
                    a4:45:6f:11:37:1f:1a:9c:c4:bd:5d:d8:ea:7d:82:
                    0c:57:de:19:b1:4b:bc:45:af:3b:c5:3b:87:be:d1:
                    31:70:7f:25:a5:86:8a:1f:c5:db:c3:18:0d:ee:92:
                    6b:7f:05:8b:d4:36:78:41:f3:a1:96:f6:f8:9a:5f:
                    fa:23:18:e2:33:63:ce:b5:c9:7f:1b:70:cc:ac:41:
                    b6:1a:f7:5b:69:9e:29:57:97:d4:64:1d:a0:8e:4d:
                    8c:0b:1e:04:5b:a1:f3:83:47:d6:d1:a8:97:a0:dd:
                    84:32:f3:0d:77:20:31:d6:e5:fb:74:8b:58:83:56:
                    7b:11:55:0a:3d:92:5f:7a:6a:72:43:fe:64:03:d3:
                    08:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:96:68:DA:89:D8:2E:B4:22:C2:3F:02:17:35:FE:FB:7F:88:67:16
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cdf7028b-2ed9-4f70-af28-5ca2e1a77777.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:f6:7a:fb:1f:36:5e:38:2f:a9:ae:d0:1b:e5:ec:5e:f4:10:
         8f:68:a9:7d:98:8c:11:89:b1:97:59:fc:f4:9f:2e:32:ee:b4:
         cc:58:39:55:9e:22:d7:e1:82:c8:f7:63:43:85:95:5f:d4:a1:
         61:c3:94:d7:bc:f6:2f:e3:c7:88:ae:35:8d:19:1b:02:fd:08:
         3a:54:d9:aa:85:e9:15:c5:83:32:73:d7:1b:de:7c:d0:44:28:
         7d:97:38:dc:cd:83:25:ee:e4:68:03:5b:c7:2a:f0:35:6b:07:
         91:4e:32:a2:23:19:b5:8f:12:8b:3d:cf:e2:4a:06:bc:8a:e4:
         a5:0d:46:1e:0b:bb:27:fc:26:b3:63:f4:8f:56:1f:53:42:86:
         d2:79:88:2d:76:a2:0d:5f:69:88:d1:05:26:98:32:d0:b6:33:
         7a:11:4a:c6:cb:c4:40:3b:a8:8f:dc:97:77:14:05:85:49:0b:
         9f:2f:e8:b2:15:75:26:95:2a:95:28:93:66:b7:93:42:68:c1:
         02:e2:cc:8f:af:e9:55:a9:52:33:08:24:f7:2d:97:42:98:c0:
         8d:44:fd:d9:c4:d0:18:8d:5c:68:71:c0:c3:a1:d3:82:8c:28:
         09:09:4b:34:67:9a:c6:db:c1:dd:0c:72:1b:af:c1:4d:09:d3:
         62:46:cb:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKUxSaZxnxweZV27L2dU6mAUF+CkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTA5MDAwMDAwWhcNMjUwMjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGMyNDdlOTg1YWFmZTQxZTU3NDZjZjA5ODU0NTNkNDk4
YTRkOWQ1N2M4ZGMyMmJiZGY1YzdmYjhlMDVmMmMwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmdrs29pZwLuX3ZjeLiMnFjC6EgxTwxGnl5+hjS2SJaFXI
+Rz+3oAF5E4ius+V0/BiksQ9ehPdQsiHRSraWu/rJMHlrHHMf8RiIEJRIhRYYbwB
EQfGJc3wc5WQJF/h4t81zzBUhml/WKNhAW5hxj8dRtp6FS8sJaRFbxE3HxqcxL1d
2Op9ggxX3hmxS7xFrzvFO4e+0TFwfyWlhoofxdvDGA3ukmt/BYvUNnhB86GW9via
X/ojGOIzY861yX8bcMysQbYa91tpnilXl9RkHaCOTYwLHgRbofODR9bRqJeg3YQy
8w13IDHW5ft0i1iDVnsRVQo9kl96anJD/mQD0wi5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnJZo2onYLrQiwj8CFzX++3+IZxYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NkZjcwMjhiLTJlZDktNGY3MC1hZjI4LTVjYTJlMWE3Nzc3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIr2evsfNl44L6mu0Bvl7F70EI9o
qX2YjBGJsZdZ/PSfLjLutMxYOVWeItfhgsj3Y0OFlV/UoWHDlNe89i/jx4iuNY0Z
GwL9CDpU2aqF6RXFgzJz1xvefNBEKH2XONzNgyXu5GgDW8cq8DVrB5FOMqIjGbWP
Eos9z+JKBryK5KUNRh4Luyf8JrNj9I9WH1NChtJ5iC12og1faYjRBSaYMtC2M3oR
SsbLxEA7qI/cl3cUBYVJC58v6LIVdSaVKpUok2a3k0JowQLizI+v6VWpUjMIJPct
l0KYwI1E/dnE0BiNXGhxwMOh04KMKAkJSzRnmsbbwd0MchuvwU0J02JGy30=
-----END CERTIFICATE-----