Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d00b348a-1067-4338-b93e-ca396d4f077b.roa
File:                     d00b348a-1067-4338-b93e-ca396d4f077b.roa (raw, json)
Hash identifier:          eIGDVJMUVWhAtbojZbAjckuJGKREFkv/Tg1OGJIM6g4=
Subject key identifier:   29:3F:31:00:4A:D4:1F:F4:67:41:0F:8E:48:DA:33:8F:0C:5C:D5:BB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2B1BAFB392FD4E52EA1ACBEDF916207D8D48EF54
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d00b348a-1067-4338-b93e-ca396d4f077b.roa
Signing time:             Fri 02 May 2025 01:33:21 +0000
ROA not before:           Fri 02 May 2025 01:33:21 +0000
ROA not after:            Fri 06 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:1b:af:b3:92:fd:4e:52:ea:1a:cb:ed:f9:16:20:7d:8d:48:ef:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May  2 01:33:21 2025 GMT
            Not After : Jun  6 23:59:59 2025 GMT
        Subject: serialNumber=7a4ba75c011a9952c68a46330bbf6364c463a2f92d0f303eaa6039baec316c09, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5a:f2:71:58:2a:8f:01:7b:78:04:30:bb:01:
                    09:1b:e8:58:b5:01:7a:7e:a3:30:e9:4e:03:03:fb:
                    1c:6c:09:37:85:56:d7:e8:61:11:19:c0:b5:8b:94:
                    76:20:eb:16:c4:52:96:2e:d9:4c:30:0d:68:0f:df:
                    da:d9:06:c4:d8:a9:eb:bf:2a:37:9b:ac:90:15:53:
                    f1:96:05:8b:79:56:5f:ec:4a:87:90:31:c4:4a:d4:
                    63:5a:2b:14:dd:7b:02:78:d3:5f:57:49:98:46:aa:
                    75:ee:6b:d1:e1:8d:2b:82:9f:53:5d:0f:a3:a1:60:
                    8b:ee:f5:be:74:36:c4:bb:95:f9:13:d2:f7:f3:fd:
                    09:78:33:e4:58:a8:40:ee:f7:f9:c7:81:fd:4d:cb:
                    df:62:92:1f:4a:b7:7e:67:88:5a:21:2a:ed:10:cb:
                    93:b1:bc:88:8c:93:7c:f4:79:c8:c0:06:5d:0d:93:
                    ed:7c:64:09:e2:43:48:5c:03:d4:d0:d8:3a:04:94:
                    c1:39:00:b9:ca:83:0f:a8:dc:cd:43:a9:77:fa:a1:
                    88:64:df:12:1c:10:ec:a3:08:e9:c5:b0:79:05:8a:
                    ae:54:37:b3:64:66:10:12:c6:8e:b0:0b:03:0f:66:
                    50:ed:b4:65:67:95:6e:80:2f:de:43:a5:1c:b2:bf:
                    26:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:3F:31:00:4A:D4:1F:F4:67:41:0F:8E:48:DA:33:8F:0C:5C:D5:BB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d00b348a-1067-4338-b93e-ca396d4f077b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:cd:60:32:f7:32:6e:75:fe:21:1b:63:78:cf:35:89:a3:32:
         e0:dd:77:1c:5b:c7:d6:10:8c:4d:89:04:14:88:53:47:7e:62:
         48:0d:05:a7:f6:a2:08:09:38:f8:a9:d7:6a:8e:62:a0:85:ae:
         6d:63:d3:e3:3a:85:05:64:15:75:ae:4f:97:88:53:68:f1:17:
         b8:dd:a9:78:1d:ab:77:f0:85:39:1b:cc:5b:ae:0a:d5:d9:4b:
         45:95:9c:58:b0:f7:2c:f1:0d:d3:a0:11:91:e0:07:2c:19:5d:
         83:05:a5:07:f9:28:16:ab:d4:f4:2e:88:5e:d1:97:2b:c4:b2:
         4f:82:a8:48:ae:af:e3:f2:79:ab:95:ed:24:81:4f:8f:f2:bf:
         fc:c4:01:9b:e4:19:0e:f2:b8:5e:9a:bf:e6:f4:25:e3:7a:7d:
         e9:6b:a7:a0:59:47:6f:9f:57:1f:be:02:a0:22:e6:13:eb:de:
         6e:c2:65:a4:9d:dd:98:41:44:bb:0f:80:bd:3d:12:12:c0:e3:
         35:59:19:06:2b:3a:be:07:b5:4e:92:ea:24:6a:b6:6a:01:55:
         da:ce:ad:06:b2:b0:c8:74:32:be:3c:3b:d5:5c:41:a9:59:f8:
         09:5a:59:a6:d3:6e:01:ab:56:02:91:56:ce:6a:c9:c1:3b:99:
         06:65:36:6f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKxuvs5L9TlLqGsvt+RYgfY1I71QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTAyMDEzMzIxWhcNMjUwNjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YTRiYTc1YzAxMWE5OTUyYzY4YTQ2MzMwYmJmNjM2NGM0
NjNhMmY5MmQwZjMwM2VhYTYwMzliYWVjMzE2YzA5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJWvJxWCqPAXt4BDC7AQkb6Fi1AXp+ozDpTgMD+xxsCTeF
VtfoYREZwLWLlHYg6xbEUpYu2UwwDWgP39rZBsTYqeu/KjebrJAVU/GWBYt5Vl/s
SoeQMcRK1GNaKxTdewJ4019XSZhGqnXua9HhjSuCn1NdD6OhYIvu9b50NsS7lfkT
0vfz/Ql4M+RYqEDu9/nHgf1Ny99ikh9Kt35niFohKu0Qy5OxvIiMk3z0ecjABl0N
k+18ZAniQ0hcA9TQ2DoElME5ALnKgw+o3M1DqXf6oYhk3xIcEOyjCOnFsHkFiq5U
N7NkZhASxo6wCwMPZlDttGVnlW6AL95DpRyyvybdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKT8xAErUH/RnQQ+OSNozjwxc1bswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QwMGIzNDhhLTEwNjctNDMzOC1iOTNlLWNhMzk2ZDRmMDc3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK7NYDL3Mm51/iEbY3jPNYmjMuDd
dxxbx9YQjE2JBBSIU0d+YkgNBaf2oggJOPip12qOYqCFrm1j0+M6hQVkFXWuT5eI
U2jxF7jdqXgdq3fwhTkbzFuuCtXZS0WVnFiw9yzxDdOgEZHgBywZXYMFpQf5KBar
1PQuiF7RlyvEsk+CqEiur+PyeauV7SSBT4/yv/zEAZvkGQ7yuF6av+b0JeN6felr
p6BZR2+fVx++AqAi5hPr3m7CZaSd3ZhBRLsPgL09EhLA4zVZGQYrOr4HtU6S6iRq
tmoBVdrOrQaysMh0Mr48O9VcQalZ+AlaWabTbgGrVgKRVs5qycE7mQZlNm8=
-----END CERTIFICATE-----