Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d1c607d3-be51-4d75-b62a-62158d8c05b6.roa
File:                     d1c607d3-be51-4d75-b62a-62158d8c05b6.roa (raw, json)
Hash identifier:          +8UOUykdhZM4fJaONL7K4jHabR+O3XdR0/hoGtqSmWc=
Subject key identifier:   B8:F7:E6:DF:03:CD:D6:05:A0:B5:29:AF:0E:D1:88:C4:46:B4:71:D1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3457743350CE87836495DBF5F9A7B2E3812B2D0F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d1c607d3-be51-4d75-b62a-62158d8c05b6.roa
Signing time:             Fri 14 Mar 2025 22:28:19 +0000
ROA not before:           Fri 14 Mar 2025 22:28:19 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:57:74:33:50:ce:87:83:64:95:db:f5:f9:a7:b2:e3:81:2b:2d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 14 22:28:19 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: serialNumber=912a720d269fb20dbd8ac38ddf91c16b9d7f7ec6f34c130cfc7d7a5b986b8074, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:90:c2:09:92:2f:9b:fe:c3:48:96:8c:22:23:
                    f9:21:2c:50:bf:26:9b:eb:8e:47:b7:b0:0c:ea:0d:
                    f6:61:c0:34:cf:56:0e:73:a1:7d:16:a7:82:50:4d:
                    62:cb:e5:27:b4:56:dc:9d:4d:c4:4d:39:19:a4:ed:
                    ef:f5:0d:b9:c9:cf:01:d0:27:72:9c:44:ed:24:5a:
                    f4:01:a2:44:80:bd:01:e3:72:72:23:f0:b9:44:76:
                    7d:22:50:ea:3b:55:c7:5c:a6:be:ac:ea:8c:b3:fe:
                    a6:6e:16:82:69:8a:ec:08:bd:63:f3:c3:47:ad:8e:
                    b2:f4:f6:6e:5c:c5:ff:c1:98:46:02:3c:86:18:90:
                    68:ff:c5:af:9a:a1:88:fa:7f:5f:7c:b3:ab:92:49:
                    d3:c8:43:03:00:da:52:e3:02:4c:d6:01:84:2d:57:
                    2e:3b:0e:3c:e8:cc:7b:82:41:e1:6b:c2:97:37:ee:
                    18:c1:8a:05:e8:cd:91:fe:9f:a7:61:8b:42:c5:ca:
                    5f:18:18:32:e2:85:c2:a9:42:1a:03:83:10:f2:54:
                    16:f2:5d:24:6d:94:b2:1c:0a:e5:37:1c:9d:c1:a8:
                    66:14:53:34:68:cc:3f:9f:a2:f7:2f:65:86:3e:20:
                    98:70:68:4b:2f:95:1d:65:11:e5:f8:79:60:c2:f6:
                    ed:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F7:E6:DF:03:CD:D6:05:A0:B5:29:AF:0E:D1:88:C4:46:B4:71:D1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d1c607d3-be51-4d75-b62a-62158d8c05b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:54:ca:14:4a:b9:98:0c:58:89:f4:4d:3d:93:cc:99:3c:bd:
         33:e5:25:1f:b8:2b:f7:b6:a0:de:cc:d7:b7:0c:8f:47:21:f9:
         94:f9:32:09:e1:0e:3d:67:3d:b8:75:e4:fc:c6:09:8c:a3:ad:
         c0:4b:27:30:94:51:79:54:0d:40:c7:ce:34:d7:92:04:91:b2:
         2f:e8:ac:d3:7a:17:ed:55:d6:bb:f2:f8:dd:eb:32:b0:3b:76:
         70:be:e9:59:82:4e:d5:1b:dc:2f:78:b2:7d:fa:74:0a:c3:38:
         ef:49:01:ef:fa:dd:1a:4b:6d:56:c2:ee:cc:a2:2a:3f:de:6e:
         45:60:10:2a:bc:e1:d2:26:e9:e1:f7:ab:c7:c4:b7:04:b6:4a:
         33:f2:84:9e:dc:d5:0b:bf:de:23:7b:eb:3b:83:7d:82:02:d9:
         b9:f9:69:c8:e9:2b:d7:75:7d:2c:ef:b6:92:b0:67:de:f2:0f:
         fc:f5:90:1b:76:20:2b:0b:9b:02:25:d3:2e:96:2a:38:aa:4b:
         99:60:7e:db:8b:51:34:a5:e0:67:e3:0e:06:db:b0:0d:28:37:
         c8:ae:b9:ea:11:18:35:02:37:03:bc:54:65:e5:8e:b0:c0:e3:
         cc:89:a9:ff:28:77:c0:1d:10:b6:b8:a3:43:a7:b8:49:bb:6f:
         62:40:68:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNFd0M1DOh4Nkldv1+aey44ErLQ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzE0MjIyODE5WhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTJhNzIwZDI2OWZiMjBkYmQ4YWMzOGRkZjkxYzE2Yjlk
N2Y3ZWM2ZjM0YzEzMGNmYzdkN2E1Yjk4NmI4MDc0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+kMIJki+b/sNIlowiI/khLFC/Jpvrjke3sAzqDfZhwDTP
Vg5zoX0Wp4JQTWLL5Se0VtydTcRNORmk7e/1DbnJzwHQJ3KcRO0kWvQBokSAvQHj
cnIj8LlEdn0iUOo7Vcdcpr6s6oyz/qZuFoJpiuwIvWPzw0etjrL09m5cxf/BmEYC
PIYYkGj/xa+aoYj6f198s6uSSdPIQwMA2lLjAkzWAYQtVy47DjzozHuCQeFrwpc3
7hjBigXozZH+n6dhi0LFyl8YGDLihcKpQhoDgxDyVBbyXSRtlLIcCuU3HJ3BqGYU
UzRozD+fovcvZYY+IJhwaEsvlR1lEeX4eWDC9u1FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuPfm3wPN1gWgtSmvDtGIxEa0cdEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QxYzYwN2QzLWJlNTEtNGQ3NS1iNjJhLTYyMTU4ZDhjMDViNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAhUyhRKuZgMWIn0TT2TzJk8vTPl
JR+4K/e2oN7M17cMj0ch+ZT5MgnhDj1nPbh15PzGCYyjrcBLJzCUUXlUDUDHzjTX
kgSRsi/orNN6F+1V1rvy+N3rMrA7dnC+6VmCTtUb3C94sn36dArDOO9JAe/63RpL
bVbC7syiKj/ebkVgECq84dIm6eH3q8fEtwS2SjPyhJ7c1Qu/3iN76zuDfYIC2bn5
acjpK9d1fSzvtpKwZ97yD/z1kBt2ICsLmwIl0y6WKjiqS5lgftuLUTSl4GfjDgbb
sA0oN8iuueoRGDUCNwO8VGXljrDA48yJqf8od8AdELa4o0OnuEm7b2JAaMA=
-----END CERTIFICATE-----