Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d21e39df-d2b0-4f15-b243-4bd20778ad57.roa
File:                     d21e39df-d2b0-4f15-b243-4bd20778ad57.roa (raw, json)
Hash identifier:          orANQ8uTgo6K89ltzH/JJX9oYSt7S+EHfLKtkI1wsaQ=
Subject key identifier:   42:26:F1:3A:B6:E0:02:D5:9B:A5:3E:1E:09:91:2D:F7:D5:3C:0B:72
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7BFE8F2E1191510EB57330D65CF3F2A5CC091548
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d21e39df-d2b0-4f15-b243-4bd20778ad57.roa
Signing time:             Fri 07 Feb 2025 00:00:00 +0000
ROA not before:           Fri 07 Feb 2025 00:00:00 +0000
ROA not after:            Fri 14 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:fe:8f:2e:11:91:51:0e:b5:73:30:d6:5c:f3:f2:a5:cc:09:15:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  7 00:00:00 2025 GMT
            Not After : Mar 14 23:59:59 2025 GMT
        Subject: serialNumber=f948685cc1f5bc7ddb5d8c876d1338962b6237c0be415dfe03c49fbac6586a73, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ce:5a:74:30:90:cb:4f:63:43:e9:c0:05:2f:
                    dc:a4:22:7d:c2:b4:b4:ee:8e:59:75:c6:58:48:ab:
                    79:3a:d7:f6:2e:30:70:0e:e8:90:a9:32:11:c8:63:
                    1e:63:b2:71:8d:a3:a2:a8:4c:ce:53:7e:38:57:5e:
                    e9:91:fa:6c:0f:2c:57:20:b0:4c:09:db:2b:26:e4:
                    4f:8d:14:31:63:01:ad:a7:50:65:8b:47:5e:b5:ef:
                    fd:b0:f8:3f:5b:84:58:7a:1d:bd:fa:13:f8:f4:38:
                    3f:db:aa:1e:cf:0a:6a:ab:bc:57:42:56:8c:50:2e:
                    e6:47:93:10:e9:93:81:4a:08:d3:35:f3:e0:77:04:
                    91:32:78:02:27:c6:94:4b:94:59:4f:49:82:9e:62:
                    59:3b:a0:0b:c1:de:be:e2:c7:75:9d:14:48:4c:02:
                    8a:b0:61:dd:ee:15:54:6e:6a:b4:b6:a9:92:dc:94:
                    8d:7f:75:a9:f4:a4:fa:1e:f3:fb:f3:28:8c:1b:20:
                    74:a9:b4:0c:03:6a:ce:b0:e9:8b:af:4f:bd:81:41:
                    35:b1:66:cb:75:80:41:5f:de:14:7f:bf:a5:cc:d7:
                    cd:7d:c2:60:d5:5b:3f:7c:a3:12:f2:4e:8d:74:ca:
                    3e:d7:0e:80:7f:46:c1:bf:89:60:77:32:3c:4e:7c:
                    a0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:26:F1:3A:B6:E0:02:D5:9B:A5:3E:1E:09:91:2D:F7:D5:3C:0B:72
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d21e39df-d2b0-4f15-b243-4bd20778ad57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:c5:2b:ef:c6:f0:ed:f7:dc:0c:73:b1:7f:ad:3b:55:11:df:
         78:75:27:89:40:30:95:70:7d:9b:12:b9:e6:15:bc:0a:12:61:
         56:15:32:38:09:54:89:29:a5:0b:0c:95:28:17:6c:6e:ed:54:
         bf:f2:3d:85:d5:52:5d:37:e8:0d:78:cd:c4:1e:63:5a:43:1a:
         81:1f:b6:08:28:84:cc:cd:97:b5:e6:99:01:e2:f4:99:6c:bf:
         e5:b1:d3:0e:82:78:fd:66:a5:ff:11:4c:33:4e:03:4a:5f:98:
         8b:c9:98:c9:b6:52:9a:4e:9d:40:47:91:0c:14:ce:63:a5:ea:
         5b:d0:6f:9f:91:a2:c6:f8:e2:e0:a2:08:74:00:b2:3e:fe:11:
         25:2d:f3:c2:45:48:be:a7:71:50:5f:8c:ae:36:07:f1:3d:f3:
         0e:c0:7d:e9:37:26:05:b2:56:c9:0f:dd:81:a3:e2:05:54:46:
         e7:48:3e:ea:35:0c:41:c1:70:95:8f:99:5d:ad:cf:df:5a:43:
         17:71:35:46:23:57:f5:0d:18:15:a6:c1:ea:93:5b:c1:08:41:
         88:cf:2f:68:8f:3f:7f:de:f5:59:bd:9a:89:26:4b:ad:d9:d3:
         cf:42:0a:d8:80:f7:77:e5:8e:b4:be:ba:35:6e:3d:cc:4b:91:
         5f:07:71:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe/6PLhGRUQ61czDWXPPypcwJFUgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjA3MDAwMDAwWhcNMjUwMzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmOTQ4Njg1Y2MxZjViYzdkZGI1ZDhjODc2ZDEzMzg5NjJi
NjIzN2MwYmU0MTVkZmUwM2M0OWZiYWM2NTg2YTczMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCIzlp0MJDLT2ND6cAFL9ykIn3CtLTujll1xlhIq3k61/Yu
MHAO6JCpMhHIYx5jsnGNo6KoTM5TfjhXXumR+mwPLFcgsEwJ2ysm5E+NFDFjAa2n
UGWLR1617/2w+D9bhFh6Hb36E/j0OD/bqh7PCmqrvFdCVoxQLuZHkxDpk4FKCNM1
8+B3BJEyeAInxpRLlFlPSYKeYlk7oAvB3r7ix3WdFEhMAoqwYd3uFVRuarS2qZLc
lI1/dan0pPoe8/vzKIwbIHSptAwDas6w6YuvT72BQTWxZst1gEFf3hR/v6XM1819
wmDVWz98oxLyTo10yj7XDoB/RsG/iWB3MjxOfKD/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQibxOrbgAtWbpT4eCZEt99U8C3IwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QyMWUzOWRmLWQyYjAtNGYxNS1iMjQzLTRiZDIwNzc4YWQ1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJrFK+/G8O333AxzsX+tO1UR33h1
J4lAMJVwfZsSueYVvAoSYVYVMjgJVIkppQsMlSgXbG7tVL/yPYXVUl036A14zcQe
Y1pDGoEftggohMzNl7XmmQHi9Jlsv+Wx0w6CeP1mpf8RTDNOA0pfmIvJmMm2UppO
nUBHkQwUzmOl6lvQb5+Rosb44uCiCHQAsj7+ESUt88JFSL6ncVBfjK42B/E98w7A
fek3JgWyVskP3YGj4gVURudIPuo1DEHBcJWPmV2tz99aQxdxNUYjV/UNGBWmweqT
W8EIQYjPL2iPP3/e9Vm9mokmS63Z089CCtiA93fljrS+ujVuPcxLkV8Hca4=
-----END CERTIFICATE-----