Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d2cf76ee-c1f6-4e5e-9735-ea872b6c284e.roa
File:                     d2cf76ee-c1f6-4e5e-9735-ea872b6c284e.roa (raw, json)
Hash identifier:          SaUswpdQT4XvLvPAS3fSJZyN76ECdxWy9pgu/yliCrA=
Subject key identifier:   8B:AB:BE:EF:CF:11:6B:E0:07:E3:EF:D3:F2:30:16:EC:42:41:5A:69
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4F59F0E09459B61538699AF0DF142544C394DED0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d2cf76ee-c1f6-4e5e-9735-ea872b6c284e.roa
Signing time:             Tue 11 Feb 2025 00:00:00 +0000
ROA not before:           Tue 11 Feb 2025 00:00:00 +0000
ROA not after:            Tue 18 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:59:f0:e0:94:59:b6:15:38:69:9a:f0:df:14:25:44:c3:94:de:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 11 00:00:00 2025 GMT
            Not After : Mar 18 23:59:59 2025 GMT
        Subject: serialNumber=07471eaa0850b09755c167f984b73657df51e90b5ab7d06a32c8c83a061cd4e3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3d:d4:1f:11:88:57:5a:15:0b:92:a6:dc:f8:
                    d9:13:3e:58:01:ad:c8:24:62:5d:68:b6:2b:43:19:
                    74:cc:f4:62:9b:05:4e:ad:23:f2:b7:53:dd:e1:19:
                    5a:02:6d:42:8b:b9:6c:b2:ec:76:c4:5b:ee:a5:c6:
                    a0:14:77:41:20:65:59:00:2b:38:5c:50:fc:be:ee:
                    aa:66:70:1c:cf:a7:2c:e8:3d:4c:c2:c7:d5:de:12:
                    f9:22:b7:91:72:d7:56:bb:31:d7:10:ba:ea:a7:9c:
                    c9:5c:29:45:56:c0:9a:cd:8f:97:c4:7a:5c:d9:ff:
                    d0:43:2a:90:e6:5b:fd:21:28:a5:58:88:bc:ff:a0:
                    27:ce:34:2d:a4:e1:38:cd:05:8c:f7:36:e6:cd:e1:
                    ca:bc:30:31:d6:76:f5:d6:8d:29:16:b1:2a:73:78:
                    43:f6:ba:8a:ef:5e:0b:e1:a2:c6:52:d7:69:95:9a:
                    d4:78:26:5c:29:f9:a4:91:49:82:a3:69:7b:fa:1e:
                    91:51:b7:8c:b8:ce:c7:0c:9c:87:43:25:37:2a:87:
                    63:7b:21:28:1d:c4:ee:18:ac:b3:e5:bd:1c:ec:69:
                    b2:43:f8:c5:9f:a9:f8:94:c2:f6:d2:7b:5f:80:58:
                    e7:bb:c9:66:2d:f1:4f:2e:85:78:6c:7f:e4:b7:49:
                    e0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:AB:BE:EF:CF:11:6B:E0:07:E3:EF:D3:F2:30:16:EC:42:41:5A:69
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d2cf76ee-c1f6-4e5e-9735-ea872b6c284e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:a2:1d:6d:18:4c:25:8b:71:fd:07:cd:7d:e0:1d:7a:fd:51:
         ea:7d:66:83:ac:d0:84:4f:16:f4:dd:ba:38:5a:fb:53:65:a0:
         35:28:73:d1:63:23:31:3f:f2:2d:ac:2a:45:d7:97:ab:a4:8d:
         67:0c:e9:85:b0:03:17:a5:5f:44:66:7c:66:66:04:76:8e:b4:
         d4:dd:31:91:ec:df:b8:14:24:30:fc:0a:aa:98:72:ed:43:76:
         15:c7:68:10:f2:3f:d6:a5:b3:a2:9f:07:2e:03:a9:c9:59:a5:
         c7:92:5c:70:be:7a:61:f7:76:58:2b:80:c8:90:03:07:e7:46:
         90:b9:ad:6c:21:9e:f7:e3:71:40:01:cc:df:cf:e3:46:c2:04:
         99:61:c2:a5:12:06:3c:63:cd:57:18:3e:bb:4e:4a:63:0c:62:
         ac:51:3c:f1:60:01:17:f5:a8:ee:fe:6d:ba:02:36:0e:9e:11:
         4b:1f:4b:79:a5:2c:c3:b1:89:5b:84:2f:1a:28:59:0c:a2:48:
         35:0f:96:6f:aa:d1:c5:1e:95:d4:cc:f5:25:07:e3:f0:60:19:
         54:76:39:f9:89:e1:97:db:6f:1a:d7:88:24:70:0e:67:b2:c6:
         7a:8e:69:51:13:d3:ae:ee:2c:39:31:4b:9d:17:be:6b:53:fd:
         10:d7:82:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT1nw4JRZthU4aZrw3xQlRMOU3tAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjExMDAwMDAwWhcNMjUwMzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzQ3MWVhYTA4NTBiMDk3NTVjMTY3Zjk4NGI3MzY1N2Rm
NTFlOTBiNWFiN2QwNmEzMmM4YzgzYTA2MWNkNGUzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtPdQfEYhXWhULkqbc+NkTPlgBrcgkYl1otitDGXTM9GKb
BU6tI/K3U93hGVoCbUKLuWyy7HbEW+6lxqAUd0EgZVkAKzhcUPy+7qpmcBzPpyzo
PUzCx9XeEvkit5Fy11a7MdcQuuqnnMlcKUVWwJrNj5fEelzZ/9BDKpDmW/0hKKVY
iLz/oCfONC2k4TjNBYz3NubN4cq8MDHWdvXWjSkWsSpzeEP2uorvXgvhosZS12mV
mtR4Jlwp+aSRSYKjaXv6HpFRt4y4zscMnIdDJTcqh2N7ISgdxO4YrLPlvRzsabJD
+MWfqfiUwvbSe1+AWOe7yWYt8U8uhXhsf+S3SeCDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUi6u+788Ra+AH4+/T8jAW7EJBWmkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2QyY2Y3NmVlLWMxZjYtNGU1ZS05NzM1LWVhODcyYjZjMjg0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKCiHW0YTCWLcf0HzX3gHXr9Uep9
ZoOs0IRPFvTdujha+1NloDUoc9FjIzE/8i2sKkXXl6ukjWcM6YWwAxelX0RmfGZm
BHaOtNTdMZHs37gUJDD8CqqYcu1DdhXHaBDyP9als6KfBy4DqclZpceSXHC+emH3
dlgrgMiQAwfnRpC5rWwhnvfjcUABzN/P40bCBJlhwqUSBjxjzVcYPrtOSmMMYqxR
PPFgARf1qO7+bboCNg6eEUsfS3mlLMOxiVuELxooWQyiSDUPlm+q0cUeldTM9SUH
4/BgGVR2OfmJ4ZfbbxrXiCRwDmeyxnqOaVET067uLDkxS50XvmtT/RDXghQ=
-----END CERTIFICATE-----