Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d63b03ed-0aa7-4956-a9a0-cbcf4fa83502.roa
File:                     d63b03ed-0aa7-4956-a9a0-cbcf4fa83502.roa (raw, json)
Hash identifier:          imUpnqumNTNZ3emkyZKOglOahJPC7x6c8DfhEPfRWew=
Subject key identifier:   22:EF:E3:0F:47:04:8E:48:1B:DF:1F:80:11:8E:19:30:4D:D4:03:A5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6E8B8AAA77713A59B73AB2C3D1D1B35FDB1DDDBF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d63b03ed-0aa7-4956-a9a0-cbcf4fa83502.roa
Signing time:             Mon 10 Feb 2025 00:00:00 +0000
ROA not before:           Mon 10 Feb 2025 00:00:00 +0000
ROA not after:            Mon 17 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:8b:8a:aa:77:71:3a:59:b7:3a:b2:c3:d1:d1:b3:5f:db:1d:dd:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 10 00:00:00 2025 GMT
            Not After : Mar 17 23:59:59 2025 GMT
        Subject: serialNumber=e7746049f1c0366856c902064e80f65772f1dea2f0887b7361879b2b2e0fc4ab, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:74:0a:a4:d3:c0:d4:a7:d1:e5:23:42:45:71:
                    4f:5d:fb:89:37:2d:41:c8:48:7a:74:e2:14:38:c7:
                    84:3b:c1:12:47:a4:4c:1b:7f:2d:00:57:2c:07:51:
                    9a:be:52:74:6a:1a:2e:18:92:f8:f3:2b:27:f5:f7:
                    ad:e9:52:c4:5f:de:63:75:0d:f1:49:6d:24:65:a4:
                    90:e4:39:af:36:a2:f9:08:95:5a:48:59:95:39:19:
                    9d:01:a6:ff:48:c1:7a:e9:a1:91:c2:f9:38:99:58:
                    63:a0:db:3e:a0:93:b0:f1:db:24:20:e7:2b:5b:68:
                    2d:8c:ac:c1:46:cb:02:db:61:c6:d1:ea:0a:1a:16:
                    30:68:48:ac:52:5f:30:b8:fd:5a:dc:84:40:1e:a3:
                    fe:62:af:3e:8f:f9:6e:37:82:cc:ba:4a:d5:8c:e3:
                    da:3c:bf:cc:49:2c:17:a5:40:94:ab:6e:ee:0a:31:
                    3e:2d:da:82:37:54:74:11:6b:3c:6a:4f:28:3f:7b:
                    73:64:11:5b:71:8e:36:7d:fb:be:2d:49:74:2c:62:
                    9f:84:da:aa:8a:8d:51:3e:24:03:53:1f:59:13:2a:
                    bf:21:81:47:55:d1:58:e3:8d:bc:bc:23:38:31:80:
                    63:4d:28:e4:bf:f8:39:57:99:43:0d:92:62:b0:20:
                    d4:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:EF:E3:0F:47:04:8E:48:1B:DF:1F:80:11:8E:19:30:4D:D4:03:A5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d63b03ed-0aa7-4956-a9a0-cbcf4fa83502.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:d6:fb:81:a3:f5:e4:06:9c:7d:57:e2:72:a2:1d:b9:19:d8:
         25:5d:2a:31:4d:d4:c8:09:5c:1a:0c:49:a3:35:a6:c6:ba:3a:
         55:2f:6c:61:79:88:c1:df:0e:38:aa:51:96:05:29:11:46:7b:
         e5:54:06:69:17:02:2b:74:4e:89:fa:14:14:7e:14:fb:3b:fc:
         22:97:4f:b3:f4:fe:4e:74:2b:2b:1c:b2:a5:54:a9:a7:f2:ef:
         27:76:98:27:5a:af:76:33:c4:67:fe:40:c7:6f:21:0d:05:98:
         98:54:7b:4b:49:9a:13:0a:67:78:07:91:6e:c3:9e:3b:6e:dd:
         95:0d:12:ee:5b:99:67:19:5a:41:6d:10:36:f4:bd:a4:5b:ae:
         c6:55:53:e3:0a:02:67:a6:7a:fe:dc:e8:4c:24:10:67:90:4f:
         44:a4:c6:c6:0f:a7:d9:2c:6d:79:97:d6:3c:be:7b:aa:40:2c:
         52:1b:89:52:cf:f8:04:bc:65:8b:5a:76:a0:48:00:a0:d1:15:
         3d:bf:11:04:71:08:be:26:7b:69:32:84:1b:b7:78:e7:0e:d6:
         e5:e5:1f:97:d4:87:d5:94:f6:38:b0:b6:13:c8:55:1b:b3:7a:
         40:d7:e7:86:7c:92:95:8e:f7:0a:8d:bc:e9:c4:6c:0a:af:8e:
         ed:54:15:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbouKqndxOlm3OrLD0dGzX9sd3b8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjEwMDAwMDAwWhcNMjUwMzE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNzc0NjA0OWYxYzAzNjY4NTZjOTAyMDY0ZTgwZjY1Nzcy
ZjFkZWEyZjA4ODdiNzM2MTg3OWIyYjJlMGZjNGFiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCedAqk08DUp9HlI0JFcU9d+4k3LUHISHp04hQ4x4Q7wRJH
pEwbfy0AVywHUZq+UnRqGi4YkvjzKyf1963pUsRf3mN1DfFJbSRlpJDkOa82ovkI
lVpIWZU5GZ0Bpv9IwXrpoZHC+TiZWGOg2z6gk7Dx2yQg5ytbaC2MrMFGywLbYcbR
6goaFjBoSKxSXzC4/VrchEAeo/5irz6P+W43gsy6StWM49o8v8xJLBelQJSrbu4K
MT4t2oI3VHQRazxqTyg/e3NkEVtxjjZ9+74tSXQsYp+E2qqKjVE+JANTH1kTKr8h
gUdV0Vjjjby8IzgxgGNNKOS/+DlXmUMNkmKwINRNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIu/jD0cEjkgb3x+AEY4ZME3UA6UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q2M2IwM2VkLTBhYTctNDk1Ni1hOWEwLWNiY2Y0ZmE4MzUwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADjW+4Gj9eQGnH1X4nKiHbkZ2CVd
KjFN1MgJXBoMSaM1psa6OlUvbGF5iMHfDjiqUZYFKRFGe+VUBmkXAit0Ton6FBR+
FPs7/CKXT7P0/k50KyscsqVUqafy7yd2mCdar3YzxGf+QMdvIQ0FmJhUe0tJmhMK
Z3gHkW7Dnjtu3ZUNEu5bmWcZWkFtEDb0vaRbrsZVU+MKAmemev7c6EwkEGeQT0Sk
xsYPp9ksbXmX1jy+e6pALFIbiVLP+AS8ZYtadqBIAKDRFT2/EQRxCL4me2kyhBu3
eOcO1uXlH5fUh9WU9jiwthPIVRuzekDX54Z8kpWO9wqNvOnEbAqvju1UFQw=
-----END CERTIFICATE-----