Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d668cb34-19e5-48ed-bc96-c45df79a49f6.roa
File:                     d668cb34-19e5-48ed-bc96-c45df79a49f6.roa (raw, json)
Hash identifier:          JF/NGzWK9dRHudUBR3KtBijMO1dqLQHy0i6w+ihBydI=
Subject key identifier:   BB:E1:CA:A1:A2:FD:13:32:08:22:A1:F7:0C:83:13:EE:C1:75:02:0D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7258D18339B71680A6533A70ACD0F92F1D3C2B76
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d668cb34-19e5-48ed-bc96-c45df79a49f6.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:58:d1:83:39:b7:16:80:a6:53:3a:70:ac:d0:f9:2f:1d:3c:2b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: serialNumber=bd6516e76089cd71dc4d37a8ae52b05823769c301dbaa9a0ae20c1463d04b4e7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c5:92:a4:9b:2f:2f:5c:88:7f:9a:a6:93:58:
                    50:04:9b:df:5b:59:cc:d3:69:de:f6:58:8d:2e:8b:
                    39:01:cd:23:9c:ac:77:9f:46:d1:9e:29:73:c9:3b:
                    06:84:08:b7:fd:74:bf:2a:f0:b3:0f:04:b6:a1:bf:
                    11:1c:d0:09:dc:6a:45:f4:c9:5e:b1:63:d2:b9:81:
                    e7:e6:dd:09:00:04:aa:07:0e:8f:2a:45:c3:64:28:
                    78:40:53:a9:30:45:cf:96:37:ec:2d:20:a3:19:81:
                    21:3a:3f:c0:75:3a:47:a9:58:1f:f7:ef:50:2a:72:
                    79:00:35:20:1a:70:85:e8:51:37:f7:96:31:a0:08:
                    19:5f:73:15:17:ed:c3:7b:da:a4:86:c7:80:2a:23:
                    df:26:ef:6c:37:df:15:39:fc:01:44:d8:3b:a6:49:
                    56:33:77:4e:92:2e:b0:cf:e9:33:15:5c:21:40:f4:
                    16:df:f2:37:ff:d9:24:81:89:4f:f5:95:a1:e1:20:
                    96:cc:24:06:64:c2:bc:68:fe:8f:e5:e3:5b:fb:2f:
                    f9:2a:19:b7:ef:1a:65:db:e2:7a:df:e1:45:59:ff:
                    f2:38:02:7f:c3:ae:fd:b7:30:e9:ce:84:18:15:6f:
                    88:1d:92:94:ae:0c:b8:66:d5:3f:69:9b:cb:c8:1d:
                    a8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:E1:CA:A1:A2:FD:13:32:08:22:A1:F7:0C:83:13:EE:C1:75:02:0D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d668cb34-19e5-48ed-bc96-c45df79a49f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:e5:92:21:41:4f:77:2b:04:0c:f3:eb:86:cc:bb:fe:22:da:
         5d:bd:99:91:ad:63:05:35:14:07:83:58:32:8d:5e:92:ca:f0:
         34:60:ba:6d:2c:35:dd:5b:c2:3f:07:7d:d6:6c:2b:0d:ed:b7:
         81:3d:16:c9:36:87:a2:6a:22:73:d4:4b:28:22:88:32:38:d2:
         79:da:98:02:a5:91:88:cf:8e:3a:df:40:55:63:42:63:65:07:
         ba:c2:eb:9e:7a:d5:86:6e:3b:b8:2a:1d:c6:c7:15:27:5d:de:
         69:2a:fd:4e:a9:ce:d1:24:c7:f3:4c:33:e6:23:e8:f0:34:f1:
         b0:4c:d5:bf:22:c3:8a:f5:0b:17:35:70:fd:92:5d:32:04:55:
         73:41:af:3d:e2:37:0a:ea:9f:81:11:60:1e:26:ed:8b:d5:b3:
         e7:a3:08:00:ab:ee:7e:66:ec:27:ef:ec:cc:30:aa:96:a1:4c:
         ab:ec:f1:1b:d4:44:cf:13:5e:1e:22:fd:bd:35:5c:01:74:10:
         7c:94:8a:1c:83:b3:76:4b:25:d5:51:27:3e:09:96:ca:2d:71:
         b0:b3:b8:eb:a8:5f:2b:70:d9:87:3d:6f:c3:2a:73:4f:de:7b:
         50:75:18:09:b5:b5:c5:26:35:b4:3f:46:d2:61:40:a7:14:0c:
         1c:e5:9e:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcljRgzm3FoCmUzpwrND5Lx08K3YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZDY1MTZlNzYwODljZDcxZGM0ZDM3YThhZTUyYjA1ODIz
NzY5YzMwMWRiYWE5YTBhZTIwYzE0NjNkMDRiNGU3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGxZKkmy8vXIh/mqaTWFAEm99bWczTad72WI0uizkBzSOc
rHefRtGeKXPJOwaECLf9dL8q8LMPBLahvxEc0AncakX0yV6xY9K5gefm3QkABKoH
Do8qRcNkKHhAU6kwRc+WN+wtIKMZgSE6P8B1OkepWB/371AqcnkANSAacIXoUTf3
ljGgCBlfcxUX7cN72qSGx4AqI98m72w33xU5/AFE2DumSVYzd06SLrDP6TMVXCFA
9Bbf8jf/2SSBiU/1laHhIJbMJAZkwrxo/o/l41v7L/kqGbfvGmXb4nrf4UVZ//I4
An/Drv23MOnOhBgVb4gdkpSuDLhm1T9pm8vIHahnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUu+HKoaL9EzIIIqH3DIMT7sF1Ag0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q2NjhjYjM0LTE5ZTUtNDhlZC1iYzk2LWM0NWRmNzlhNDlmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK7lkiFBT3crBAzz64bMu/4i2l29
mZGtYwU1FAeDWDKNXpLK8DRgum0sNd1bwj8HfdZsKw3tt4E9Fsk2h6JqInPUSygi
iDI40nnamAKlkYjPjjrfQFVjQmNlB7rC65561YZuO7gqHcbHFSdd3mkq/U6pztEk
x/NMM+Yj6PA08bBM1b8iw4r1Cxc1cP2SXTIEVXNBrz3iNwrqn4ERYB4m7YvVs+ej
CACr7n5m7Cfv7MwwqpahTKvs8RvURM8TXh4i/b01XAF0EHyUihyDs3ZLJdVRJz4J
lsotcbCzuOuoXytw2Yc9b8Mqc0/ee1B1GAm1tcUmNbQ/RtJhQKcUDBzlnpg=
-----END CERTIFICATE-----