Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d670958d-e9fc-4f3d-bb44-bce948d52fc4.roa
File:                     d670958d-e9fc-4f3d-bb44-bce948d52fc4.roa (raw, json)
Hash identifier:          Et7IwFZY3Q7E2QejTPqY0CdWUZDaTc0gbW31XwSdBws=
Subject key identifier:   36:4B:74:B1:99:BE:D8:61:3F:25:51:B3:AC:C7:36:59:D8:03:71:8C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2C3FB2221A3841339A57E526D2512ACCE854989D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d670958d-e9fc-4f3d-bb44-bce948d52fc4.roa
Signing time:             Tue 11 Mar 2025 19:28:22 +0000
ROA not before:           Tue 11 Mar 2025 19:28:22 +0000
ROA not after:            Tue 15 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:3f:b2:22:1a:38:41:33:9a:57:e5:26:d2:51:2a:cc:e8:54:98:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 11 19:28:22 2025 GMT
            Not After : Apr 15 23:59:59 2025 GMT
        Subject: serialNumber=1f50695e27aac4e54e5b576b56decd2eb48639d1ad65e5fba64662e616350264, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:41:19:d8:02:2c:93:c5:39:16:3d:e0:4d:28:
                    8c:23:ff:5c:ec:66:0d:03:51:dd:3f:ac:31:1b:6b:
                    78:2b:0d:fa:6c:5b:55:ad:73:42:38:9d:c7:21:8e:
                    74:bb:9b:c5:27:99:cd:df:fc:15:04:96:9f:8b:f2:
                    77:e0:8c:43:87:c1:39:63:5c:52:0d:65:76:65:c7:
                    b0:78:4c:32:db:d6:6d:8a:45:20:03:ae:64:45:98:
                    ab:95:ff:f9:25:59:de:5b:1a:ed:13:b3:a2:49:d8:
                    79:34:4a:5a:2e:1d:0d:ad:5a:9f:72:a6:ea:d8:3a:
                    c7:fc:d2:7b:2f:b6:9e:da:7c:90:e6:ce:81:e6:85:
                    b1:99:f4:1c:09:00:53:75:2c:88:11:a0:ff:75:d2:
                    9e:f9:82:3e:b2:38:ca:34:ec:24:a5:ac:2d:53:99:
                    93:1c:ba:c5:54:e7:18:5f:cd:b8:8b:9f:a2:cc:5b:
                    51:4e:e9:0a:03:4d:07:3a:27:7e:c5:b1:77:d0:e7:
                    74:0b:fb:68:38:3c:7e:c8:ec:bd:b0:47:4b:a6:15:
                    d7:32:cd:cc:d2:4f:d8:c1:d6:d1:5d:ee:44:3f:44:
                    25:69:57:c5:5d:8a:cb:bc:6a:0c:e7:d4:f9:ce:e4:
                    be:93:b8:61:5c:9a:62:71:76:86:b6:cc:f0:74:30:
                    01:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4B:74:B1:99:BE:D8:61:3F:25:51:B3:AC:C7:36:59:D8:03:71:8C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d670958d-e9fc-4f3d-bb44-bce948d52fc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:3f:21:ff:82:d8:e4:45:bd:e5:ab:ee:a9:b8:06:f2:55:f5:
         22:5e:84:34:94:14:54:ec:f2:6f:4d:34:61:c8:26:fc:48:83:
         e7:d9:e5:bd:ca:fe:e2:52:ee:ea:ac:02:4b:b5:fd:4f:63:de:
         9b:a8:89:de:2a:35:76:69:d0:8b:ac:dc:bc:dd:c8:21:ab:62:
         7f:da:2c:d8:25:e3:33:ab:1c:fa:25:39:9f:d0:66:fd:a3:d1:
         dc:78:20:8d:3e:97:a5:c1:df:c6:ec:a3:e6:17:54:c8:9c:67:
         03:fc:fe:69:ad:42:13:b7:9e:ce:a4:a0:42:7a:d8:a2:03:b6:
         21:df:ea:14:53:9a:aa:a9:e4:1e:71:f8:51:30:69:b6:8a:53:
         52:0e:b7:ca:3e:9b:35:f0:90:3e:0c:a7:a9:18:f5:98:6e:e6:
         2c:31:de:0a:f9:35:9d:ad:26:6d:ab:a8:e6:8d:66:49:f9:d0:
         f6:25:2f:9b:86:45:99:27:92:ad:05:26:ba:67:59:5f:88:14:
         23:75:7f:d7:67:44:ba:56:4a:ae:b5:6a:82:d6:91:14:ee:7e:
         04:7d:fc:96:2e:2d:5c:77:b1:96:db:7c:9f:ed:d6:6c:ff:3d:
         73:d4:73:ad:4b:94:15:f1:f5:c3:19:22:19:57:fb:48:dc:28:
         36:ee:12:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULD+yIho4QTOaV+Um0lEqzOhUmJ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzExMTkyODIyWhcNMjUwNDE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjUwNjk1ZTI3YWFjNGU1NGU1YjU3NmI1NmRlY2QyZWI0
ODYzOWQxYWQ2NWU1ZmJhNjQ2NjJlNjE2MzUwMjY0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+QRnYAiyTxTkWPeBNKIwj/1zsZg0DUd0/rDEba3grDfps
W1Wtc0I4ncchjnS7m8Unmc3f/BUElp+L8nfgjEOHwTljXFINZXZlx7B4TDLb1m2K
RSADrmRFmKuV//klWd5bGu0Ts6JJ2Hk0SlouHQ2tWp9ypurYOsf80nsvtp7afJDm
zoHmhbGZ9BwJAFN1LIgRoP910p75gj6yOMo07CSlrC1TmZMcusVU5xhfzbiLn6LM
W1FO6QoDTQc6J37FsXfQ53QL+2g4PH7I7L2wR0umFdcyzczST9jB1tFd7kQ/RCVp
V8Vdisu8agzn1PnO5L6TuGFcmmJxdoa2zPB0MAFLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNkt0sZm+2GE/JVGzrMc2WdgDcYwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q2NzA5NThkLWU5ZmMtNGYzZC1iYjQ0LWJjZTk0OGQ1MmZjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAs/If+C2ORFveWr7qm4BvJV9SJe
hDSUFFTs8m9NNGHIJvxIg+fZ5b3K/uJS7uqsAku1/U9j3puoid4qNXZp0Ius3Lzd
yCGrYn/aLNgl4zOrHPolOZ/QZv2j0dx4II0+l6XB38bso+YXVMicZwP8/mmtQhO3
ns6koEJ62KIDtiHf6hRTmqqp5B5x+FEwabaKU1IOt8o+mzXwkD4Mp6kY9Zhu5iwx
3gr5NZ2tJm2rqOaNZkn50PYlL5uGRZknkq0FJrpnWV+IFCN1f9dnRLpWSq61aoLW
kRTufgR9/JYuLVx3sZbbfJ/t1mz/PXPUc61LlBXx9cMZIhlX+0jcKDbuEvM=
-----END CERTIFICATE-----