Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d7d502f5-da20-48e8-b227-84b52b13013e.roa
File:                     d7d502f5-da20-48e8-b227-84b52b13013e.roa (raw, json)
Hash identifier:          7o9pPj6KgNaXMcVxdqwRqR/TBOzm5HH4Jv5fbppM7FU=
Subject key identifier:   52:E4:77:41:F8:C0:75:69:90:03:BD:99:FB:4B:04:DB:0A:2A:65:81
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       17735191A235E529A226FE4A6EB4B4C93EC245AA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d7d502f5-da20-48e8-b227-84b52b13013e.roa
Signing time:             Sun 22 Dec 2024 00:00:00 +0000
ROA not before:           Sun 22 Dec 2024 00:00:00 +0000
ROA not after:            Sun 26 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:73:51:91:a2:35:e5:29:a2:26:fe:4a:6e:b4:b4:c9:3e:c2:45:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 22 00:00:00 2024 GMT
            Not After : Jan 26 23:59:59 2025 GMT
        Subject: serialNumber=1e5770ecf1b6909ce64ca537b3949193d8d2bdd900983ca1254df362bab37196, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fc:fb:9a:06:8f:b6:78:a6:7e:57:98:c5:16:
                    e5:7a:b7:18:93:ab:88:95:f4:57:00:a6:aa:a0:65:
                    83:95:fc:72:75:ff:8d:ec:f6:03:26:04:e9:17:43:
                    2e:cd:61:c4:0f:98:1c:96:fb:95:ce:b8:21:a6:ed:
                    83:04:e4:e7:4c:ce:77:28:41:9e:2a:e7:bb:14:1d:
                    8f:0e:b5:24:6c:57:40:17:42:fe:02:2d:40:89:e7:
                    b2:9b:e3:83:14:0d:d2:4b:2a:2e:24:0b:ff:33:7d:
                    5a:a4:ab:8c:41:38:39:08:40:ea:24:1a:bf:e0:80:
                    ab:b9:5a:7d:06:f8:d3:14:bd:6a:87:d9:c3:7e:c3:
                    8c:52:ee:d6:ac:b0:f1:9c:5c:11:c1:75:c9:9d:e7:
                    03:e8:9a:78:a5:c2:b9:88:db:cd:b4:ee:67:c3:ed:
                    7c:fa:16:e2:17:60:12:f3:92:46:f7:e2:2b:12:57:
                    fa:cc:98:7d:4a:13:19:76:bd:24:30:f8:9f:d6:e9:
                    97:e7:38:a9:c6:dc:33:f9:a5:6a:7b:be:20:03:bd:
                    d5:f6:28:93:78:88:a7:4f:d4:69:66:1b:d3:20:07:
                    0b:7a:d3:f6:c2:bf:a8:c2:a1:81:b0:8f:fe:2f:51:
                    57:9e:bd:8a:a9:8d:0b:7b:84:32:1b:66:b1:18:b5:
                    c7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:E4:77:41:F8:C0:75:69:90:03:BD:99:FB:4B:04:DB:0A:2A:65:81
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d7d502f5-da20-48e8-b227-84b52b13013e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:35:b6:7c:b4:49:38:22:92:24:f8:9b:0b:08:78:85:dd:12:
         a7:33:cf:11:16:43:2e:84:a4:63:d8:1e:97:a8:76:0a:4e:e5:
         06:06:19:8a:bc:f9:ed:31:bc:6a:d2:02:99:2f:16:96:1d:15:
         94:eb:9f:97:2a:26:05:69:c3:93:a4:e3:32:d0:03:c0:a9:6e:
         23:09:ea:1f:be:f7:1e:c4:56:32:7a:b7:df:c9:73:6a:1b:81:
         08:eb:85:ef:c8:23:cd:fc:bd:5f:3c:a8:f3:a7:a9:4a:33:fa:
         8d:6f:d2:26:65:05:2c:2c:8a:0f:49:5c:cd:59:1e:11:c2:7c:
         5e:44:e9:07:aa:d9:b8:6d:43:ba:af:66:b7:eb:1f:b7:b1:3f:
         28:31:4b:10:ab:8e:db:51:91:77:38:75:d7:8a:72:52:a6:1e:
         e2:c6:fa:98:b0:5b:aa:d9:e7:da:a5:4f:45:0a:34:41:54:bb:
         3d:02:b0:81:bc:3f:a9:f9:f5:0b:7d:e9:0f:61:5e:6c:bb:32:
         0a:5f:8d:fc:26:87:a8:ce:dd:3f:eb:22:3f:0a:11:fd:3d:1a:
         2f:10:81:ef:d3:49:bb:2f:00:7d:b1:5a:9c:6f:da:8b:19:d9:
         2c:ef:ba:02:60:d4:4a:fe:f1:10:63:3b:12:8e:61:6d:77:28:
         20:c0:51:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF3NRkaI15SmiJv5KbrS0yT7CRaowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjIyMDAwMDAwWhcNMjUwMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTU3NzBlY2YxYjY5MDljZTY0Y2E1MzdiMzk0OTE5M2Q4
ZDJiZGQ5MDA5ODNjYTEyNTRkZjM2MmJhYjM3MTk2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp/PuaBo+2eKZ+V5jFFuV6txiTq4iV9FcApqqgZYOV/HJ1
/43s9gMmBOkXQy7NYcQPmByW+5XOuCGm7YME5OdMzncoQZ4q57sUHY8OtSRsV0AX
Qv4CLUCJ57Kb44MUDdJLKi4kC/8zfVqkq4xBODkIQOokGr/ggKu5Wn0G+NMUvWqH
2cN+w4xS7tassPGcXBHBdcmd5wPomnilwrmI28207mfD7Xz6FuIXYBLzkkb34isS
V/rMmH1KExl2vSQw+J/W6ZfnOKnG3DP5pWp7viADvdX2KJN4iKdP1GlmG9MgBwt6
0/bCv6jCoYGwj/4vUVeevYqpjQt7hDIbZrEYtcdfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUuR3QfjAdWmQA72Z+0sE2woqZYEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q3ZDUwMmY1LWRhMjAtNDhlOC1iMjI3LTg0YjUyYjEzMDEzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGA1tny0STgikiT4mwsIeIXdEqcz
zxEWQy6EpGPYHpeodgpO5QYGGYq8+e0xvGrSApkvFpYdFZTrn5cqJgVpw5Ok4zLQ
A8CpbiMJ6h++9x7EVjJ6t9/Jc2obgQjrhe/II838vV88qPOnqUoz+o1v0iZlBSws
ig9JXM1ZHhHCfF5E6Qeq2bhtQ7qvZrfrH7exPygxSxCrjttRkXc4ddeKclKmHuLG
+piwW6rZ59qlT0UKNEFUuz0CsIG8P6n59Qt96Q9hXmy7Mgpfjfwmh6jO3T/rIj8K
Ef09Gi8Qge/TSbsvAH2xWpxv2osZ2SzvugJg1Er+8RBjOxKOYW13KCDAURE=
-----END CERTIFICATE-----