Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/da38168a-dbc5-4c52-add5-d744d8077b87.roa
File:                     da38168a-dbc5-4c52-add5-d744d8077b87.roa (raw, json)
Hash identifier:          fAdqtn+AdqinnEIhguXe45QE1ZYEM1dx/xC+3HaYH6k=
Subject key identifier:   DF:25:28:A5:9D:FB:25:4E:C3:D4:98:09:B5:BB:0B:B8:7E:EC:00:30
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5FB54796347085B31219D6F9B7689D7D3F0DE886
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/da38168a-dbc5-4c52-add5-d744d8077b87.roa
Signing time:             Wed 12 Feb 2025 00:00:00 +0000
ROA not before:           Wed 12 Feb 2025 00:00:00 +0000
ROA not after:            Wed 19 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:b5:47:96:34:70:85:b3:12:19:d6:f9:b7:68:9d:7d:3f:0d:e8:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 12 00:00:00 2025 GMT
            Not After : Mar 19 23:59:59 2025 GMT
        Subject: serialNumber=5f4be7258bfd125639b6f0101d7e4ea3668861cc1fcd2a757f8dfa27b339b58f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:83:98:e9:7e:20:00:b7:c0:a8:55:c1:21:3d:
                    72:b2:55:16:55:b4:bb:0f:d3:47:22:3f:21:5f:f7:
                    93:f0:a8:e8:28:e8:f6:63:84:75:c7:51:76:89:2a:
                    8f:da:7f:a9:e9:16:d3:70:81:79:01:e5:b8:4e:8e:
                    d6:93:c3:68:ab:c6:ce:73:d6:1d:0a:c7:d2:10:ad:
                    42:bc:00:e0:34:4a:86:f5:ff:c5:98:63:70:7a:4e:
                    e9:19:40:d4:a4:57:f4:20:cc:05:61:41:59:28:82:
                    ff:4e:2a:25:76:a8:1e:da:dc:99:23:86:94:ec:27:
                    7a:45:26:ac:e5:75:0a:45:fb:93:43:3a:87:e0:e7:
                    ac:40:99:ee:7f:cd:37:02:41:51:e0:5b:8b:a5:3e:
                    7b:87:cf:6d:1a:ee:c6:7d:b0:5f:17:5f:4a:c6:1e:
                    0e:9b:39:0a:4b:6a:37:94:1d:d6:5f:ee:73:84:6e:
                    d6:be:9f:fc:0e:de:85:19:65:17:77:c5:7f:7b:fd:
                    50:27:fb:fe:85:37:b1:a0:c8:88:fc:1f:6a:f8:53:
                    af:32:9c:fd:b1:c1:43:d4:b5:5b:c2:c6:b1:6a:92:
                    ad:ce:c8:4d:ca:0a:b9:9a:a7:d5:04:05:48:30:cb:
                    96:85:71:f0:ad:3d:9e:b0:77:fe:99:15:0a:b0:3f:
                    41:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:25:28:A5:9D:FB:25:4E:C3:D4:98:09:B5:BB:0B:B8:7E:EC:00:30
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/da38168a-dbc5-4c52-add5-d744d8077b87.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:53:91:b3:88:f1:8f:fe:33:f2:cd:2d:01:21:75:e4:dc:16:
         d1:ae:a8:f8:ad:94:9d:8d:31:ce:a7:ef:d0:78:86:f8:f7:ee:
         d5:f7:42:5c:c1:72:d3:b1:8e:20:82:3a:74:cf:d1:cf:98:79:
         1a:2f:7a:30:32:53:81:ed:f2:d8:54:01:af:19:b6:a4:83:71:
         cd:01:25:1a:de:99:55:f5:4c:30:12:1e:5e:0d:11:23:45:39:
         7e:7e:e4:1f:03:b1:1d:ac:99:22:30:7a:cb:ff:84:4b:59:c1:
         3a:2c:97:e3:7c:9e:57:84:5a:ac:9f:cb:4f:d0:10:f0:7b:34:
         67:71:5b:61:8a:7d:6e:9f:48:6f:be:36:9e:8e:e0:60:2a:7c:
         f9:d9:89:4e:5c:5f:6a:4a:6b:b1:f5:b7:54:41:73:c5:f4:3a:
         89:6e:0b:37:90:6b:6a:74:c1:5d:8f:c7:e8:5b:ed:56:06:c8:
         1b:45:55:e1:81:8e:9c:f8:5b:36:a0:8a:e9:ad:3f:a6:95:31:
         82:f9:e2:f1:35:e0:8c:40:36:92:c9:48:3e:9a:b4:66:0a:21:
         ab:37:c1:5e:bb:b7:da:88:c9:01:1b:56:42:46:49:29:b9:7a:
         32:f4:39:b0:16:9d:05:5a:b4:90:ae:5d:6a:5a:53:4c:d6:ec:
         3a:03:b6:a9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUX7VHljRwhbMSGdb5t2idfT8N6IYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjEyMDAwMDAwWhcNMjUwMzE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjRiZTcyNThiZmQxMjU2MzliNmYwMTAxZDdlNGVhMzY2
ODg2MWNjMWZjZDJhNzU3ZjhkZmEyN2IzMzliNThmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClg5jpfiAAt8CoVcEhPXKyVRZVtLsP00ciPyFf95PwqOgo
6PZjhHXHUXaJKo/af6npFtNwgXkB5bhOjtaTw2irxs5z1h0Kx9IQrUK8AOA0Sob1
/8WYY3B6TukZQNSkV/QgzAVhQVkogv9OKiV2qB7a3JkjhpTsJ3pFJqzldQpF+5ND
Oofg56xAme5/zTcCQVHgW4ulPnuHz20a7sZ9sF8XX0rGHg6bOQpLajeUHdZf7nOE
bta+n/wO3oUZZRd3xX97/VAn+/6FN7GgyIj8H2r4U68ynP2xwUPUtVvCxrFqkq3O
yE3KCrmap9UEBUgwy5aFcfCtPZ6wd/6ZFQqwP0FRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3yUopZ37JU7D1JgJtbsLuH7sADAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RhMzgxNjhhLWRiYzUtNGM1Mi1hZGQ1LWQ3NDRkODA3N2I4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKdTkbOI8Y/+M/LNLQEhdeTcFtGu
qPitlJ2NMc6n79B4hvj37tX3QlzBctOxjiCCOnTP0c+YeRovejAyU4Ht8thUAa8Z
tqSDcc0BJRremVX1TDASHl4NESNFOX5+5B8DsR2smSIwesv/hEtZwTosl+N8nleE
Wqyfy0/QEPB7NGdxW2GKfW6fSG++Np6O4GAqfPnZiU5cX2pKa7H1t1RBc8X0Oolu
CzeQa2p0wV2Px+hb7VYGyBtFVeGBjpz4WzagiumtP6aVMYL54vE14IxANpLJSD6a
tGYKIas3wV67t9qIyQEbVkJGSSm5ejL0ObAWnQVatJCuXWpaU0zW7DoDtqk=
-----END CERTIFICATE-----