Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dc25fba0-bef6-4bf7-bb8c-3b5687621313.roa
File:                     dc25fba0-bef6-4bf7-bb8c-3b5687621313.roa (raw, json)
Hash identifier:          +cuIDek1ur3ZYUIsvxGb+3f0wdxPacrKWHHStHHtMfw=
Subject key identifier:   E4:0A:05:7D:E4:9F:CC:FD:26:40:69:B1:2B:21:D9:D8:22:A9:0C:B3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       174B7FDD0C8E1997C1E2A41205BB135128C75989
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dc25fba0-bef6-4bf7-bb8c-3b5687621313.roa
Signing time:             Wed 05 Mar 2025 16:43:21 +0000
ROA not before:           Wed 05 Mar 2025 16:43:21 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:4b:7f:dd:0c:8e:19:97:c1:e2:a4:12:05:bb:13:51:28:c7:59:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  5 16:43:21 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: serialNumber=ee0deb5161c6814feb586d36b983aa63f8ca3a0a9e4de0c68135dbcaec58b276, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8b:de:6d:4c:89:a0:07:ff:05:02:8f:99:82:
                    79:cf:a4:5b:a5:0e:a5:0e:f1:64:9f:f6:e0:97:54:
                    71:41:a7:d3:c1:80:79:ba:33:3a:65:43:40:b1:f4:
                    cf:ba:f2:d6:8e:b9:f7:dd:68:59:78:a6:5f:a8:94:
                    81:16:1c:c8:8a:f3:fa:e9:9b:e2:e4:b8:a1:62:eb:
                    25:31:8f:d0:99:51:66:0b:52:f7:dd:6b:72:a1:76:
                    b2:d4:d5:02:a3:39:a6:75:4b:a7:72:0d:85:17:ca:
                    9e:a1:f4:bc:6b:cb:96:98:32:9e:7e:95:0f:33:5e:
                    8f:21:69:b9:3a:05:a1:e8:a6:59:61:ef:32:0a:00:
                    df:fd:72:96:30:28:41:e0:08:ab:46:b8:85:d5:9e:
                    71:02:00:0e:25:1d:42:ba:90:86:ba:f7:d9:69:64:
                    0e:b8:2e:46:85:10:cd:75:f3:d5:48:41:49:c8:ab:
                    a3:18:89:8e:ad:5c:c2:6b:03:a8:cb:1c:46:c0:1a:
                    5c:32:c0:17:f2:9d:50:2c:e2:f3:7c:29:80:ea:51:
                    92:e2:c6:73:be:91:7f:4d:17:9a:5d:c1:a9:70:f0:
                    0d:87:d2:ef:b4:0e:34:9e:a7:99:28:ec:f4:09:f9:
                    7b:14:a1:c1:c0:59:b6:f2:ac:20:af:99:38:1a:3c:
                    27:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:0A:05:7D:E4:9F:CC:FD:26:40:69:B1:2B:21:D9:D8:22:A9:0C:B3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dc25fba0-bef6-4bf7-bb8c-3b5687621313.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:a3:c9:ee:1d:56:40:77:b8:7d:4d:e2:f3:d1:15:27:f0:e7:
         80:12:e0:16:28:45:b0:ca:34:dc:8a:5e:44:fb:27:7d:4f:8b:
         74:6a:b3:aa:24:74:d3:97:f5:a6:60:78:73:e9:cc:12:1b:14:
         77:78:82:8e:23:51:8b:36:42:22:f3:8e:3b:aa:1b:49:67:df:
         a6:59:59:95:54:11:5d:73:dc:f8:41:39:28:b4:d2:dd:d2:47:
         d1:04:d1:04:7e:c6:33:59:e5:ef:c1:2e:1b:92:a3:22:65:ce:
         14:d9:36:ec:45:08:ef:7c:42:60:43:ec:4c:f2:bc:c7:ba:06:
         a7:b0:dc:6c:f7:54:6c:46:8b:c4:e1:42:9a:60:39:d8:2b:a9:
         62:44:f5:66:a9:64:68:f3:3c:72:7c:47:52:d4:9c:f2:95:a1:
         7d:83:c1:6c:6e:e3:3b:1f:bb:e3:a0:3e:ce:12:a8:5e:63:aa:
         79:64:b3:4b:65:09:ea:2e:1a:3d:f0:5d:09:c4:ef:6e:0e:a2:
         dd:c2:1c:70:4f:40:be:d1:c3:10:a7:ed:01:91:c3:76:34:af:
         d4:36:e6:48:d9:bc:46:e0:99:64:6b:a5:39:a0:23:38:09:98:
         0c:e0:88:38:ee:04:2a:29:02:b4:86:ca:69:1a:d3:e3:7e:66:
         2d:e9:46:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF0t/3QyOGZfB4qQSBbsTUSjHWYkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA1MTY0MzIxWhcNMjUwNDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZTBkZWI1MTYxYzY4MTRmZWI1ODZkMzZiOTgzYWE2M2Y4
Y2EzYTBhOWU0ZGUwYzY4MTM1ZGJjYWVjNThiMjc2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCki95tTImgB/8FAo+ZgnnPpFulDqUO8WSf9uCXVHFBp9PB
gHm6MzplQ0Cx9M+68taOuffdaFl4pl+olIEWHMiK8/rpm+LkuKFi6yUxj9CZUWYL
Uvfda3KhdrLU1QKjOaZ1S6dyDYUXyp6h9Lxry5aYMp5+lQ8zXo8habk6BaHopllh
7zIKAN/9cpYwKEHgCKtGuIXVnnECAA4lHUK6kIa699lpZA64LkaFEM1189VIQUnI
q6MYiY6tXMJrA6jLHEbAGlwywBfynVAs4vN8KYDqUZLixnO+kX9NF5pdwalw8A2H
0u+0DjSep5ko7PQJ+XsUocHAWbbyrCCvmTgaPCfNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5AoFfeSfzP0mQGmxKyHZ2CKpDLMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RjMjVmYmEwLWJlZjYtNGJmNy1iYjhjLTNiNTY4NzYyMTMxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABGjye4dVkB3uH1N4vPRFSfw54AS
4BYoRbDKNNyKXkT7J31Pi3Rqs6okdNOX9aZgeHPpzBIbFHd4go4jUYs2QiLzjjuq
G0ln36ZZWZVUEV1z3PhBOSi00t3SR9EE0QR+xjNZ5e/BLhuSoyJlzhTZNuxFCO98
QmBD7EzyvMe6Bqew3Gz3VGxGi8ThQppgOdgrqWJE9WapZGjzPHJ8R1LUnPKVoX2D
wWxu4zsfu+OgPs4SqF5jqnlks0tlCeouGj3wXQnE724Oot3CHHBPQL7RwxCn7QGR
w3Y0r9Q25kjZvEbgmWRrpTmgIzgJmAzgiDjuBCopArSGymka0+N+Zi3pRhk=
-----END CERTIFICATE-----