Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/de26619e-95d8-4d5c-b7c0-3d12459c6533.roa
File:                     de26619e-95d8-4d5c-b7c0-3d12459c6533.roa (raw, json)
Hash identifier:          YYctg/AZueY/wyAprHygnA8wREVjAbyvMZhUJZHF7eA=
Subject key identifier:   61:6C:1C:94:C0:0E:DD:ED:EA:32:23:CF:31:E7:FA:E4:9F:7B:7F:BD
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       20828CE539F3F7C11A9003D856C34034F1753674
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/de26619e-95d8-4d5c-b7c0-3d12459c6533.roa
Signing time:             Thu 13 Feb 2025 18:28:31 +0000
ROA not before:           Thu 13 Feb 2025 18:28:31 +0000
ROA not after:            Thu 20 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:82:8c:e5:39:f3:f7:c1:1a:90:03:d8:56:c3:40:34:f1:75:36:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 13 18:28:31 2025 GMT
            Not After : Mar 20 23:59:59 2025 GMT
        Subject: serialNumber=37a08cfe4412a2d6c84e7b5933771052415103e783df2af4b516ee42cc1d7716, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:28:0f:0a:c3:69:36:d5:22:41:9a:fe:28:23:
                    79:a6:7c:c2:f7:a7:60:3a:2a:a6:86:b7:a8:31:d4:
                    fd:28:f1:53:e0:bf:57:20:01:3f:76:d0:03:f4:6f:
                    0b:1a:c6:01:c9:b8:c2:fb:ec:ef:41:72:0f:b6:25:
                    4f:20:73:ad:36:6d:4e:83:93:df:fb:66:7e:37:05:
                    b3:79:df:65:f8:85:ea:66:7d:4d:35:ad:50:39:86:
                    df:73:eb:47:61:93:3f:1c:94:38:dc:6a:d8:55:68:
                    ba:b0:33:3b:d4:b6:1e:0f:9c:79:56:a0:28:67:5b:
                    4e:6a:08:b8:1a:c9:5a:bf:32:d2:ba:e2:3f:ac:ec:
                    45:6e:88:b4:05:68:dc:40:62:d2:34:e0:12:ba:7e:
                    dc:ba:e3:c9:db:64:ab:41:e9:cd:77:93:1c:b2:fd:
                    f2:8f:de:3d:e2:eb:49:56:18:58:f5:75:23:6e:c5:
                    38:23:e6:2f:b6:89:22:e3:4b:df:38:6e:61:ca:f5:
                    a9:4a:cf:14:03:7b:90:fd:d2:58:31:7e:f0:90:f5:
                    6e:a5:a8:1d:ba:be:94:b9:01:8f:37:eb:bf:68:07:
                    88:a7:f3:38:9f:f0:56:f5:cd:0d:d1:6f:00:a1:e1:
                    17:f8:90:36:a6:32:58:75:df:b6:84:20:45:91:29:
                    76:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:6C:1C:94:C0:0E:DD:ED:EA:32:23:CF:31:E7:FA:E4:9F:7B:7F:BD
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/de26619e-95d8-4d5c-b7c0-3d12459c6533.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:52:b5:07:5f:cc:51:86:2f:a5:f3:dc:0a:9c:be:2e:97:07:
         c2:69:49:0a:95:f3:ea:ca:2b:5f:39:1c:60:09:06:be:93:08:
         a0:e0:26:b1:88:a0:6f:dd:9d:73:c0:a0:d1:6d:f4:64:6d:d2:
         09:9f:d2:d5:9f:5c:3c:7e:72:9d:9c:10:2a:fb:67:aa:e0:70:
         3f:ca:e2:b2:ab:2e:c1:68:e3:48:40:05:83:e4:d1:c9:29:3f:
         6b:e8:ca:78:97:a6:4b:48:5b:dc:1d:cc:c9:a7:cd:4f:ce:f9:
         dc:c4:0e:05:74:8d:d4:ff:a3:60:c5:07:b5:4b:2e:2c:f7:43:
         0d:2d:a8:cd:b1:5d:a3:1c:c0:22:48:cf:54:d1:78:7d:fc:7c:
         48:40:cf:c9:4b:53:fa:65:8d:ac:65:ff:b8:28:b4:ba:85:10:
         ec:42:4d:15:6c:b7:cf:e1:af:8e:fc:d5:58:ee:f0:2b:50:ba:
         f9:9c:91:e8:6c:b2:e9:21:ba:1f:44:bc:fe:ce:83:3d:37:7a:
         db:96:5f:53:6a:1e:c0:53:18:cd:df:57:87:9d:53:b8:3c:58:
         a9:1d:04:9e:f9:0b:91:f2:66:7e:b4:e3:89:58:7f:41:c3:a3:
         46:7d:38:1a:4f:09:4e:ba:2a:c7:95:0b:07:0e:dd:07:e6:20:
         84:35:64:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIIKM5Tnz98EakAPYVsNANPF1NnQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjEzMTgyODMxWhcNMjUwMzIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2EwOGNmZTQ0MTJhMmQ2Yzg0ZTdiNTkzMzc3MTA1MjQx
NTEwM2U3ODNkZjJhZjRiNTE2ZWU0MmNjMWQ3NzE2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYKA8Kw2k21SJBmv4oI3mmfML3p2A6KqaGt6gx1P0o8VPg
v1cgAT920AP0bwsaxgHJuML77O9Bcg+2JU8gc602bU6Dk9/7Zn43BbN532X4hepm
fU01rVA5ht9z60dhkz8clDjcathVaLqwMzvUth4PnHlWoChnW05qCLgayVq/MtK6
4j+s7EVuiLQFaNxAYtI04BK6fty648nbZKtB6c13kxyy/fKP3j3i60lWGFj1dSNu
xTgj5i+2iSLjS984bmHK9alKzxQDe5D90lgxfvCQ9W6lqB26vpS5AY83679oB4in
8zif8Fb1zQ3RbwCh4Rf4kDamMlh137aEIEWRKXbJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYWwclMAO3e3qMiPPMef65J97f70wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RlMjY2MTllLTk1ZDgtNGQ1Yy1iN2MwLTNkMTI0NTljNjUzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABtStQdfzFGGL6Xz3Aqcvi6XB8Jp
SQqV8+rKK185HGAJBr6TCKDgJrGIoG/dnXPAoNFt9GRt0gmf0tWfXDx+cp2cECr7
Z6rgcD/K4rKrLsFo40hABYPk0ckpP2voyniXpktIW9wdzMmnzU/O+dzEDgV0jdT/
o2DFB7VLLiz3Qw0tqM2xXaMcwCJIz1TReH38fEhAz8lLU/pljaxl/7gotLqFEOxC
TRVst8/hr4781Vju8CtQuvmckehssukhuh9EvP7Ogz03etuWX1NqHsBTGM3fV4ed
U7g8WKkdBJ75C5HyZn6044lYf0HDo0Z9OBpPCU66KseVCwcO3QfmIIQ1ZKM=
-----END CERTIFICATE-----