Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e3a75b2e-a029-4372-add9-5dc77295f3dd.roa
File:                     e3a75b2e-a029-4372-add9-5dc77295f3dd.roa (raw, json)
Hash identifier:          YKFBWoFQADrEqbwCfAFjX3zCFmqgW+eLNzoCydQXBzo=
Subject key identifier:   2F:95:8B:32:02:23:5E:5C:2A:48:C6:D6:8D:5D:ED:E7:BD:76:5D:6F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       444861B040A02F11E73A60C79444BED5DCB8E0AE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e3a75b2e-a029-4372-add9-5dc77295f3dd.roa
Signing time:             Sun 09 Mar 2025 02:08:29 +0000
ROA not before:           Sun 09 Mar 2025 02:08:29 +0000
ROA not after:            Sun 13 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:48:61:b0:40:a0:2f:11:e7:3a:60:c7:94:44:be:d5:dc:b8:e0:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  9 02:08:29 2025 GMT
            Not After : Apr 13 23:59:59 2025 GMT
        Subject: serialNumber=7f3552af6083976adccaa4a5951179ccb9f0eb24b3afe8dc1cbbe7b873d35e0c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e9:71:e2:25:cb:36:77:71:4c:4a:b4:89:ae:
                    d0:49:68:ae:0e:02:27:3c:6c:cd:48:3d:cd:c7:5d:
                    10:0f:54:71:30:4b:45:16:d1:ed:e0:35:b3:ef:d8:
                    46:bf:a3:f0:36:97:18:88:b3:cc:78:dc:f9:7b:28:
                    bb:ed:cd:6b:44:0c:a3:09:c8:83:43:12:d9:f1:90:
                    9d:0a:d4:7d:23:b5:6f:6f:96:59:0d:08:bc:1b:3d:
                    36:f1:fd:b0:c3:c4:f2:6f:f0:92:8c:f4:37:6b:bc:
                    98:a6:bd:2d:3f:41:11:28:b7:92:53:88:11:8c:34:
                    ee:db:e5:54:db:ed:8c:48:dd:b6:09:d8:e5:47:ac:
                    78:2b:d2:6a:53:e9:33:bb:de:a3:02:6c:72:55:f3:
                    f1:ff:36:de:1b:ca:2f:d7:c6:dd:c1:5d:ac:77:d0:
                    cf:ee:c8:e2:78:92:dc:15:36:3d:0d:47:fd:5d:bd:
                    8b:83:85:2f:f1:d4:9e:a4:cf:a3:74:85:50:b2:15:
                    c2:84:a5:8d:1a:fe:45:54:80:92:35:0d:7b:b9:b7:
                    7d:3e:f6:28:98:9c:1d:bf:0e:d3:9f:9e:e1:c4:68:
                    d0:31:07:6b:95:5f:c0:ea:74:3f:d1:59:83:8a:b0:
                    b2:dd:34:b4:0b:96:17:f6:27:b3:a1:40:c0:e7:2c:
                    21:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:95:8B:32:02:23:5E:5C:2A:48:C6:D6:8D:5D:ED:E7:BD:76:5D:6F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e3a75b2e-a029-4372-add9-5dc77295f3dd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:34:c1:2b:5b:7c:07:93:22:0f:d8:cb:b9:24:ff:0c:e3:aa:
         04:66:ab:38:67:9f:82:69:c7:6e:42:da:fb:f9:93:c0:65:14:
         c7:60:e0:f9:64:96:13:64:88:a6:32:64:ff:ea:14:51:7d:04:
         54:4b:f8:42:12:4b:bc:1b:84:76:63:47:54:bd:a9:5e:af:d5:
         06:b1:0c:9e:62:9d:fa:da:97:d3:c0:21:de:83:70:17:0c:05:
         26:2f:e9:55:b7:16:c8:b8:a8:68:13:2e:f5:6f:64:2e:12:33:
         fb:a4:95:0a:1b:dc:25:db:81:b7:34:03:5e:69:f1:2e:06:4e:
         3e:ff:df:ea:7c:47:01:24:08:ef:7d:16:69:e3:a1:9a:da:6a:
         d2:8f:6b:04:d4:97:06:2a:2c:85:76:9b:e8:0a:f6:2f:d8:8b:
         70:2c:b1:57:48:f0:a9:ac:09:73:97:9d:5c:01:db:cd:2a:d9:
         0c:40:78:fd:9b:4e:0e:bb:45:b5:cd:65:d5:bc:94:86:10:48:
         cc:27:04:04:f8:36:29:46:d9:12:07:45:04:a6:29:42:c2:d6:
         9e:e7:39:87:62:d2:1a:4c:12:7c:7c:dc:81:30:11:f8:a1:19:
         6a:c1:d1:5d:62:a2:7d:30:de:8c:4b:53:00:25:21:5e:1a:60:
         a9:cb:71:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUREhhsECgLxHnOmDHlES+1dy44K4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA5MDIwODI5WhcNMjUwNDEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZjM1NTJhZjYwODM5NzZhZGNjYWE0YTU5NTExNzljY2I5
ZjBlYjI0YjNhZmU4ZGMxY2JiZTdiODczZDM1ZTBjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj6XHiJcs2d3FMSrSJrtBJaK4OAic8bM1IPc3HXRAPVHEw
S0UW0e3gNbPv2Ea/o/A2lxiIs8x43Pl7KLvtzWtEDKMJyINDEtnxkJ0K1H0jtW9v
llkNCLwbPTbx/bDDxPJv8JKM9DdrvJimvS0/QREot5JTiBGMNO7b5VTb7YxI3bYJ
2OVHrHgr0mpT6TO73qMCbHJV8/H/Nt4byi/Xxt3BXax30M/uyOJ4ktwVNj0NR/1d
vYuDhS/x1J6kz6N0hVCyFcKEpY0a/kVUgJI1DXu5t30+9iiYnB2/DtOfnuHEaNAx
B2uVX8DqdD/RWYOKsLLdNLQLlhf2J7OhQMDnLCFjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUL5WLMgIjXlwqSMbWjV3t5712XW8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2UzYTc1YjJlLWEwMjktNDM3Mi1hZGQ5LTVkYzc3Mjk1ZjNkZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFc0wStbfAeTIg/Yy7kk/wzjqgRm
qzhnn4Jpx25C2vv5k8BlFMdg4PlklhNkiKYyZP/qFFF9BFRL+EISS7wbhHZjR1S9
qV6v1QaxDJ5infral9PAId6DcBcMBSYv6VW3Fsi4qGgTLvVvZC4SM/uklQob3CXb
gbc0A15p8S4GTj7/3+p8RwEkCO99FmnjoZraatKPawTUlwYqLIV2m+gK9i/Yi3As
sVdI8KmsCXOXnVwB280q2QxAeP2bTg67RbXNZdW8lIYQSMwnBAT4NilG2RIHRQSm
KULC1p7nOYdi0hpMEnx83IEwEfihGWrB0V1ion0w3oxLUwAlIV4aYKnLcSk=
-----END CERTIFICATE-----