Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e56eded2-ad61-42d1-9537-baec22b45e4e.roa
File:                     e56eded2-ad61-42d1-9537-baec22b45e4e.roa (raw, json)
Hash identifier:          hhtrkYnrFFPuj4BWUGjoOCZez21aSDxpv/kucBw7f7Y=
Subject key identifier:   4D:3F:58:62:51:3F:A8:F1:6A:F6:F4:6F:C2:40:3B:BB:76:02:06:3E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4FC242A641F2DEFF62D252A6F72CDCE2F004C43C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e56eded2-ad61-42d1-9537-baec22b45e4e.roa
Signing time:             Sat 26 Apr 2025 11:08:18 +0000
ROA not before:           Sat 26 Apr 2025 11:08:18 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:c2:42:a6:41:f2:de:ff:62:d2:52:a6:f7:2c:dc:e2:f0:04:c4:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 26 11:08:18 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=519c33a18a406aef386ede89ccb52eb28db6a2cada0eccba71e4132aa405a64e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:1e:15:55:d9:45:56:a2:2a:3e:ea:78:1b:e8:
                    72:4c:82:2a:17:1d:ac:ca:db:2f:89:c9:ea:bc:03:
                    11:fd:ed:ef:a8:1d:1d:7d:47:30:a9:d5:23:a1:2a:
                    8b:d6:4e:63:fd:0f:e7:57:1c:3b:64:9e:dd:1f:bf:
                    47:80:84:8a:56:91:a0:9a:e5:07:52:2f:1e:92:74:
                    2e:ae:19:7a:95:43:20:cf:2f:c7:87:40:32:ed:b5:
                    51:90:63:b2:46:04:54:6d:0f:49:c7:30:6f:04:30:
                    41:c5:7c:51:40:88:d6:bc:01:65:28:68:d2:39:60:
                    7f:2f:43:e9:27:29:b3:14:d9:91:3c:a9:ef:77:2e:
                    3d:fd:0d:1d:2a:48:7b:ac:c2:63:8b:14:4e:ea:1e:
                    fb:44:45:d7:64:49:8e:a9:ee:f1:f0:7c:8b:7e:0e:
                    0f:b8:b5:c3:3b:47:62:bf:3a:52:0e:f7:24:91:f8:
                    99:e9:c2:78:f6:e7:20:c7:dd:f4:c3:d1:97:bf:8d:
                    f2:46:a0:1b:de:25:8f:95:51:dd:24:04:f9:a4:27:
                    4c:cb:8f:fc:f7:df:a3:9b:bf:e0:96:c3:f9:1d:95:
                    97:a2:d2:75:02:b0:88:af:5a:37:cb:20:0b:cc:1c:
                    98:aa:54:b7:92:14:a3:30:65:54:05:8a:7e:5f:a5:
                    f8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:3F:58:62:51:3F:A8:F1:6A:F6:F4:6F:C2:40:3B:BB:76:02:06:3E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e56eded2-ad61-42d1-9537-baec22b45e4e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:f7:3c:d0:63:85:84:2b:53:69:3e:7f:1c:c7:f7:c5:5d:83:
         07:3a:68:16:65:3b:7a:0f:33:ba:92:0f:f5:d3:19:55:70:a3:
         24:13:47:79:43:c7:b4:b6:26:27:ab:ef:ce:7a:c6:af:4a:56:
         e0:db:cc:51:60:2d:3b:d7:59:f8:b4:dc:18:86:9f:9a:9a:93:
         48:5e:22:00:47:66:82:e7:8f:48:b0:8f:02:46:c4:e4:6f:91:
         ac:0b:13:5e:3a:81:53:08:34:78:2a:05:f3:df:1b:f7:76:55:
         5b:7d:5a:3e:74:db:6a:b8:2a:3f:ed:f0:6f:ee:f5:5b:70:5a:
         f6:8f:6b:7c:34:8c:3e:d0:b9:44:5d:c5:67:14:21:b1:05:2b:
         fc:0d:f0:9a:4a:84:99:c5:7e:4a:5a:4f:48:a6:a6:37:85:a4:
         6f:c7:67:95:c8:e3:ea:88:c2:75:78:f0:bf:c5:ab:f0:f4:c1:
         22:91:33:e1:1b:64:64:9e:e5:d6:f0:69:2a:fe:55:ac:b7:9c:
         5d:fe:51:c4:11:30:29:e7:fa:1d:50:71:cb:33:d1:f9:8a:63:
         00:bc:3e:4f:76:67:5b:36:4f:94:b3:dc:4a:c6:14:df:cf:1f:
         c6:12:a6:ba:73:29:b4:1f:da:c3:96:cf:0b:f0:b6:d9:c7:d5:
         f6:da:44:ec
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT8JCpkHy3v9i0lKm9yzc4vAExDwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDI2MTEwODE4WhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTljMzNhMThhNDA2YWVmMzg2ZWRlODljY2I1MmViMjhk
YjZhMmNhZGEwZWNjYmE3MWU0MTMyYWE0MDVhNjRlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHHhVV2UVWoio+6ngb6HJMgioXHazK2y+Jyeq8AxH97e+o
HR19RzCp1SOhKovWTmP9D+dXHDtknt0fv0eAhIpWkaCa5QdSLx6SdC6uGXqVQyDP
L8eHQDLttVGQY7JGBFRtD0nHMG8EMEHFfFFAiNa8AWUoaNI5YH8vQ+knKbMU2ZE8
qe93Lj39DR0qSHuswmOLFE7qHvtERddkSY6p7vHwfIt+Dg+4tcM7R2K/OlIO9ySR
+Jnpwnj25yDH3fTD0Ze/jfJGoBveJY+VUd0kBPmkJ0zLj/z336Obv+CWw/kdlZei
0nUCsIivWjfLIAvMHJiqVLeSFKMwZVQFin5fpfhrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTT9YYlE/qPFq9vRvwkA7u3YCBj4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U1NmVkZWQyLWFkNjEtNDJkMS05NTM3LWJhZWMyMmI0NWU0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG33PNBjhYQrU2k+fxzH98Vdgwc6
aBZlO3oPM7qSD/XTGVVwoyQTR3lDx7S2Jier7856xq9KVuDbzFFgLTvXWfi03BiG
n5qak0heIgBHZoLnj0iwjwJGxORvkawLE146gVMINHgqBfPfG/d2VVt9Wj5022q4
Kj/t8G/u9VtwWvaPa3w0jD7QuURdxWcUIbEFK/wN8JpKhJnFfkpaT0impjeFpG/H
Z5XI4+qIwnV48L/Fq/D0wSKRM+EbZGSe5dbwaSr+Vay3nF3+UcQRMCnn+h1Qccsz
0fmKYwC8Pk92Z1s2T5Sz3ErGFN/PH8YSprpzKbQf2sOWzwvwttnH1fbaROw=
-----END CERTIFICATE-----