Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e5e66013-24bd-4c2a-b33d-395a578ab6b3.roa
File:                     e5e66013-24bd-4c2a-b33d-395a578ab6b3.roa (raw, json)
Hash identifier:          hgzMNclGOJWCLhL6i790F+6I7tjVZbJ95geClc4X2Hc=
Subject key identifier:   11:61:F3:DF:CF:FE:D6:D7:05:80:54:B0:51:67:E2:75:64:A1:5F:98
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       033A0361C2DCACAAC79EF44FCB5CAB7CC1C67C46
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e5e66013-24bd-4c2a-b33d-395a578ab6b3.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:3a:03:61:c2:dc:ac:aa:c7:9e:f4:4f:cb:5c:ab:7c:c1:c6:7c:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: serialNumber=a38b2161fee627b346f58d88d91eaa0ee0dbc01ecacf1063de256a97ec85acd6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d6:c5:6f:55:50:92:30:f2:ee:66:bc:e8:f1:
                    7b:18:55:48:ef:18:54:b9:5f:f3:2a:c2:93:a0:fe:
                    db:fc:0b:e8:ce:b4:9d:6d:0c:c9:17:a5:d3:80:dd:
                    82:c0:dc:98:5d:97:ca:0e:21:cc:65:21:cc:9c:8b:
                    b9:fa:ea:96:b7:65:65:f1:83:a5:f8:f4:80:da:ec:
                    d0:d3:13:ed:51:3b:94:50:44:92:f3:39:4d:cd:73:
                    74:62:10:4e:4d:f2:2a:db:dc:41:23:1b:e4:2c:88:
                    67:b9:4f:ae:0f:01:29:e0:2f:f4:7c:b9:2a:fc:63:
                    93:e7:ca:c1:3d:3f:3a:77:4d:19:2a:5d:4b:f5:30:
                    e6:b6:78:3b:34:e6:61:17:4b:d3:83:f4:98:b5:0e:
                    6c:01:18:b2:78:10:2c:e5:7e:7f:f5:5f:e1:52:b6:
                    95:d0:d7:ce:64:78:4b:f6:0b:3f:fd:36:87:63:6e:
                    72:e7:5c:0d:81:92:b7:17:ef:9f:af:5d:66:98:d0:
                    17:a5:74:0a:63:c6:31:49:ac:a1:04:03:35:56:ba:
                    0b:4c:0d:b0:3a:75:3c:09:6e:e2:28:63:ed:ab:8b:
                    9c:91:d1:79:6d:a1:ba:a4:ce:8c:aa:83:56:64:c8:
                    80:c7:1c:cb:28:32:90:91:10:5d:c7:9c:e1:7f:af:
                    23:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:61:F3:DF:CF:FE:D6:D7:05:80:54:B0:51:67:E2:75:64:A1:5F:98
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e5e66013-24bd-4c2a-b33d-395a578ab6b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:17:91:bf:9d:29:d5:40:a1:40:eb:d0:d4:14:66:44:3a:ed:
         ef:77:99:98:58:ad:10:4f:63:3a:02:51:21:f2:e0:2c:aa:99:
         b1:a8:ac:4a:cf:b8:c9:64:08:06:20:db:7d:56:d7:68:2a:1c:
         bc:99:a4:b9:39:da:65:5b:02:3d:2e:87:1b:73:14:93:97:93:
         f0:33:a4:73:b2:1b:1d:59:18:ea:98:f6:a1:20:9b:31:66:16:
         62:92:aa:d6:99:97:ad:2a:36:66:47:8e:2f:20:79:ba:51:af:
         69:25:58:91:b4:0f:7c:56:05:e5:9d:02:33:6c:41:1b:7f:8f:
         10:8b:9e:b7:d2:95:50:d0:74:1c:cc:8e:48:8b:9a:39:a4:f5:
         7e:f4:4f:47:08:54:e3:3e:16:7e:58:7a:69:5d:76:41:7e:14:
         05:33:78:a7:ac:b9:c8:14:27:b3:75:8b:d9:0b:d7:9b:e1:e9:
         ff:a8:59:b7:73:c5:a8:fe:22:fa:88:85:ba:a5:82:9f:4d:df:
         15:d3:53:e1:4f:4f:56:39:9d:89:f3:d2:3c:96:75:85:89:1e:
         01:46:2c:ff:39:c3:b2:57:bb:79:5b:42:84:cb:54:fc:7b:89:
         32:cf:e2:e5:4a:7d:3e:06:1e:b1:b6:47:af:f0:c5:9d:04:d9:
         73:87:ff:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAzoDYcLcrKrHnvRPy1yrfMHGfEYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzhiMjE2MWZlZTYyN2IzNDZmNThkODhkOTFlYWEwZWUw
ZGJjMDFlY2FjZjEwNjNkZTI1NmE5N2VjODVhY2Q2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDR1sVvVVCSMPLuZrzo8XsYVUjvGFS5X/MqwpOg/tv8C+jO
tJ1tDMkXpdOA3YLA3Jhdl8oOIcxlIcyci7n66pa3ZWXxg6X49IDa7NDTE+1RO5RQ
RJLzOU3Nc3RiEE5N8irb3EEjG+QsiGe5T64PASngL/R8uSr8Y5PnysE9Pzp3TRkq
XUv1MOa2eDs05mEXS9OD9Ji1DmwBGLJ4ECzlfn/1X+FStpXQ185keEv2Cz/9Nodj
bnLnXA2BkrcX75+vXWaY0BeldApjxjFJrKEEAzVWugtMDbA6dTwJbuIoY+2ri5yR
0Xltobqkzoyqg1ZkyIDHHMsoMpCREF3HnOF/ryMlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEWHz38/+1tcFgFSwUWfidWShX5gwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U1ZTY2MDEzLTI0YmQtNGMyYS1iMzNkLTM5NWE1NzhhYjZiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKcXkb+dKdVAoUDr0NQUZkQ67e93
mZhYrRBPYzoCUSHy4CyqmbGorErPuMlkCAYg231W12gqHLyZpLk52mVbAj0uhxtz
FJOXk/AzpHOyGx1ZGOqY9qEgmzFmFmKSqtaZl60qNmZHji8gebpRr2klWJG0D3xW
BeWdAjNsQRt/jxCLnrfSlVDQdBzMjkiLmjmk9X70T0cIVOM+Fn5YemlddkF+FAUz
eKesucgUJ7N1i9kL15vh6f+oWbdzxaj+IvqIhbqlgp9N3xXTU+FPT1Y5nYnz0jyW
dYWJHgFGLP85w7JXu3lbQoTLVPx7iTLP4uVKfT4GHrG2R6/wxZ0E2XOH//M=
-----END CERTIFICATE-----