Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e67adf08-7f36-4b4e-a711-2571bc4a4cfe.roa
File:                     e67adf08-7f36-4b4e-a711-2571bc4a4cfe.roa (raw, json)
Hash identifier:          3eIg7B0d1LdFoapKdifdDBaeZ19PA9OU0mHC+/KbCUE=
Subject key identifier:   99:8C:AB:67:8C:DA:72:7E:4C:AD:14:D6:DE:92:22:21:5C:0D:6C:D8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3DC3036D99AADF17AD6833EC1A70BD15EE2F2F44
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e67adf08-7f36-4b4e-a711-2571bc4a4cfe.roa
Signing time:             Sun 27 Apr 2025 15:53:17 +0000
ROA not before:           Sun 27 Apr 2025 15:53:17 +0000
ROA not after:            Sun 01 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:c3:03:6d:99:aa:df:17:ad:68:33:ec:1a:70:bd:15:ee:2f:2f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 27 15:53:17 2025 GMT
            Not After : Jun  1 23:59:59 2025 GMT
        Subject: serialNumber=97d379cc66904db04e013984afd1b810b0b21463dc10c2fc4ce25a5065fd9c00, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f0:46:76:b4:8c:57:ec:5a:92:87:51:fc:a6:
                    0f:b5:fa:a5:d7:e9:1b:64:df:cf:d7:64:b1:95:24:
                    74:ec:14:a8:4f:a3:fb:07:40:20:06:42:f9:57:c1:
                    fa:d9:f8:a8:79:f3:b4:77:9e:02:05:b2:f7:1c:c2:
                    8c:85:d4:ff:87:67:05:8e:46:39:00:6e:a3:e9:8d:
                    82:5f:e3:3a:ba:26:4e:42:a3:19:80:b3:63:2d:b7:
                    4d:b8:03:06:00:15:9b:a8:6b:09:d7:d8:43:83:06:
                    bc:ac:83:b5:ed:b9:0c:59:47:3a:07:21:19:e6:e1:
                    80:68:54:e1:dc:26:a1:fa:4f:be:70:45:55:1f:30:
                    41:ca:5a:79:ee:4f:48:33:ca:94:2b:dc:26:ce:95:
                    f4:4f:55:3f:81:11:8a:9a:52:6d:1a:b0:9b:df:ac:
                    57:c9:fe:df:3d:b3:2f:54:ef:8e:7c:7b:aa:8d:44:
                    e5:dc:b5:23:41:1e:03:96:ab:ec:16:b7:f3:ef:df:
                    6e:75:2e:bc:f8:78:d0:f5:e3:04:6d:04:12:4c:5e:
                    33:fa:4d:93:6c:f0:5d:58:67:a2:b5:81:13:38:fb:
                    52:bf:ae:7f:fa:08:4e:99:52:80:9d:76:16:3d:22:
                    b6:ba:53:32:95:31:f3:21:a5:10:8f:b5:11:a6:9d:
                    51:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:8C:AB:67:8C:DA:72:7E:4C:AD:14:D6:DE:92:22:21:5C:0D:6C:D8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e67adf08-7f36-4b4e-a711-2571bc4a4cfe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:14:a0:b4:0f:2b:3f:d2:b0:3d:70:56:b0:94:fc:ab:ef:d7:
         a4:d1:5d:ad:6e:2b:8c:b1:b7:36:38:9c:22:ab:14:f0:19:1f:
         28:26:46:08:dc:f9:5b:22:a8:10:ee:b9:24:7a:38:d4:30:c1:
         9a:12:4e:61:04:62:22:97:a2:29:19:a7:64:e5:54:74:20:20:
         42:53:3d:32:41:df:78:eb:cf:77:cd:b7:af:8f:6c:2a:e1:35:
         80:f1:f2:ad:d1:be:dd:be:73:1b:93:5a:48:7c:b9:94:62:c7:
         61:99:b8:dd:da:c1:7f:1b:fc:7e:f4:15:8c:e4:a7:72:49:dd:
         62:34:03:e7:cf:b8:3b:d8:b7:14:f4:69:59:c4:b9:94:85:43:
         e5:a2:9b:e1:45:71:5c:ce:3a:a8:7c:c5:6a:84:d4:b3:19:13:
         de:be:54:a9:ab:54:43:10:1e:ac:ad:fe:0c:c8:9e:18:17:6b:
         e5:72:6b:4a:44:76:5b:bb:ae:6d:f8:fa:65:cc:cd:eb:19:bd:
         e7:40:dc:34:ae:83:d4:b1:ce:dd:7c:85:7f:b8:0c:f7:f4:20:
         f2:44:32:e8:8e:c4:d9:96:5f:69:a4:67:c1:5a:b6:d9:e7:08:
         a9:05:12:5f:ed:68:3d:8e:67:d4:fd:7d:e7:a6:44:26:7e:1d:
         8d:00:ee:9c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPcMDbZmq3xetaDPsGnC9Fe4vL0QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDI3MTU1MzE3WhcNMjUwNjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5N2QzNzljYzY2OTA0ZGIwNGUwMTM5ODRhZmQxYjgxMGIw
YjIxNDYzZGMxMGMyZmM0Y2UyNWE1MDY1ZmQ5YzAwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCn8EZ2tIxX7FqSh1H8pg+1+qXX6Rtk38/XZLGVJHTsFKhP
o/sHQCAGQvlXwfrZ+Kh587R3ngIFsvccwoyF1P+HZwWORjkAbqPpjYJf4zq6Jk5C
oxmAs2Mtt024AwYAFZuoawnX2EODBrysg7XtuQxZRzoHIRnm4YBoVOHcJqH6T75w
RVUfMEHKWnnuT0gzypQr3CbOlfRPVT+BEYqaUm0asJvfrFfJ/t89sy9U7458e6qN
ROXctSNBHgOWq+wWt/Pv3251Lrz4eND14wRtBBJMXjP6TZNs8F1YZ6K1gRM4+1K/
rn/6CE6ZUoCddhY9Ira6UzKVMfMhpRCPtRGmnVHjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmYyrZ4zacn5MrRTW3pIiIVwNbNgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U2N2FkZjA4LTdmMzYtNGI0ZS1hNzExLTI1NzFiYzRhNGNmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF8UoLQPKz/SsD1wVrCU/Kvv16TR
Xa1uK4yxtzY4nCKrFPAZHygmRgjc+VsiqBDuuSR6ONQwwZoSTmEEYiKXoikZp2Tl
VHQgIEJTPTJB33jrz3fNt6+PbCrhNYDx8q3Rvt2+cxuTWkh8uZRix2GZuN3awX8b
/H70FYzkp3JJ3WI0A+fPuDvYtxT0aVnEuZSFQ+Wim+FFcVzOOqh8xWqE1LMZE96+
VKmrVEMQHqyt/gzInhgXa+Vya0pEdlu7rm34+mXMzesZvedA3DSug9Sxzt18hX+4
DPf0IPJEMuiOxNmWX2mkZ8FattnnCKkFEl/taD2OZ9T9feemRCZ+HY0A7pw=
-----END CERTIFICATE-----