Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e870267f-9c19-4575-9c0f-994f42f539f2.roa
File:                     e870267f-9c19-4575-9c0f-994f42f539f2.roa (raw, json)
Hash identifier:          80j3yWW++TfnQ/MVQuqoC9YWxpBjFVLnqsStwnVjTms=
Subject key identifier:   83:7A:DB:29:86:5A:9D:06:49:F8:B0:5F:36:05:9D:78:2B:51:50:06
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       49D29E3D625F029BA942B25941A5AA93443F52F5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e870267f-9c19-4575-9c0f-994f42f539f2.roa
Signing time:             Thu 20 Mar 2025 17:53:21 +0000
ROA not before:           Thu 20 Mar 2025 17:53:21 +0000
ROA not after:            Thu 24 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:d2:9e:3d:62:5f:02:9b:a9:42:b2:59:41:a5:aa:93:44:3f:52:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 20 17:53:21 2025 GMT
            Not After : Apr 24 23:59:59 2025 GMT
        Subject: serialNumber=f8231208e1385fa78769fe0b21c1a46338afe2255ee5fc266a3885011d3af0b0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:3d:e4:bb:07:43:9a:eb:12:a4:fb:a9:c2:5f:
                    f2:1f:1b:98:a3:e9:73:d2:b8:b8:c0:0b:b4:ef:74:
                    15:00:77:1d:ae:e0:75:5c:00:92:b8:4f:81:80:b4:
                    f1:b5:15:ac:71:b7:8f:4d:0f:69:67:bd:73:48:2b:
                    43:a2:11:c8:11:af:28:bf:66:5d:84:71:6f:11:55:
                    d9:51:90:9b:67:93:e6:ef:61:47:21:8e:39:69:d9:
                    ee:2b:39:37:11:c9:c8:87:84:60:7d:5a:89:61:f7:
                    64:ee:84:8a:db:5c:97:6a:f8:95:06:18:8c:0d:6a:
                    35:22:09:d7:76:8f:17:fa:e3:f1:81:46:0d:83:55:
                    2b:67:c9:3f:5a:5f:68:38:80:b3:32:3b:26:76:4b:
                    e6:6b:f7:13:5d:cb:36:54:82:94:67:3c:79:de:69:
                    0a:87:84:e3:f7:0b:a0:ca:f0:43:ae:b4:fb:89:ce:
                    8a:ca:5d:85:e4:61:c0:5d:fd:6b:b3:58:4e:4e:88:
                    3b:84:bc:f0:cd:c8:dd:bc:cb:e3:94:0a:81:5c:ad:
                    90:e3:f2:d0:b7:42:72:cf:ec:9b:17:7b:9f:44:05:
                    b8:06:53:ea:be:bc:2f:61:b8:d4:9a:cf:b2:40:ca:
                    4d:d0:7b:71:07:81:47:5c:58:f6:d5:a1:34:13:2c:
                    f0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:7A:DB:29:86:5A:9D:06:49:F8:B0:5F:36:05:9D:78:2B:51:50:06
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e870267f-9c19-4575-9c0f-994f42f539f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:cf:e5:94:50:c7:e5:9d:21:6d:2a:dd:d4:00:aa:2f:f1:8e:
         a9:dc:4e:49:4e:e0:45:7b:00:18:52:8a:69:e0:14:1f:4a:4f:
         84:86:b2:26:86:e9:24:34:be:b9:25:16:57:57:6a:93:68:95:
         77:50:12:6a:68:97:74:0c:2a:75:10:e8:cc:fa:da:27:5f:ff:
         7e:c7:2a:87:af:c9:27:a5:b5:34:f1:8a:fd:31:ab:42:7c:1f:
         40:80:e5:46:15:32:f4:33:48:10:cd:c0:a2:83:ea:33:7f:a2:
         67:29:87:2c:fd:cf:df:ad:78:3f:14:43:7c:e6:b5:4e:4d:6b:
         8b:99:49:79:e7:d8:fc:bc:c4:7c:60:00:41:54:5f:66:22:58:
         f8:10:11:f2:6c:4d:44:1d:83:dd:f7:61:7f:03:3e:e9:ed:02:
         4f:86:8f:44:02:b2:10:26:a9:91:c1:6f:b7:1c:f5:c6:9d:2a:
         9a:17:6b:ff:97:24:36:f4:8a:27:90:30:51:33:bf:fc:cb:28:
         50:10:c5:70:fb:07:55:69:39:3c:3c:55:54:e0:51:bc:d8:2f:
         69:7d:14:fd:1d:44:a5:1c:48:0d:34:61:55:2d:ff:8b:e8:35:
         82:e6:52:e7:ca:fe:a1:a2:54:7e:21:52:1d:96:24:d6:cc:69:
         6d:e1:c7:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSdKePWJfApupQrJZQaWqk0Q/UvUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzIwMTc1MzIxWhcNMjUwNDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmODIzMTIwOGUxMzg1ZmE3ODc2OWZlMGIyMWMxYTQ2MzM4
YWZlMjI1NWVlNWZjMjY2YTM4ODUwMTFkM2FmMGIwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgPeS7B0Oa6xKk+6nCX/IfG5ij6XPSuLjAC7TvdBUAdx2u
4HVcAJK4T4GAtPG1Faxxt49ND2lnvXNIK0OiEcgRryi/Zl2EcW8RVdlRkJtnk+bv
YUchjjlp2e4rOTcRyciHhGB9Wolh92TuhIrbXJdq+JUGGIwNajUiCdd2jxf64/GB
Rg2DVStnyT9aX2g4gLMyOyZ2S+Zr9xNdyzZUgpRnPHneaQqHhOP3C6DK8EOutPuJ
zorKXYXkYcBd/WuzWE5OiDuEvPDNyN28y+OUCoFcrZDj8tC3QnLP7JsXe59EBbgG
U+q+vC9huNSaz7JAyk3Qe3EHgUdcWPbVoTQTLPBvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUg3rbKYZanQZJ+LBfNgWdeCtRUAYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U4NzAyNjdmLTljMTktNDU3NS05YzBmLTk5NGY0MmY1MzlmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA3P5ZRQx+WdIW0q3dQAqi/xjqnc
TklO4EV7ABhSimngFB9KT4SGsiaG6SQ0vrklFldXapNolXdQEmpol3QMKnUQ6Mz6
2idf/37HKoevySeltTTxiv0xq0J8H0CA5UYVMvQzSBDNwKKD6jN/omcphyz9z9+t
eD8UQ3zmtU5Na4uZSXnn2Py8xHxgAEFUX2YiWPgQEfJsTUQdg933YX8DPuntAk+G
j0QCshAmqZHBb7cc9cadKpoXa/+XJDb0iieQMFEzv/zLKFAQxXD7B1VpOTw8VVTg
UbzYL2l9FP0dRKUcSA00YVUt/4voNYLmUufK/qGiVH4hUh2WJNbMaW3hx1o=
-----END CERTIFICATE-----