Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f10bf01c-3be9-4c45-9581-da9d8332d096.roa
File:                     f10bf01c-3be9-4c45-9581-da9d8332d096.roa (raw, json)
Hash identifier:          tqgiLCFH4XZwZiLqVN+gvaJAinO7amnJIuQFn79nogM=
Subject key identifier:   AF:E9:9E:E7:BD:EF:45:76:15:4F:27:6E:EC:79:55:F3:7E:B4:0B:54
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       23DF5A283A0D72EDD0B39ACBC6A371FD6A04CC91
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f10bf01c-3be9-4c45-9581-da9d8332d096.roa
Signing time:             Wed 09 Apr 2025 04:13:18 +0000
ROA not before:           Wed 09 Apr 2025 04:13:18 +0000
ROA not after:            Wed 14 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:df:5a:28:3a:0d:72:ed:d0:b3:9a:cb:c6:a3:71:fd:6a:04:cc:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  9 04:13:18 2025 GMT
            Not After : May 14 23:59:59 2025 GMT
        Subject: serialNumber=2fd77c4af07c26dfda24ad8bc4bd62a6e7e86a1dbf3a2a534cab09aeb3b715e0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:11:73:4e:0a:b8:68:1d:44:2f:b5:f8:97:ea:
                    e5:34:48:cc:64:3a:74:69:28:77:70:27:46:0b:8e:
                    5a:66:6a:81:d5:cd:91:34:26:3a:5f:39:0f:cc:53:
                    72:25:0a:fc:26:cb:73:63:f4:2d:13:71:26:c5:fc:
                    6b:05:3b:b6:86:b0:9d:f1:57:07:7f:ac:a8:a0:1d:
                    56:60:a3:bc:3b:b9:0f:95:31:2b:ff:dd:1a:40:35:
                    65:8b:44:77:fb:b5:55:23:83:25:4a:b5:03:2c:91:
                    d7:c0:d2:bd:42:d3:f1:9e:7d:18:c3:bc:f5:0f:e4:
                    6e:58:d5:33:4b:5a:d3:39:dc:bb:b8:8d:3f:31:cb:
                    60:8f:b8:d4:37:9d:bd:45:7c:5e:65:d0:4d:54:ee:
                    02:3d:c6:b5:45:1d:0f:01:d3:f1:df:6f:58:c0:c1:
                    1c:01:22:97:94:14:7a:54:de:dc:09:24:cc:19:a4:
                    1f:e3:5b:07:ed:d3:8e:c8:13:e2:55:77:23:73:d1:
                    2e:5e:e2:2a:dc:43:6e:7a:ed:c7:7e:e3:eb:10:79:
                    01:0f:d1:75:01:f2:d4:2a:a2:01:9c:ad:eb:af:34:
                    f3:38:ff:b2:23:e6:43:32:fe:9f:03:27:d0:01:38:
                    68:14:ae:17:b0:09:86:3a:04:96:a0:40:73:c6:7a:
                    ad:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:E9:9E:E7:BD:EF:45:76:15:4F:27:6E:EC:79:55:F3:7E:B4:0B:54
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f10bf01c-3be9-4c45-9581-da9d8332d096.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:ab:a1:ea:2f:25:cd:09:dc:1b:e0:fa:47:b9:4b:29:75:29:
         6c:37:a3:86:bc:08:19:7c:20:ce:26:22:e2:ab:30:3f:08:87:
         e1:45:b4:77:7c:89:e1:94:cd:82:5d:3f:54:ac:2a:9a:d8:7e:
         3d:58:f2:5b:91:92:ad:96:16:4b:49:b5:1d:23:a5:78:16:39:
         15:71:d5:3d:e0:be:86:79:46:40:22:d0:db:52:90:c7:7e:e4:
         b9:26:89:6a:d6:7b:c2:f0:f0:83:24:96:ca:75:41:8d:b9:7a:
         d0:0e:9a:36:52:c0:9b:0b:38:bc:b9:8e:6a:2b:1e:13:56:ed:
         1e:db:60:b4:a8:61:62:fe:34:1c:eb:67:63:91:80:06:07:ff:
         8a:f1:64:21:03:84:8e:d5:0e:5e:c8:7c:83:94:58:bc:f5:5b:
         6d:b4:a0:af:5a:4e:e6:76:f2:cb:71:cb:97:11:d1:86:d9:e7:
         02:50:9d:f8:ad:96:24:9f:b8:68:07:45:f9:ce:d8:39:44:6f:
         95:bb:76:f0:e9:2a:69:0d:ef:f4:e0:72:52:83:cc:5e:16:c0:
         ad:40:57:39:1a:8c:99:9e:20:56:92:b3:28:d3:8b:1e:fe:79:
         84:09:37:d4:1a:b2:aa:7a:dd:60:d5:2e:2b:19:11:37:54:0a:
         9b:d8:bc:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI99aKDoNcu3Qs5rLxqNx/WoEzJEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDA5MDQxMzE4WhcNMjUwNTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZmQ3N2M0YWYwN2MyNmRmZGEyNGFkOGJjNGJkNjJhNmU3
ZTg2YTFkYmYzYTJhNTM0Y2FiMDlhZWIzYjcxNWUwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiEXNOCrhoHUQvtfiX6uU0SMxkOnRpKHdwJ0YLjlpmaoHV
zZE0JjpfOQ/MU3IlCvwmy3Nj9C0TcSbF/GsFO7aGsJ3xVwd/rKigHVZgo7w7uQ+V
MSv/3RpANWWLRHf7tVUjgyVKtQMskdfA0r1C0/GefRjDvPUP5G5Y1TNLWtM53Lu4
jT8xy2CPuNQ3nb1FfF5l0E1U7gI9xrVFHQ8B0/Hfb1jAwRwBIpeUFHpU3twJJMwZ
pB/jWwft047IE+JVdyNz0S5e4ircQ2567cd+4+sQeQEP0XUB8tQqogGcreuvNPM4
/7Ij5kMy/p8DJ9ABOGgUrhewCYY6BJagQHPGeq1TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUr+me573vRXYVTydu7HlV8360C1QwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2YxMGJmMDFjLTNiZTktNGM0NS05NTgxLWRhOWQ4MzMyZDA5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALaroeovJc0J3Bvg+ke5Syl1KWw3
o4a8CBl8IM4mIuKrMD8Ih+FFtHd8ieGUzYJdP1SsKprYfj1Y8luRkq2WFktJtR0j
pXgWORVx1T3gvoZ5RkAi0NtSkMd+5LkmiWrWe8Lw8IMklsp1QY25etAOmjZSwJsL
OLy5jmorHhNW7R7bYLSoYWL+NBzrZ2ORgAYH/4rxZCEDhI7VDl7IfIOUWLz1W220
oK9aTuZ28stxy5cR0YbZ5wJQnfitliSfuGgHRfnO2DlEb5W7dvDpKmkN7/TgclKD
zF4WwK1AVzkajJmeIFaSsyjTix7+eYQJN9Qasqp63WDVLisZETdUCpvYvNE=
-----END CERTIFICATE-----