Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f12e566a-78b6-49b9-ab94-9345611ce190.roa
File:                     f12e566a-78b6-49b9-ab94-9345611ce190.roa (raw, json)
Hash identifier:          zICutcWqnafoeG3jatgNUZz0TsxbPASaPxv+LFyI0pA=
Subject key identifier:   38:64:DD:5B:80:FA:14:70:39:2A:5E:83:50:34:95:35:F8:18:CE:F2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1FC6D091B56FCE60DDA623A6791D3DCD0DE01AC7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f12e566a-78b6-49b9-ab94-9345611ce190.roa
Signing time:             Sat 08 Mar 2025 11:48:20 +0000
ROA not before:           Sat 08 Mar 2025 11:48:20 +0000
ROA not after:            Sat 12 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:c6:d0:91:b5:6f:ce:60:dd:a6:23:a6:79:1d:3d:cd:0d:e0:1a:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  8 11:48:20 2025 GMT
            Not After : Apr 12 23:59:59 2025 GMT
        Subject: serialNumber=38c30fb4851286b81e6c9500ee56f7f2d46011a1ae32e56424ad8dcc58bf4175, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:89:4b:db:fe:fb:e8:04:75:e4:10:ad:35:7c:
                    c2:d0:52:96:8e:09:95:3d:45:1b:f1:d1:af:e3:e4:
                    40:4d:43:e6:ef:5a:8b:df:bc:43:19:e4:37:2d:f0:
                    e9:15:36:69:b7:62:79:16:d8:e6:e0:f7:6f:a8:9a:
                    19:25:5b:6c:19:60:41:26:6c:f4:10:6b:65:08:33:
                    99:10:91:65:89:cd:58:e3:4c:13:63:a5:15:b9:b4:
                    14:a6:a5:b1:03:47:e2:78:8b:ff:ff:37:d5:40:40:
                    a5:fa:69:15:54:f7:6d:45:c4:b6:38:b8:eb:ad:af:
                    37:8e:41:38:ff:35:07:ef:2a:5a:bc:3c:13:11:b6:
                    6a:80:d3:8e:23:8a:36:59:de:64:6c:68:30:0a:8c:
                    50:2a:57:bf:57:3e:ba:07:45:5a:5a:40:40:1f:19:
                    8e:ac:59:f2:0f:e1:af:a3:0f:d8:91:65:f0:c1:8a:
                    6d:b3:6a:24:df:21:b9:72:11:05:65:93:ee:ee:3f:
                    de:5b:74:4c:23:e4:e4:1b:06:a2:35:47:56:db:c4:
                    34:f2:68:e2:37:a0:b4:29:e7:c9:93:e4:d4:80:86:
                    86:e2:b3:9a:3a:dd:ff:aa:c8:7b:0f:ea:5e:53:03:
                    c4:08:b4:ec:22:50:44:b0:3d:3d:1f:19:23:7f:e0:
                    f6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:64:DD:5B:80:FA:14:70:39:2A:5E:83:50:34:95:35:F8:18:CE:F2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f12e566a-78b6-49b9-ab94-9345611ce190.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:33:a6:6b:4d:17:43:4b:35:25:b4:63:2a:a8:e5:b5:24:2a:
         8c:ef:dc:d1:60:ae:e5:0e:cd:c5:77:8e:10:36:1e:a4:25:ce:
         ef:fd:96:4b:ed:a2:34:e3:f2:36:25:2a:c6:23:5e:ab:cf:91:
         95:58:5a:b9:20:97:d2:68:3d:e7:1c:ec:a2:1f:ce:72:54:5e:
         2e:0e:8d:2a:99:ec:67:00:4d:0f:8b:15:ea:47:90:c1:cd:87:
         bc:e4:29:b1:4e:34:a7:aa:54:05:2a:50:fc:ba:25:95:8c:89:
         d0:9d:d3:d6:16:62:80:30:d6:5e:bd:5f:6c:28:99:8a:89:58:
         2e:ae:2a:ca:7d:9b:1d:64:eb:19:75:08:fd:45:e7:1f:24:fe:
         e8:02:51:2d:da:2a:5f:2d:2b:a8:5c:0c:fb:01:ba:07:55:bb:
         08:21:41:60:11:03:aa:e4:6f:13:4f:93:f7:f8:0c:99:ef:84:
         30:5f:dc:91:a2:15:06:64:e0:d4:41:91:a5:3c:e5:87:47:6e:
         1f:b0:55:d7:b8:59:a9:01:a9:52:47:19:f4:ff:b2:60:1d:8c:
         f5:0f:d0:3a:28:8d:a2:b3:71:4b:ae:d3:f8:bd:20:c1:e1:c0:
         7d:f9:29:8e:8a:37:0d:28:79:e9:15:ba:17:44:54:12:50:75:
         fc:17:05:05
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH8bQkbVvzmDdpiOmeR09zQ3gGscwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA4MTE0ODIwWhcNMjUwNDEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOGMzMGZiNDg1MTI4NmI4MWU2Yzk1MDBlZTU2ZjdmMmQ0
NjAxMWExYWUzMmU1NjQyNGFkOGRjYzU4YmY0MTc1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOiUvb/vvoBHXkEK01fMLQUpaOCZU9RRvx0a/j5EBNQ+bv
WovfvEMZ5Dct8OkVNmm3YnkW2Obg92+omhklW2wZYEEmbPQQa2UIM5kQkWWJzVjj
TBNjpRW5tBSmpbEDR+J4i///N9VAQKX6aRVU921FxLY4uOutrzeOQTj/NQfvKlq8
PBMRtmqA044jijZZ3mRsaDAKjFAqV79XProHRVpaQEAfGY6sWfIP4a+jD9iRZfDB
im2zaiTfIblyEQVlk+7uP95bdEwj5OQbBqI1R1bbxDTyaOI3oLQp58mT5NSAhobi
s5o63f+qyHsP6l5TA8QItOwiUESwPT0fGSN/4PZ3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOGTdW4D6FHA5Kl6DUDSVNfgYzvIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2YxMmU1NjZhLTc4YjYtNDliOS1hYjk0LTkzNDU2MTFjZTE5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJYzpmtNF0NLNSW0Yyqo5bUkKozv
3NFgruUOzcV3jhA2HqQlzu/9lkvtojTj8jYlKsYjXqvPkZVYWrkgl9JoPecc7KIf
znJUXi4OjSqZ7GcATQ+LFepHkMHNh7zkKbFONKeqVAUqUPy6JZWMidCd09YWYoAw
1l69X2womYqJWC6uKsp9mx1k6xl1CP1F5x8k/ugCUS3aKl8tK6hcDPsBugdVuwgh
QWARA6rkbxNPk/f4DJnvhDBf3JGiFQZk4NRBkaU85YdHbh+wVde4WakBqVJHGfT/
smAdjPUP0DoojaKzcUuu0/i9IMHhwH35KY6KNw0oeekVuhdEVBJQdfwXBQU=
-----END CERTIFICATE-----