Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f70ece16-e866-4811-9545-aa96ebb6a402.roa
File:                     f70ece16-e866-4811-9545-aa96ebb6a402.roa (raw, json)
Hash identifier:          6i3/+ZlMBgs4BaGkMLhJrppF1HlCrB9X6+n47FYmojM=
Subject key identifier:   AD:59:18:F7:03:51:22:2B:F2:61:D7:A3:0B:39:52:2F:2A:BC:B8:D6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6156780B818441264D2392E5B71C9C3163C8F032
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f70ece16-e866-4811-9545-aa96ebb6a402.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:56:78:0b:81:84:41:26:4d:23:92:e5:b7:1c:9c:31:63:c8:f0:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=924363775b08366b5c2d33c968c51e3c97016b5c40e26b9280d4e249bf5f4148, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:75:c8:c0:8f:44:80:ee:ee:66:ce:a3:20:a7:
                    9a:db:b6:c3:80:a5:fd:8f:71:d8:93:b3:0b:ad:70:
                    0b:4b:5a:84:03:b4:4b:6d:13:56:91:7f:6c:54:c1:
                    de:3d:6d:a5:41:b5:19:4e:56:df:20:0a:7d:1b:ce:
                    b6:9d:58:da:95:2b:0b:1c:ce:1c:38:13:5d:65:03:
                    f0:a7:c0:a8:8b:a9:3a:ae:04:e4:c8:61:d9:d7:c1:
                    e7:b1:7b:ad:14:83:1f:96:d1:cd:f8:28:e6:ef:aa:
                    af:e8:d3:fd:69:15:89:b0:f2:2c:8b:4e:19:6a:cc:
                    f2:1a:f7:e7:7c:b3:32:f9:93:dc:aa:04:2b:a7:67:
                    d0:fe:49:a0:2e:59:54:d7:c9:c6:c6:a0:82:7e:2c:
                    d3:a8:0b:51:b9:56:4a:d3:75:37:ad:42:f2:c6:a4:
                    ff:6a:3d:7d:34:d8:c0:db:4d:f3:23:44:c9:96:d0:
                    56:42:9d:99:99:99:cb:20:36:cd:1b:62:7d:31:30:
                    20:8c:d9:b5:82:54:13:94:c2:1d:e6:7b:42:f6:f4:
                    42:79:a5:74:c5:29:40:6f:ea:5e:ec:0f:3d:63:ca:
                    a5:a0:b8:a7:25:13:92:e0:f2:8e:93:76:34:96:43:
                    f7:90:bc:dd:f8:8a:c5:c3:55:d1:a6:04:3a:55:46:
                    d8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:59:18:F7:03:51:22:2B:F2:61:D7:A3:0B:39:52:2F:2A:BC:B8:D6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f70ece16-e866-4811-9545-aa96ebb6a402.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:74:e9:af:6f:b5:65:a6:be:aa:a2:21:e4:60:f8:c9:6e:57:
         83:43:53:62:ca:40:57:b7:98:2a:af:c5:e2:cd:8e:71:00:5c:
         d6:00:06:e2:0e:b9:fd:2f:7b:a7:ce:38:32:85:d4:45:64:90:
         6f:e9:9e:96:96:12:70:21:b4:0c:cd:e7:c3:a5:a2:e6:3a:6c:
         24:e6:0f:23:96:ac:45:a3:9d:6f:73:c9:8d:e3:19:53:1d:6d:
         79:ee:2b:02:8c:e0:24:4e:92:63:ef:37:ce:9e:f2:ac:30:79:
         f1:05:fc:fd:c6:c3:f2:8b:e5:9d:6c:3e:64:72:53:d6:eb:9f:
         40:f8:17:00:81:88:46:9d:fc:3b:d6:29:7e:1d:4c:68:fa:1d:
         83:cc:7c:9d:ac:12:52:86:4c:75:c8:a4:74:fb:4a:7b:36:4e:
         ff:d4:3c:9a:ff:ba:7d:3a:e0:67:2e:fe:00:fe:1c:fa:f2:cf:
         f5:22:3a:dd:62:fb:d8:5b:9a:52:bd:66:87:68:3a:14:cc:62:
         6d:65:70:35:bf:fa:8a:5e:4b:98:93:2d:5f:bc:83:7f:d5:63:
         5d:e5:b7:8e:46:ac:16:42:af:3c:6e:41:05:51:e6:cb:65:cf:
         ed:dd:3c:d2:5c:b6:f3:27:be:09:4e:c4:63:da:7e:c0:8f:a0:
         c3:5e:a4:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYVZ4C4GEQSZNI5LltxycMWPI8DIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MjQzNjM3NzViMDgzNjZiNWMyZDMzYzk2OGM1MWUzYzk3
MDE2YjVjNDBlMjZiOTI4MGQ0ZTI0OWJmNWY0MTQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjdcjAj0SA7u5mzqMgp5rbtsOApf2PcdiTswutcAtLWoQD
tEttE1aRf2xUwd49baVBtRlOVt8gCn0bzradWNqVKwsczhw4E11lA/CnwKiLqTqu
BOTIYdnXweexe60Ugx+W0c34KObvqq/o0/1pFYmw8iyLThlqzPIa9+d8szL5k9yq
BCunZ9D+SaAuWVTXycbGoIJ+LNOoC1G5VkrTdTetQvLGpP9qPX002MDbTfMjRMmW
0FZCnZmZmcsgNs0bYn0xMCCM2bWCVBOUwh3me0L29EJ5pXTFKUBv6l7sDz1jyqWg
uKclE5Lg8o6TdjSWQ/eQvN34isXDVdGmBDpVRthjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrVkY9wNRIivyYdejCzlSLyq8uNYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y3MGVjZTE2LWU4NjYtNDgxMS05NTQ1LWFhOTZlYmI2YTQwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEJ06a9vtWWmvqqiIeRg+MluV4ND
U2LKQFe3mCqvxeLNjnEAXNYABuIOuf0ve6fOODKF1EVkkG/pnpaWEnAhtAzN58Ol
ouY6bCTmDyOWrEWjnW9zyY3jGVMdbXnuKwKM4CROkmPvN86e8qwwefEF/P3Gw/KL
5Z1sPmRyU9brn0D4FwCBiEad/DvWKX4dTGj6HYPMfJ2sElKGTHXIpHT7Sns2Tv/U
PJr/un064Gcu/gD+HPryz/UiOt1i+9hbmlK9ZodoOhTMYm1lcDW/+opeS5iTLV+8
g3/VY13lt45GrBZCrzxuQQVR5stlz+3dPNJctvMnvglOxGPafsCPoMNepGs=
-----END CERTIFICATE-----