Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f8f84f3b-efda-4d8c-9c05-2c584491fef4.roa
File:                     f8f84f3b-efda-4d8c-9c05-2c584491fef4.roa (raw, json)
Hash identifier:          y32E1sai7NLS96wt9sxFD0FakLFvnb9MGFC69hMp/No=
Subject key identifier:   F0:C2:A4:D3:21:90:16:5B:1B:1A:53:F2:32:DB:39:96:17:C6:83:4D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7CC257A322261317F60F50AC3AD56D4C729B3795
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f8f84f3b-efda-4d8c-9c05-2c584491fef4.roa
Signing time:             Mon 03 Feb 2025 00:00:00 +0000
ROA not before:           Mon 03 Feb 2025 00:00:00 +0000
ROA not after:            Mon 10 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:c2:57:a3:22:26:13:17:f6:0f:50:ac:3a:d5:6d:4c:72:9b:37:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  3 00:00:00 2025 GMT
            Not After : Mar 10 23:59:59 2025 GMT
        Subject: serialNumber=939486bc65dc0295c43231a9df5560d9ce1cc31cc9fa84a2688a6d05542dd891, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ac:38:59:43:fb:76:b1:1c:97:e4:06:dd:c0:
                    6b:2d:82:95:19:d8:a6:d3:62:6c:a7:5b:0d:e8:5d:
                    e2:d4:44:ac:08:af:fb:81:1b:f5:94:0e:12:8a:25:
                    e8:0e:08:74:ae:4a:e4:08:02:64:30:90:f7:b8:bb:
                    b0:07:08:63:82:30:48:24:7c:4f:d3:90:98:9b:16:
                    e5:00:75:80:bb:29:cd:d8:99:e8:b4:90:15:1d:d4:
                    9b:aa:7d:e9:a1:3c:d1:5c:73:8e:89:cb:0a:b2:cf:
                    4f:8a:f4:c7:f2:72:35:a6:23:22:ac:2d:be:6c:31:
                    b5:39:80:7b:71:90:c3:4e:ff:e8:1d:2e:41:be:81:
                    c9:c9:d2:e1:c9:d8:a4:49:07:d8:53:ac:1d:8b:90:
                    53:01:53:62:aa:fb:de:e6:db:cf:f7:f8:58:99:6d:
                    a4:1c:ed:42:1a:8e:c7:b9:34:78:18:1a:42:b3:b2:
                    fe:50:72:e7:19:05:54:01:fa:40:e4:62:3a:b6:c4:
                    9e:6a:9b:19:fe:46:fc:1d:26:f2:44:ef:ee:0b:d0:
                    13:03:bc:32:95:9a:ab:63:38:40:ec:ab:b5:99:1f:
                    81:5a:d7:9e:cf:2b:68:ee:34:34:a2:f8:20:f2:bd:
                    00:bc:6f:81:3e:b4:48:a5:a7:80:83:aa:59:b0:c5:
                    a2:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:C2:A4:D3:21:90:16:5B:1B:1A:53:F2:32:DB:39:96:17:C6:83:4D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f8f84f3b-efda-4d8c-9c05-2c584491fef4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:d4:69:3b:91:d2:74:88:98:55:d9:de:7f:23:e3:3d:32:4d:
         c3:56:89:c3:f0:96:16:89:27:01:a6:fd:13:f4:50:11:50:f6:
         6d:0f:29:bc:61:7d:4f:6c:1d:09:5f:c9:14:37:51:79:74:9d:
         a4:0f:1c:58:98:90:b3:41:41:44:5d:27:d7:5d:fb:80:90:cb:
         dc:cf:f2:36:d0:dc:2d:6a:b2:78:7b:00:db:99:c4:6e:53:7c:
         58:b3:5b:aa:db:02:ac:46:47:74:a5:eb:27:ef:62:bd:7d:33:
         85:1b:9d:c1:c6:ed:d0:10:b9:a3:33:bd:9d:b0:fb:ea:e7:da:
         c0:25:f0:37:68:2b:ea:22:b9:9d:e8:69:19:b3:3d:b4:48:d0:
         bc:2b:7d:62:23:1b:ae:1f:20:22:59:59:16:6a:97:7e:9d:c3:
         c7:d0:3e:9d:71:ea:85:9f:1a:5a:ef:85:c4:26:e9:53:d8:53:
         15:32:65:46:5e:6a:6d:ba:31:b7:ed:c7:8a:a1:b2:6b:bf:b7:
         c5:97:4c:47:ac:b3:05:b5:e5:2b:54:35:89:ee:15:21:d2:4a:
         01:3d:e7:37:4c:ad:8b:19:4e:18:a4:33:15:c8:6e:a5:a0:f8:
         6a:a4:88:dd:c4:56:e6:11:2d:20:a1:79:cc:04:8c:9e:19:a3:
         b1:de:b6:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfMJXoyImExf2D1CsOtVtTHKbN5UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjAzMDAwMDAwWhcNMjUwMzEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5Mzk0ODZiYzY1ZGMwMjk1YzQzMjMxYTlkZjU1NjBkOWNl
MWNjMzFjYzlmYTg0YTI2ODhhNmQwNTU0MmRkODkxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrrDhZQ/t2sRyX5AbdwGstgpUZ2KbTYmynWw3oXeLURKwI
r/uBG/WUDhKKJegOCHSuSuQIAmQwkPe4u7AHCGOCMEgkfE/TkJibFuUAdYC7Kc3Y
mei0kBUd1JuqfemhPNFcc46Jywqyz0+K9MfycjWmIyKsLb5sMbU5gHtxkMNO/+gd
LkG+gcnJ0uHJ2KRJB9hTrB2LkFMBU2Kq+97m28/3+FiZbaQc7UIajse5NHgYGkKz
sv5QcucZBVQB+kDkYjq2xJ5qmxn+RvwdJvJE7+4L0BMDvDKVmqtjOEDsq7WZH4Fa
157PK2juNDSi+CDyvQC8b4E+tEilp4CDqlmwxaIHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8MKk0yGQFlsbGlPyMts5lhfGg00wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y4Zjg0ZjNiLWVmZGEtNGQ4Yy05YzA1LTJjNTg0NDkxZmVmNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABbUaTuR0nSImFXZ3n8j4z0yTcNW
icPwlhaJJwGm/RP0UBFQ9m0PKbxhfU9sHQlfyRQ3UXl0naQPHFiYkLNBQURdJ9dd
+4CQy9zP8jbQ3C1qsnh7ANuZxG5TfFizW6rbAqxGR3Sl6yfvYr19M4UbncHG7dAQ
uaMzvZ2w++rn2sAl8DdoK+oiuZ3oaRmzPbRI0LwrfWIjG64fICJZWRZql36dw8fQ
Pp1x6oWfGlrvhcQm6VPYUxUyZUZeam26Mbftx4qhsmu/t8WXTEesswW15StUNYnu
FSHSSgE95zdMrYsZThikMxXIbqWg+GqkiN3EVuYRLSChecwEjJ4Zo7Hetg8=
-----END CERTIFICATE-----