Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fa061a7a-4e11-4106-bf43-37b4b3d10b41.roa
File:                     fa061a7a-4e11-4106-bf43-37b4b3d10b41.roa (raw, json)
Hash identifier:          gaXA0PrU7H/TWvxVJHVMnT4O+R4XtvfkIVK/otS169o=
Subject key identifier:   BE:27:7A:DD:36:87:5E:23:E4:38:FE:20:36:01:09:2C:8E:0C:E3:7D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       207E7D7AE88AAD516DA6E59819AF93222EEB3EF4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fa061a7a-4e11-4106-bf43-37b4b3d10b41.roa
Signing time:             Sat 10 May 2025 22:08:17 +0000
ROA not before:           Sat 10 May 2025 22:08:17 +0000
ROA not after:            Sat 14 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:7e:7d:7a:e8:8a:ad:51:6d:a6:e5:98:19:af:93:22:2e:eb:3e:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 10 22:08:17 2025 GMT
            Not After : Jun 14 23:59:59 2025 GMT
        Subject: serialNumber=223e1b0b0c1d6953a5487f96a2e7367f562f0f6dbb8b5e040c5a890b7bdbf071, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:13:b0:1a:d0:2d:25:a5:15:53:0f:3a:47:61:
                    f0:2b:41:9c:e1:9b:31:1c:ad:ec:e1:ff:f3:35:c0:
                    fd:2d:f4:a8:1f:f4:4d:e1:0b:1a:12:9d:b6:f0:89:
                    53:e1:74:cf:8f:65:59:6d:d4:12:7f:60:f9:8c:85:
                    a1:4d:a1:8d:b6:80:48:f8:04:70:b6:58:b1:d2:aa:
                    31:09:6f:6c:8d:df:ac:81:32:49:37:f6:0b:92:20:
                    ec:25:a8:33:bc:47:fa:22:76:a6:c8:9f:fb:94:bb:
                    a3:54:46:6a:ad:ce:40:69:98:cc:66:f9:cc:74:83:
                    af:2a:14:d9:f6:17:52:93:15:3b:f6:da:81:08:cd:
                    31:a5:f2:7a:0b:b4:d6:a7:67:34:bd:38:70:3b:67:
                    0e:06:b7:9c:8f:cf:7c:b8:68:e3:d0:aa:d0:40:a1:
                    c8:ab:9c:6d:d7:41:73:9b:c4:e1:09:20:2f:de:34:
                    b6:e4:58:aa:f1:cb:b5:b2:2c:04:15:eb:9b:82:6e:
                    97:77:82:f4:75:67:14:88:12:67:81:e8:62:db:51:
                    82:ff:de:90:2f:01:0a:63:6d:95:3f:1d:e1:87:15:
                    fe:43:45:ec:01:eb:12:9f:cb:05:fa:1a:74:86:27:
                    1f:e2:0b:6b:09:b7:e5:fa:5b:2b:a9:d4:86:c3:ad:
                    a7:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:27:7A:DD:36:87:5E:23:E4:38:FE:20:36:01:09:2C:8E:0C:E3:7D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fa061a7a-4e11-4106-bf43-37b4b3d10b41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:55:65:53:39:a6:30:c0:f0:3a:b4:23:13:91:c8:da:a8:9c:
         ea:90:36:c0:59:cd:f9:cb:9b:6d:ee:78:15:b3:a5:4b:5f:b5:
         de:70:66:c5:0c:0a:da:5a:dd:22:07:ce:28:90:ad:c3:9e:fe:
         d4:4b:dc:23:1d:bc:4e:99:15:55:ea:ab:fe:80:dc:00:b8:12:
         dd:d2:77:3e:c0:98:ff:1a:43:41:d9:a6:42:91:78:65:66:ad:
         af:28:a8:f8:0f:68:eb:91:3f:b7:11:2c:3d:88:10:fb:5d:62:
         f3:7e:79:27:82:a3:58:9d:d9:f6:44:c0:eb:7a:22:32:c8:d7:
         9c:d6:9d:a5:44:fb:8b:72:24:93:96:13:69:e4:06:e2:86:9a:
         35:5f:73:45:21:15:e5:cf:cc:bd:5d:0d:7d:5b:aa:50:94:f5:
         d1:a3:2b:0a:df:61:2b:34:88:d5:ff:4d:db:9a:eb:63:e6:9b:
         57:39:df:4f:08:c8:ec:61:60:b1:8b:f3:7e:f9:3b:b4:3e:b6:
         a7:f1:fc:4a:ae:00:3b:cc:51:b0:8c:0e:92:d1:da:51:7e:bf:
         e9:97:07:d3:19:fc:be:6a:5b:ed:e9:9a:ab:d7:ee:6f:5c:ce:
         89:b8:3e:94:bf:5b:db:c6:40:28:e7:7c:15:68:32:04:40:bc:
         e7:21:83:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIH59euiKrVFtpuWYGa+TIi7rPvQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTEwMjIwODE3WhcNMjUwNjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMjNlMWIwYjBjMWQ2OTUzYTU0ODdmOTZhMmU3MzY3ZjU2
MmYwZjZkYmI4YjVlMDQwYzVhODkwYjdiZGJmMDcxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmE7Aa0C0lpRVTDzpHYfArQZzhmzEcrezh//M1wP0t9Kgf
9E3hCxoSnbbwiVPhdM+PZVlt1BJ/YPmMhaFNoY22gEj4BHC2WLHSqjEJb2yN36yB
Mkk39guSIOwlqDO8R/oidqbIn/uUu6NURmqtzkBpmMxm+cx0g68qFNn2F1KTFTv2
2oEIzTGl8noLtNanZzS9OHA7Zw4Gt5yPz3y4aOPQqtBAocirnG3XQXObxOEJIC/e
NLbkWKrxy7WyLAQV65uCbpd3gvR1ZxSIEmeB6GLbUYL/3pAvAQpjbZU/HeGHFf5D
RewB6xKfywX6GnSGJx/iC2sJt+X6Wyup1IbDracHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvid63TaHXiPkOP4gNgEJLI4M430wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZhMDYxYTdhLTRlMTEtNDEwNi1iZjQzLTM3YjRiM2QxMGI0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAARVZVM5pjDA8Dq0IxORyNqonOqQ
NsBZzfnLm23ueBWzpUtftd5wZsUMCtpa3SIHziiQrcOe/tRL3CMdvE6ZFVXqq/6A
3AC4Et3Sdz7AmP8aQ0HZpkKReGVmra8oqPgPaOuRP7cRLD2IEPtdYvN+eSeCo1id
2fZEwOt6IjLI15zWnaVE+4tyJJOWE2nkBuKGmjVfc0UhFeXPzL1dDX1bqlCU9dGj
KwrfYSs0iNX/Tdua62Pmm1c5308IyOxhYLGL8375O7Q+tqfx/EquADvMUbCMDpLR
2lF+v+mXB9MZ/L5qW+3pmqvX7m9czom4PpS/W9vGQCjnfBVoMgRAvOchg0U=
-----END CERTIFICATE-----