Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/faf5b1a9-a174-4d71-90e7-31156be9b9e8.roa
File:                     faf5b1a9-a174-4d71-90e7-31156be9b9e8.roa (raw, json)
Hash identifier:          Klud3k9a6KBZxKtdODn40RnZImLfb5bXSJ/w/XBuhmM=
Subject key identifier:   8E:DD:50:EC:95:FD:F2:BD:57:4D:AA:85:4D:92:E0:8F:84:C4:27:54
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       018BAE0B5AEC62FCFCD8B7764F33592555433D8D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/faf5b1a9-a174-4d71-90e7-31156be9b9e8.roa
Signing time:             Sat 15 Feb 2025 08:18:23 +0000
ROA not before:           Sat 15 Feb 2025 08:18:23 +0000
ROA not after:            Sat 22 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ae:0b:5a:ec:62:fc:fc:d8:b7:76:4f:33:59:25:55:43:3d:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 15 08:18:23 2025 GMT
            Not After : Mar 22 23:59:59 2025 GMT
        Subject: serialNumber=4c8f57a8c7de23a948bb41e4a63ebc2db6963fb134a02246fc16b7b1147b7d40, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:18:b1:ed:da:bf:ef:05:85:f6:cb:f7:d0:8f:
                    48:24:06:83:80:03:35:52:cf:1c:77:c4:80:a8:67:
                    52:5c:8f:26:7a:7c:55:be:ac:09:74:03:66:d2:46:
                    59:6b:56:bd:5b:0c:cf:83:a9:f9:5f:2a:14:97:5a:
                    54:3b:70:67:ee:31:c2:3f:79:25:a5:d8:0c:96:67:
                    cd:3c:cb:b7:5e:71:7d:ec:6c:4b:d8:72:00:a5:f1:
                    67:79:c4:92:d9:b0:ae:86:40:44:dd:7c:5a:bc:e5:
                    60:03:cd:f8:b9:d7:61:fb:4a:07:fb:51:50:46:49:
                    6e:05:f4:53:74:01:3e:62:93:e2:e4:c7:fe:ea:8a:
                    e4:cb:ea:7e:42:6f:d0:fa:6b:7f:1f:bd:79:5a:31:
                    1c:a3:4f:34:f0:b2:5b:f7:79:f6:5f:44:bf:90:6f:
                    55:e7:e9:7e:d1:07:2a:38:28:ea:50:f7:14:d0:05:
                    fd:4d:d6:9a:3b:dc:56:f6:d2:50:53:ac:41:c4:2f:
                    9f:e9:48:b5:08:10:f5:c5:56:d1:01:96:be:65:be:
                    95:90:76:5a:e3:6a:6e:f7:99:e7:f2:db:f1:0d:3d:
                    01:98:20:8a:40:c0:a7:8d:9a:2d:c8:e8:ca:68:64:
                    01:18:c3:a2:7a:0a:a2:b1:8a:c1:b8:56:a1:2d:fb:
                    3d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:DD:50:EC:95:FD:F2:BD:57:4D:AA:85:4D:92:E0:8F:84:C4:27:54
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/faf5b1a9-a174-4d71-90e7-31156be9b9e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:85:5a:b3:48:cc:42:a0:0e:9a:53:de:ed:35:3e:17:9d:97:
         4d:44:03:6e:d0:8f:4f:fe:76:ad:60:83:93:4f:e8:2c:f5:09:
         2e:61:12:4a:c1:6b:7f:ae:47:e2:62:91:c2:6e:cd:2e:cb:da:
         49:60:44:77:c5:f4:50:5a:05:66:c7:e0:7f:f8:48:e6:35:4f:
         96:d4:ed:d7:7d:bd:8c:c6:32:e2:83:12:f2:e5:86:be:8f:fe:
         6f:26:f5:e5:c2:2f:45:6d:a9:9b:45:94:76:1d:2a:c9:d0:01:
         ec:cd:38:42:8d:bf:81:5a:d5:56:55:c7:32:95:f9:56:b7:ef:
         30:30:39:f5:8d:36:f9:ea:05:e8:ad:a9:8d:df:bf:6a:46:88:
         b3:d0:12:8b:8e:4a:18:92:06:c0:b2:72:48:41:16:8f:92:b1:
         82:c4:a5:9d:32:6f:4b:95:f3:1a:ce:84:c8:48:b0:43:66:b1:
         86:99:cb:ec:51:59:32:37:59:44:a3:4b:10:62:f8:ba:3e:9a:
         10:18:66:44:9c:52:be:9e:c1:08:be:b5:fd:8b:18:90:9b:9e:
         9a:1e:91:74:83:34:cd:fe:1c:a4:31:9f:74:15:6d:3d:2e:ea:
         27:a0:ac:f2:96:05:80:4e:ac:4b:e6:f6:7b:65:5b:43:69:b1:
         fa:b3:96:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAYuuC1rsYvz82Ld2TzNZJVVDPY0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjE1MDgxODIzWhcNMjUwMzIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YzhmNTdhOGM3ZGUyM2E5NDhiYjQxZTRhNjNlYmMyZGI2
OTYzZmIxMzRhMDIyNDZmYzE2YjdiMTE0N2I3ZDQwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMGLHt2r/vBYX2y/fQj0gkBoOAAzVSzxx3xICoZ1JcjyZ6
fFW+rAl0A2bSRllrVr1bDM+DqflfKhSXWlQ7cGfuMcI/eSWl2AyWZ808y7decX3s
bEvYcgCl8Wd5xJLZsK6GQETdfFq85WADzfi512H7Sgf7UVBGSW4F9FN0AT5ik+Lk
x/7qiuTL6n5Cb9D6a38fvXlaMRyjTzTwslv3efZfRL+Qb1Xn6X7RByo4KOpQ9xTQ
Bf1N1po73Fb20lBTrEHEL5/pSLUIEPXFVtEBlr5lvpWQdlrjam73mefy2/ENPQGY
IIpAwKeNmi3I6MpoZAEYw6J6CqKxisG4VqEt+z2RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjt1Q7JX98r1XTaqFTZLgj4TEJ1QwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZhZjViMWE5LWExNzQtNGQ3MS05MGU3LTMxMTU2YmU5YjllOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHeFWrNIzEKgDppT3u01Phedl01E
A27Qj0/+dq1gg5NP6Cz1CS5hEkrBa3+uR+JikcJuzS7L2klgRHfF9FBaBWbH4H/4
SOY1T5bU7dd9vYzGMuKDEvLlhr6P/m8m9eXCL0VtqZtFlHYdKsnQAezNOEKNv4Fa
1VZVxzKV+Va37zAwOfWNNvnqBeitqY3fv2pGiLPQEouOShiSBsCyckhBFo+SsYLE
pZ0yb0uV8xrOhMhIsENmsYaZy+xRWTI3WUSjSxBi+Lo+mhAYZkScUr6ewQi+tf2L
GJCbnpoekXSDNM3+HKQxn3QVbT0u6iegrPKWBYBOrEvm9ntlW0Npsfqzljc=
-----END CERTIFICATE-----