Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fce2f50b-df73-4aab-bf59-a69da82baa5c.roa
File:                     fce2f50b-df73-4aab-bf59-a69da82baa5c.roa (raw, json)
Hash identifier:          DCYQzddPNISnJ5MCWCTD5MQsVOv9dSu5zYrpC5f5SSQ=
Subject key identifier:   F3:80:B6:5B:D7:8D:6F:48:57:1A:FC:97:40:7B:C9:92:20:BE:EB:89
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5BF8E8A8B97BDCA4A5F6CF3AAA1A290042EAF4DD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fce2f50b-df73-4aab-bf59-a69da82baa5c.roa
Signing time:             Sun 23 Mar 2025 13:13:19 +0000
ROA not before:           Sun 23 Mar 2025 13:13:19 +0000
ROA not after:            Sun 27 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:f8:e8:a8:b9:7b:dc:a4:a5:f6:cf:3a:aa:1a:29:00:42:ea:f4:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 23 13:13:19 2025 GMT
            Not After : Apr 27 23:59:59 2025 GMT
        Subject: serialNumber=8eb47f77ea85e5cbe717bb84f1546836f77322a7cc31180929ddefac7a4f375e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:bd:8f:85:df:db:7a:9f:f7:c2:e9:0b:a4:f8:
                    a0:22:f1:c6:cc:0b:84:cc:fa:a7:80:43:3c:df:e0:
                    d0:55:a8:29:b0:fd:96:2d:e9:bd:95:fc:db:83:6d:
                    0e:9a:a0:2d:c9:3d:3c:ac:d2:7b:a9:9a:8e:b8:0b:
                    10:8e:96:30:26:b9:a1:39:4e:aa:1d:57:2c:f4:60:
                    3b:aa:f5:cc:0e:56:c3:5b:cd:09:b4:2c:e7:47:f0:
                    b7:fd:39:19:42:f6:df:fe:39:2d:e1:47:5d:2b:f4:
                    6a:be:d8:7f:cb:6e:c1:e3:2b:74:1f:1a:e6:f1:14:
                    8c:e9:df:b1:a8:81:bb:e3:f5:63:95:81:ab:eb:94:
                    f7:0a:4f:10:2a:a0:70:e2:ba:d0:d5:2e:0b:8e:46:
                    76:02:e9:2b:78:c3:03:ee:ac:c0:fe:dc:10:83:5c:
                    a9:ad:74:4c:3f:71:3b:3b:e6:bd:71:7a:ce:95:81:
                    28:d7:b6:09:8e:f1:ff:ad:9a:70:66:7f:e6:d0:5d:
                    2e:ec:ec:7f:08:2e:88:17:cf:51:01:bb:09:8b:dd:
                    6d:13:8c:3f:0f:fa:9e:a4:16:e4:fb:47:b8:71:39:
                    25:71:6d:2d:26:21:7f:c0:22:55:2e:64:53:a9:a3:
                    0e:47:e1:7f:7b:32:bf:e3:54:b1:c3:ad:91:a7:1a:
                    7a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:80:B6:5B:D7:8D:6F:48:57:1A:FC:97:40:7B:C9:92:20:BE:EB:89
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fce2f50b-df73-4aab-bf59-a69da82baa5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8b:b1:1b:a8:12:48:cb:19:95:3d:42:69:56:63:be:72:f5:
         9f:f6:eb:65:fa:ea:51:5a:e8:59:6f:f6:ce:33:32:0a:76:82:
         02:fd:bb:a7:69:81:71:94:0e:29:70:17:84:de:2f:da:4d:44:
         0b:5d:31:bd:c4:9a:f3:f8:63:ef:e0:e3:66:76:1f:8e:46:71:
         86:b4:7c:d6:80:33:91:0d:6f:10:7d:26:bc:0e:d3:60:ab:34:
         88:7a:60:ee:b6:4f:1a:8a:44:b8:4b:39:f3:0d:f8:a8:10:f3:
         b5:cb:28:74:27:2b:da:59:5e:3f:df:c4:32:b6:df:8f:b7:e3:
         35:c4:18:e9:d2:92:19:d1:bb:eb:1a:95:29:bf:02:b6:3b:01:
         91:e5:8d:e6:db:7f:3d:db:95:d3:ba:58:b1:9b:e3:79:c4:40:
         5a:89:67:f7:d5:34:4b:b3:8a:8e:93:a7:56:30:66:cb:7b:a1:
         5a:4d:7d:70:37:c9:d1:5e:4b:ce:06:59:57:af:75:70:6b:12:
         69:e3:2a:e3:e4:3e:7e:e5:cf:58:23:e1:e2:ec:5a:69:66:20:
         4f:46:1f:ce:34:d3:39:63:d3:78:aa:75:76:d4:84:be:20:77:
         bb:95:b5:22:0a:5d:8c:19:f6:54:10:14:43:4c:36:16:7e:22:
         7f:9f:11:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW/joqLl73KSl9s86qhopAELq9N0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzIzMTMxMzE5WhcNMjUwNDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWI0N2Y3N2VhODVlNWNiZTcxN2JiODRmMTU0NjgzNmY3
NzMyMmE3Y2MzMTE4MDkyOWRkZWZhYzdhNGYzNzVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCevY+F39t6n/fC6Quk+KAi8cbMC4TM+qeAQzzf4NBVqCmw
/ZYt6b2V/NuDbQ6aoC3JPTys0nupmo64CxCOljAmuaE5TqodVyz0YDuq9cwOVsNb
zQm0LOdH8Lf9ORlC9t/+OS3hR10r9Gq+2H/LbsHjK3QfGubxFIzp37Gogbvj9WOV
gavrlPcKTxAqoHDiutDVLguORnYC6St4wwPurMD+3BCDXKmtdEw/cTs75r1xes6V
gSjXtgmO8f+tmnBmf+bQXS7s7H8ILogXz1EBuwmL3W0TjD8P+p6kFuT7R7hxOSVx
bS0mIX/AIlUuZFOpow5H4X97Mr/jVLHDrZGnGnpdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU84C2W9eNb0hXGvyXQHvJkiC+64kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZjZTJmNTBiLWRmNzMtNGFhYi1iZjU5LWE2OWRhODJiYWE1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEGLsRuoEkjLGZU9QmlWY75y9Z/2
62X66lFa6Flv9s4zMgp2ggL9u6dpgXGUDilwF4TeL9pNRAtdMb3EmvP4Y+/g42Z2
H45GcYa0fNaAM5ENbxB9JrwO02CrNIh6YO62TxqKRLhLOfMN+KgQ87XLKHQnK9pZ
Xj/fxDK234+34zXEGOnSkhnRu+salSm/ArY7AZHljebbfz3bldO6WLGb43nEQFqJ
Z/fVNEuzio6Tp1YwZst7oVpNfXA3ydFeS84GWVevdXBrEmnjKuPkPn7lz1gj4eLs
WmlmIE9GH8400zlj03iqdXbUhL4gd7uVtSIKXYwZ9lQQFENMNhZ+In+fEX0=
-----END CERTIFICATE-----