Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff84c256-bd0a-4970-8dd1-8571bbc4a878.roa
File:                     ff84c256-bd0a-4970-8dd1-8571bbc4a878.roa (raw, json)
Hash identifier:          krE2zi0GWP5VrjKehAW5NlOZfO6QSjNdDeSINn5pY8M=
Subject key identifier:   BF:3B:3D:FC:50:38:96:BA:4D:D1:89:2C:3C:2C:31:F4:1B:AF:F2:62
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3407192D437CD81B1940859B7E6B1A34C371A97A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff84c256-bd0a-4970-8dd1-8571bbc4a878.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:07:19:2d:43:7c:d8:1b:19:40:85:9b:7e:6b:1a:34:c3:71:a9:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: serialNumber=a4142e7db36afdd6821e67a1c660b2e0c3b026e3f4352e9f53766bd7a8f6abbc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:22:81:ac:cc:80:a5:45:79:8e:45:77:cb:42:
                    30:e1:ee:dc:1c:bc:56:ce:86:ff:4c:96:b5:40:37:
                    16:33:7b:c9:a0:b2:28:80:81:dd:52:13:de:ee:6b:
                    da:13:5c:80:c4:f3:e2:ae:47:f6:73:93:f4:60:d6:
                    29:5b:88:06:cf:a3:4b:75:8a:ac:1a:85:7a:16:d2:
                    3e:b6:d6:39:6e:aa:db:a4:01:c5:c9:81:b6:aa:8b:
                    ed:e5:2a:35:64:5f:86:3b:13:dc:ef:03:37:ab:0f:
                    a0:0a:ba:e0:1f:0b:84:b9:30:fd:24:39:a5:4f:d0:
                    35:1d:90:1e:c0:f5:5a:98:cd:dd:fe:b7:9b:39:37:
                    01:4c:89:76:3c:e8:8f:78:66:77:da:2e:a6:7a:9a:
                    63:66:17:a6:28:06:db:9f:c3:a7:fc:8f:0b:64:75:
                    24:c4:1e:f1:1d:19:e0:8c:b2:00:9c:4f:6d:24:0c:
                    34:ef:c6:e4:95:ab:20:15:a1:02:ee:75:da:a7:f3:
                    26:f0:19:2a:94:09:e7:52:9c:13:83:28:b5:0a:23:
                    a4:db:dc:65:ea:50:7e:95:28:95:d7:dc:d5:3a:0e:
                    0f:c6:93:93:c1:d5:e3:56:dd:0d:ac:ec:5d:33:4c:
                    b0:a7:71:e1:2f:6e:2d:c6:a8:4e:16:96:0d:d5:92:
                    e3:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:3B:3D:FC:50:38:96:BA:4D:D1:89:2C:3C:2C:31:F4:1B:AF:F2:62
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff84c256-bd0a-4970-8dd1-8571bbc4a878.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:55:5c:00:a5:f1:41:d5:93:8a:93:09:d9:ed:69:5a:47:78:
         6d:38:f1:c1:01:cc:76:08:87:81:29:e6:9f:13:96:99:cb:01:
         da:fb:a9:2e:cd:8e:7d:e8:93:04:6d:7b:f2:a6:86:7c:bd:d6:
         dc:ae:09:3e:5e:23:b3:a9:db:30:3a:01:24:60:ad:33:a0:88:
         da:9d:ec:5a:76:d6:38:89:9b:1e:93:c7:6e:37:de:5a:6e:43:
         0f:5d:ef:61:60:c1:e5:9c:0a:bc:ca:7b:81:4b:1e:30:2c:60:
         cb:48:57:03:50:5d:1f:23:12:14:bd:b0:cb:84:b9:5c:20:69:
         e1:c9:60:43:1f:ec:0f:6b:69:99:0e:fa:a4:ea:cc:bd:6d:af:
         93:ac:e9:07:a3:86:51:72:a8:97:54:23:9e:83:39:ce:b3:24:
         c2:2b:d7:83:6e:df:a3:98:6f:4e:37:08:1b:a1:5c:65:04:4f:
         e5:c6:56:35:9f:b1:08:54:70:b3:23:a1:6c:5a:e7:f0:e3:f4:
         83:94:f3:5c:a8:6e:9c:fe:bf:13:7a:63:d6:98:76:44:81:5c:
         91:5a:b3:90:2a:09:3f:bc:ba:84:9f:80:b8:19:10:9c:59:ba:
         af:49:82:d2:6d:3b:65:0a:07:ca:55:f4:b2:d1:ab:22:9d:51:
         d5:1a:19:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNAcZLUN82BsZQIWbfmsaNMNxqXowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNDE0MmU3ZGIzNmFmZGQ2ODIxZTY3YTFjNjYwYjJlMGMz
YjAyNmUzZjQzNTJlOWY1Mzc2NmJkN2E4ZjZhYmJjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/IoGszIClRXmORXfLQjDh7twcvFbOhv9MlrVANxYze8mg
siiAgd1SE97ua9oTXIDE8+KuR/Zzk/Rg1ilbiAbPo0t1iqwahXoW0j621jluqtuk
AcXJgbaqi+3lKjVkX4Y7E9zvAzerD6AKuuAfC4S5MP0kOaVP0DUdkB7A9VqYzd3+
t5s5NwFMiXY86I94ZnfaLqZ6mmNmF6YoBtufw6f8jwtkdSTEHvEdGeCMsgCcT20k
DDTvxuSVqyAVoQLuddqn8ybwGSqUCedSnBODKLUKI6Tb3GXqUH6VKJXX3NU6Dg/G
k5PB1eNW3Q2s7F0zTLCnceEvbi3GqE4Wlg3VkuPLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvzs9/FA4lrpN0YksPCwx9Buv8mIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZmODRjMjU2LWJkMGEtNDk3MC04ZGQxLTg1NzFiYmM0YTg3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI9VXACl8UHVk4qTCdntaVpHeG04
8cEBzHYIh4Ep5p8TlpnLAdr7qS7Njn3okwRte/Kmhny91tyuCT5eI7Op2zA6ASRg
rTOgiNqd7Fp21jiJmx6Tx2433lpuQw9d72FgweWcCrzKe4FLHjAsYMtIVwNQXR8j
EhS9sMuEuVwgaeHJYEMf7A9raZkO+qTqzL1tr5Os6QejhlFyqJdUI56DOc6zJMIr
14Nu36OYb043CBuhXGUET+XGVjWfsQhUcLMjoWxa5/Dj9IOU81yobpz+vxN6Y9aY
dkSBXJFas5AqCT+8uoSfgLgZEJxZuq9JgtJtO2UKB8pV9LLRqyKdUdUaGdM=
-----END CERTIFICATE-----