Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/07c4274d-f447-4ea5-98f7-42b61529bfb0.roa
File:                     07c4274d-f447-4ea5-98f7-42b61529bfb0.roa (raw, json)
Hash identifier:          TTMbI7NSFHKB7mlOurOITSs/kH8r7/uRy5TXlMc4/Rc=
Subject key identifier:   45:92:95:A4:F6:2A:C8:DD:F2:20:4D:8D:C3:B8:CB:C8:29:4A:C8:28
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       24EE0AE69DBBEEE344B7A2B979343A0E1AC0A3D3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/07c4274d-f447-4ea5-98f7-42b61529bfb0.roa
Signing time:             Mon 10 Mar 2025 14:58:18 +0000
ROA not before:           Mon 10 Mar 2025 14:58:18 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:ee:0a:e6:9d:bb:ee:e3:44:b7:a2:b9:79:34:3a:0e:1a:c0:a3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 10 14:58:18 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: serialNumber=fd8c9925da84b6431c11753d4ecfd849fa150928963ac4a29ef4a7b57e43dcf1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:84:1a:73:1c:55:5b:37:14:79:86:b6:44:6e:
                    2c:15:57:3f:78:64:b8:a4:97:0c:4b:62:54:1d:70:
                    87:82:84:f7:c8:e4:4f:14:5c:fd:23:53:5b:d8:cd:
                    8a:55:b5:4a:d5:58:49:18:01:ff:1b:d8:5f:19:0b:
                    93:e5:bb:ab:46:32:d1:91:ee:07:f9:12:ea:c5:dd:
                    2b:c6:5d:ab:d3:ec:fd:3f:28:05:61:7c:0c:ea:bc:
                    4f:4a:38:21:b1:96:79:30:d8:c4:dd:ce:2b:a3:6f:
                    56:47:e0:37:4e:5c:f4:bc:ec:0a:ad:f0:57:55:75:
                    dd:08:57:5d:19:c7:b5:f2:95:74:ea:bf:98:0f:ec:
                    d1:3c:06:f6:db:19:10:13:c3:1a:4b:a0:75:1a:f9:
                    da:27:8a:01:be:f1:d3:8c:02:e1:da:a9:a3:94:9a:
                    5a:23:bb:f6:4e:6e:28:1a:fd:e9:18:c5:a1:38:1f:
                    25:81:bf:f8:73:1e:0a:cc:25:d4:c9:5d:f7:16:60:
                    d5:84:34:6a:c1:d0:b2:af:0b:88:01:27:dd:05:9d:
                    aa:93:4f:db:9b:0a:35:ff:b4:83:f4:db:36:d2:60:
                    85:fd:17:92:fc:57:dd:b6:b9:7a:4e:5f:1e:4d:de:
                    ef:fb:7b:2e:d6:ec:d2:64:55:e8:36:cb:61:7e:f9:
                    7e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:92:95:A4:F6:2A:C8:DD:F2:20:4D:8D:C3:B8:CB:C8:29:4A:C8:28
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/07c4274d-f447-4ea5-98f7-42b61529bfb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:e2:50:19:0b:5e:42:e8:46:cb:5a:e0:98:77:88:e4:b4:17:
         57:b6:cb:7e:e7:67:94:f7:ad:93:ed:2c:a9:bf:77:7a:46:bc:
         04:42:7f:77:ad:c2:6e:e7:ca:f0:4d:73:58:58:5f:b3:48:40:
         ec:3b:70:6f:ed:0e:81:9f:a7:0b:03:51:3a:f2:8c:a5:17:a2:
         22:9e:9e:ad:cb:42:93:83:2f:15:0a:ba:f1:bf:f2:75:f5:27:
         11:28:91:55:17:af:19:a9:5c:90:9b:f4:e5:25:57:a0:8d:29:
         6d:ee:5b:6c:01:1d:a4:3e:61:a7:b2:c9:25:00:27:d3:97:e1:
         1d:fa:0d:98:cf:a8:c6:84:5f:f1:c3:12:50:ff:0a:b4:95:4d:
         27:aa:ee:15:49:1a:b1:d7:e9:36:60:c7:68:56:40:57:b8:f6:
         c7:02:0b:b9:2b:12:65:65:ab:3f:eb:a3:d1:78:90:82:a4:f5:
         5e:0a:3a:02:8a:5e:d5:00:30:77:3f:f9:7d:dd:ab:d6:12:f7:
         a7:ff:76:17:26:a0:b6:9e:05:3c:42:c6:a2:2e:06:c7:e8:a5:
         ac:9e:d6:43:e7:bb:bb:bf:ed:b7:22:11:6d:49:e2:ee:a1:0c:
         ce:c5:c3:99:21:f1:54:90:bd:f0:85:14:d0:df:79:f8:c9:15:
         47:8b:97:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJO4K5p277uNEt6K5eTQ6DhrAo9MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzEwMTQ1ODE4WhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDhjOTkyNWRhODRiNjQzMWMxMTc1M2Q0ZWNmZDg0OWZh
MTUwOTI4OTYzYWM0YTI5ZWY0YTdiNTdlNDNkY2YxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9hBpzHFVbNxR5hrZEbiwVVz94ZLiklwxLYlQdcIeChPfI
5E8UXP0jU1vYzYpVtUrVWEkYAf8b2F8ZC5Plu6tGMtGR7gf5EurF3SvGXavT7P0/
KAVhfAzqvE9KOCGxlnkw2MTdziujb1ZH4DdOXPS87Aqt8FdVdd0IV10Zx7XylXTq
v5gP7NE8BvbbGRATwxpLoHUa+donigG+8dOMAuHaqaOUmloju/ZObiga/ekYxaE4
HyWBv/hzHgrMJdTJXfcWYNWENGrB0LKvC4gBJ90FnaqTT9ubCjX/tIP02zbSYIX9
F5L8V922uXpOXx5N3u/7ey7W7NJkVeg2y2F++X4pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURZKVpPYqyN3yIE2Nw7jLyClKyCgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA3YzQyNzRkLWY0NDctNGVhNS05OGY3LTQyYjYxNTI5YmZiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEziUBkLXkLoRsta4Jh3iOS0F1e2
y37nZ5T3rZPtLKm/d3pGvARCf3etwm7nyvBNc1hYX7NIQOw7cG/tDoGfpwsDUTry
jKUXoiKenq3LQpODLxUKuvG/8nX1JxEokVUXrxmpXJCb9OUlV6CNKW3uW2wBHaQ+
YaeyySUAJ9OX4R36DZjPqMaEX/HDElD/CrSVTSeq7hVJGrHX6TZgx2hWQFe49scC
C7krEmVlqz/ro9F4kIKk9V4KOgKKXtUAMHc/+X3dq9YS96f/dhcmoLaeBTxCxqIu
Bsfopaye1kPnu7u/7bciEW1J4u6hDM7Fw5kh8VSQvfCFFNDfefjJFUeLl98=
-----END CERTIFICATE-----