Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/24bc9534-9d38-460d-97f7-8542f3905e56.roa
File:                     24bc9534-9d38-460d-97f7-8542f3905e56.roa (raw, json)
Hash identifier:          7MC9xXZZ8+oGFIjoS0TcKPAPdSJkdmdRm6GUkgNQsHk=
Subject key identifier:   36:66:30:63:9B:83:C6:B9:D7:92:A1:F7:E9:19:16:19:43:3B:21:96
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7AE4A2F90F2CF96C685555380B845A5981791983
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/24bc9534-9d38-460d-97f7-8542f3905e56.roa
Signing time:             Thu 13 Mar 2025 10:33:22 +0000
ROA not before:           Thu 13 Mar 2025 10:33:22 +0000
ROA not after:            Thu 17 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:e4:a2:f9:0f:2c:f9:6c:68:55:55:38:0b:84:5a:59:81:79:19:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 13 10:33:22 2025 GMT
            Not After : Apr 17 23:59:59 2025 GMT
        Subject: serialNumber=e2ae2e005cc1bceab674f1428764b265d070f3dd25c57f68a73b23db51630ccc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:95:dc:cd:06:0c:bb:32:a8:42:0e:5d:aa:52:
                    59:a5:5c:27:04:9e:59:59:46:0f:fc:0b:94:9c:ab:
                    fe:3e:17:5c:e3:c6:eb:64:e3:9a:b0:0e:40:7d:a2:
                    b7:ad:27:6b:e6:e9:42:7e:8a:a0:de:ff:c9:8c:66:
                    1c:e3:e7:f9:e3:24:3b:e7:f2:19:e9:20:b2:04:ca:
                    0f:80:54:1e:40:a8:14:1c:c0:46:c0:08:a9:de:97:
                    13:4b:11:ca:04:34:87:ad:71:71:b7:d0:c6:2f:9b:
                    20:3f:b7:48:85:7c:a3:bc:c4:bc:3e:a7:b4:77:e0:
                    9a:65:b8:3c:b4:39:7c:43:c5:cd:de:3d:87:37:cb:
                    54:77:68:dc:cf:e2:c9:0d:ab:59:d9:0e:41:b3:8b:
                    e0:c7:9c:20:3e:80:b0:99:26:48:97:56:8a:3b:15:
                    ef:c1:ec:9d:e0:7a:98:c0:47:cb:8c:01:bf:3a:2b:
                    85:79:f9:de:33:5c:32:db:fe:95:60:45:52:7c:f0:
                    d1:69:6e:d1:b9:d0:a9:ef:90:21:9c:b9:6d:e0:80:
                    3f:7c:d2:e3:3d:09:ff:8a:4c:05:9d:aa:b9:00:5a:
                    59:a6:e8:ce:85:cd:69:b3:61:b6:83:b7:15:da:c1:
                    52:80:90:7e:f8:0f:a5:21:af:c4:af:ac:93:08:7f:
                    63:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:66:30:63:9B:83:C6:B9:D7:92:A1:F7:E9:19:16:19:43:3B:21:96
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/24bc9534-9d38-460d-97f7-8542f3905e56.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:c1:87:d5:66:26:02:2e:9a:13:b8:cc:bb:02:98:d1:6e:2c:
         9d:9a:93:6c:fb:2f:3a:75:04:c1:0c:15:40:f3:69:cc:29:fe:
         fc:ec:93:80:0d:63:a4:f9:3b:81:34:61:3c:ce:52:33:75:29:
         76:40:27:ac:64:b1:14:a4:c3:06:e2:e5:df:e8:c2:ec:62:33:
         14:46:ed:9a:33:73:75:57:9e:4a:40:79:4f:e6:31:e0:92:19:
         e2:83:5b:9d:a7:75:d6:a5:fe:ff:09:b2:dd:35:a2:9d:3c:8a:
         25:3f:b1:5f:64:07:35:af:a7:a8:17:99:2c:a6:36:60:95:0d:
         df:c7:79:12:a6:26:a3:cb:84:34:5e:f0:c9:73:a9:2e:d4:3b:
         ad:e1:90:66:e8:cc:91:24:5b:09:4c:69:8e:a2:21:3d:95:8a:
         42:2e:54:d0:af:4f:f0:aa:24:67:4a:42:a6:c4:dd:6d:6e:16:
         e7:e1:7b:06:53:00:f3:85:31:70:ca:56:6a:4b:2c:52:9f:91:
         ea:30:8d:23:a9:d0:be:6b:12:79:25:a5:e5:ce:fd:99:4a:b2:
         d1:e7:b9:f3:5e:68:1f:58:ae:3e:cd:b3:c2:6b:27:b9:17:29:
         0b:40:3d:3a:e7:fd:d9:46:c1:5b:b3:7a:dc:50:b2:4e:e5:e5:
         99:62:3a:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeuSi+Q8s+WxoVVU4C4RaWYF5GYMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzEzMTAzMzIyWhcNMjUwNDE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMmFlMmUwMDVjYzFiY2VhYjY3NGYxNDI4NzY0YjI2NWQw
NzBmM2RkMjVjNTdmNjhhNzNiMjNkYjUxNjMwY2NjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGldzNBgy7MqhCDl2qUlmlXCcEnllZRg/8C5Scq/4+F1zj
xutk45qwDkB9oretJ2vm6UJ+iqDe/8mMZhzj5/njJDvn8hnpILIEyg+AVB5AqBQc
wEbACKnelxNLEcoENIetcXG30MYvmyA/t0iFfKO8xLw+p7R34JpluDy0OXxDxc3e
PYc3y1R3aNzP4skNq1nZDkGzi+DHnCA+gLCZJkiXVoo7Fe/B7J3gepjAR8uMAb86
K4V5+d4zXDLb/pVgRVJ88NFpbtG50KnvkCGcuW3ggD980uM9Cf+KTAWdqrkAWlmm
6M6FzWmzYbaDtxXawVKAkH74D6Uhr8SvrJMIf2PXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNmYwY5uDxrnXkqH36RkWGUM7IZYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI0YmM5NTM0LTlkMzgtNDYwZC05N2Y3LTg1NDJmMzkwNWU1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGLBh9VmJgIumhO4zLsCmNFuLJ2a
k2z7Lzp1BMEMFUDzacwp/vzsk4ANY6T5O4E0YTzOUjN1KXZAJ6xksRSkwwbi5d/o
wuxiMxRG7Zozc3VXnkpAeU/mMeCSGeKDW52nddal/v8Jst01op08iiU/sV9kBzWv
p6gXmSymNmCVDd/HeRKmJqPLhDRe8MlzqS7UO63hkGbozJEkWwlMaY6iIT2VikIu
VNCvT/CqJGdKQqbE3W1uFufhewZTAPOFMXDKVmpLLFKfkeowjSOp0L5rEnklpeXO
/ZlKstHnufNeaB9Yrj7Ns8JrJ7kXKQtAPTrn/dlGwVuzetxQsk7l5ZliOvM=
-----END CERTIFICATE-----