Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/35f08552-70bb-4a80-b4ec-56d003eb4318.roa
File:                     35f08552-70bb-4a80-b4ec-56d003eb4318.roa (raw, json)
Hash identifier:          SQmunSOWjp8uFZDyz2FbZXXruXnTOfu34T1yGxIrrY8=
Subject key identifier:   78:4D:43:FB:69:34:BF:C9:A9:C3:CF:F4:50:00:C2:5B:08:AE:00:8B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       72D091640611089592B6BC8C99C6EB85B34D5401
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/35f08552-70bb-4a80-b4ec-56d003eb4318.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:d0:91:64:06:11:08:95:92:b6:bc:8c:99:c6:eb:85:b3:4d:54:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=e340dfd1e90875092708a33d720ae73eea88a658d8fd054c372663087e861bd2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3e:ef:9e:6c:de:f6:51:52:0b:33:97:26:7f:
                    ab:2f:bc:93:82:3c:02:8a:a3:8f:2c:27:40:32:1c:
                    67:5b:43:54:29:b0:41:f6:16:61:b6:49:59:e7:52:
                    7d:1f:88:8c:ff:15:a6:81:d5:0c:b0:45:2a:b0:12:
                    f3:57:07:2e:b6:12:5b:b0:98:0c:fa:bb:a7:9a:a7:
                    b0:b4:83:b0:77:1b:52:91:f9:c7:60:77:e3:87:f4:
                    ed:0c:c1:28:7d:35:a5:97:0c:e7:66:d2:38:8a:f6:
                    45:1b:75:29:d9:a7:aa:ed:60:fb:ce:ac:d0:ff:8b:
                    8f:04:24:78:31:1b:8a:e9:ce:1f:d5:d3:f2:e4:d3:
                    4c:e9:1a:26:cc:c3:42:ab:50:d0:73:ae:13:18:09:
                    1b:8d:e9:a3:94:49:ed:c0:10:a5:71:69:a2:ae:30:
                    3a:81:61:4a:23:d9:0c:c3:89:1b:cd:35:b3:d0:70:
                    0c:6f:ea:74:6f:26:b8:18:e6:ab:83:87:46:65:9c:
                    72:f1:e2:5e:75:cb:e1:9d:36:e3:c3:0d:33:f3:cb:
                    d5:b2:12:65:65:98:3e:1d:ca:47:41:cb:e2:b6:f8:
                    4b:1c:5c:85:be:01:a9:49:61:83:d8:05:8d:e2:c2:
                    01:64:b5:c6:c5:46:19:38:2d:61:01:93:a0:e6:8e:
                    3e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:4D:43:FB:69:34:BF:C9:A9:C3:CF:F4:50:00:C2:5B:08:AE:00:8B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/35f08552-70bb-4a80-b4ec-56d003eb4318.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:76:d7:d8:a6:9b:a9:4c:14:d9:c8:17:02:3a:ae:ab:18:2d:
         c7:5b:80:d5:dd:a8:86:f6:bd:a8:e0:98:2a:79:10:77:fb:14:
         0e:9e:07:e1:90:98:92:db:d3:32:c5:d8:82:5c:9a:29:f0:dd:
         a3:dd:a6:f9:fb:4d:e3:75:cd:c9:62:46:63:5d:1c:b8:7a:ca:
         ca:ca:6f:ac:b5:37:d5:f1:98:5f:84:8e:d4:16:0a:42:65:13:
         73:02:e2:92:06:c7:d1:40:e6:46:0c:6c:d4:5f:a2:9d:9b:00:
         19:f2:fc:ed:4b:c7:3e:27:ce:e0:34:03:d2:b7:05:93:dc:68:
         b3:de:2b:2a:93:f8:45:b3:9b:be:a6:47:7d:a9:63:9d:07:5f:
         87:f6:8d:2f:5a:49:72:64:8b:d6:80:78:1e:ba:4c:47:9f:c0:
         ef:20:c1:9b:45:af:27:bf:1c:7a:e5:e2:0e:7e:8c:d0:00:b9:
         e6:5c:b2:cc:59:5d:2b:6b:b5:93:c2:14:f8:bb:2a:6c:5a:d0:
         04:2c:85:a1:68:ec:79:ce:e9:25:d9:38:be:f5:cb:e9:0b:e9:
         45:c2:74:f9:c3:a7:46:7d:61:75:cf:49:5a:e3:1e:51:10:dd:
         d8:75:e3:e5:ae:a5:19:e4:b4:ff:0a:c5:1a:d7:7f:9c:ad:e6:
         21:e6:a6:ac
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUctCRZAYRCJWStryMmcbrhbNNVAEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzQwZGZkMWU5MDg3NTA5MjcwOGEzM2Q3MjBhZTczZWVh
ODhhNjU4ZDhmZDA1NGMzNzI2NjMwODdlODYxYmQyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnPu+ebN72UVILM5cmf6svvJOCPAKKo48sJ0AyHGdbQ1Qp
sEH2FmG2SVnnUn0fiIz/FaaB1QywRSqwEvNXBy62EluwmAz6u6eap7C0g7B3G1KR
+cdgd+OH9O0MwSh9NaWXDOdm0jiK9kUbdSnZp6rtYPvOrND/i48EJHgxG4rpzh/V
0/Lk00zpGibMw0KrUNBzrhMYCRuN6aOUSe3AEKVxaaKuMDqBYUoj2QzDiRvNNbPQ
cAxv6nRvJrgY5quDh0ZlnHLx4l51y+GdNuPDDTPzy9WyEmVlmD4dykdBy+K2+Esc
XIW+AalJYYPYBY3iwgFktcbFRhk4LWEBk6Dmjj6fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeE1D+2k0v8mpw8/0UADCWwiuAIswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM1ZjA4NTUyLTcwYmItNGE4MC1iNGVjLTU2ZDAwM2ViNDMxOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIx219imm6lMFNnIFwI6rqsYLcdb
gNXdqIb2vajgmCp5EHf7FA6eB+GQmJLb0zLF2IJcminw3aPdpvn7TeN1zcliRmNd
HLh6ysrKb6y1N9XxmF+EjtQWCkJlE3MC4pIGx9FA5kYMbNRfop2bABny/O1Lxz4n
zuA0A9K3BZPcaLPeKyqT+EWzm76mR32pY50HX4f2jS9aSXJki9aAeB66TEefwO8g
wZtFrye/HHrl4g5+jNAAueZcssxZXStrtZPCFPi7Kmxa0AQshaFo7HnO6SXZOL71
y+kL6UXCdPnDp0Z9YXXPSVrjHlEQ3dh14+WupRnktP8KxRrXf5yt5iHmpqw=
-----END CERTIFICATE-----