Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3acf491a-f9ed-46c4-a90e-7d5d0b91f699.roa
File:                     3acf491a-f9ed-46c4-a90e-7d5d0b91f699.roa (raw, json)
Hash identifier:          SHK30U+IYF1tUO57eNkirYn6bknySe/Pa3WyGof5rF4=
Subject key identifier:   EE:1A:2D:93:25:F7:02:F4:79:B4:47:73:BE:8F:E1:5F:7C:D4:B1:B1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       10BAEC2AC6C55C4A1DDFE338E37543B2F145258D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3acf491a-f9ed-46c4-a90e-7d5d0b91f699.roa
Signing time:             Sat 15 Mar 2025 12:13:19 +0000
ROA not before:           Sat 15 Mar 2025 12:13:19 +0000
ROA not after:            Sat 19 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:ba:ec:2a:c6:c5:5c:4a:1d:df:e3:38:e3:75:43:b2:f1:45:25:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 15 12:13:19 2025 GMT
            Not After : Apr 19 23:59:59 2025 GMT
        Subject: serialNumber=a23613924021669b9f470bd8d97f6ca238e0dbeb102a81746357f75b994b48ad, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0f:bd:22:be:68:33:83:ea:1c:e7:02:db:76:
                    26:a2:7c:1e:68:ca:89:d4:22:19:72:36:2a:0e:a2:
                    2b:ca:20:32:0e:61:ed:31:19:16:01:ce:52:e8:95:
                    d5:ca:a3:66:2d:cd:da:55:fc:47:f1:21:06:f5:47:
                    c0:90:5f:1e:9b:bb:55:dc:b6:12:d3:5d:e1:14:ab:
                    67:84:e0:04:24:7c:a6:69:50:a7:0e:0a:90:96:be:
                    c3:1c:12:e3:e5:ab:bd:98:5e:84:c7:82:51:f4:90:
                    5e:6b:6c:f4:a8:cd:74:09:a2:03:9e:c4:4d:a9:3b:
                    fb:a6:28:e8:f7:a5:77:42:95:de:da:19:aa:dc:14:
                    47:50:58:67:24:3b:c4:76:35:62:80:eb:b9:90:ec:
                    b8:5f:87:50:0d:3d:99:6c:b8:34:81:e0:a8:2d:9d:
                    98:f7:55:9d:cd:d6:b4:88:20:41:de:b3:e3:e3:1c:
                    2c:4d:d5:da:a2:fc:af:3e:1e:6e:9b:02:02:89:8b:
                    fc:1b:2c:cc:c4:53:3f:14:09:33:a4:03:d9:3a:e9:
                    89:a2:3a:c7:84:49:68:a8:38:5a:fe:ea:47:a4:af:
                    70:08:1c:50:db:0e:b3:3a:42:dc:26:36:81:73:fc:
                    20:d0:99:d8:15:23:fb:7f:81:5c:5d:54:07:7c:2a:
                    8c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:1A:2D:93:25:F7:02:F4:79:B4:47:73:BE:8F:E1:5F:7C:D4:B1:B1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3acf491a-f9ed-46c4-a90e-7d5d0b91f699.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:ef:f8:15:ca:d5:76:4b:4c:66:9f:4c:91:52:c6:14:a6:81:
         67:66:7e:72:d9:27:fe:a8:95:0d:db:3e:f5:9e:18:4f:db:96:
         c5:a4:8b:66:46:ba:79:b6:89:02:c0:99:5e:d7:08:e4:7c:9d:
         bf:32:80:cd:f6:58:3a:9f:f9:cf:22:49:17:3d:de:e7:90:a8:
         47:3d:cf:29:e9:d6:32:f9:b0:90:ef:02:eb:07:5d:da:d1:9b:
         fa:67:20:08:66:2d:4c:6f:81:d9:4f:da:f0:54:35:84:e0:cc:
         35:c1:b1:08:c1:f8:3f:d6:2d:bf:53:9f:09:fb:e8:a0:20:72:
         7d:7d:7f:ed:71:dd:4d:9d:aa:13:e1:d7:66:fc:3e:70:8f:a7:
         4b:6e:45:63:e5:35:99:6b:97:ff:f2:76:f2:1b:f6:66:d8:40:
         30:ee:07:7c:09:59:af:19:b0:ef:22:4a:f7:9d:d6:b5:4c:4c:
         c6:a5:94:52:3e:7c:17:a8:4a:8f:8e:5e:ce:08:36:29:d1:9d:
         aa:02:3f:c1:22:9b:b2:7a:b2:b4:88:a0:2e:92:2a:2a:1e:a1:
         f1:f6:fe:2b:ec:81:42:ae:78:24:d5:57:e9:0b:13:3c:68:9a:
         84:02:c5:58:36:8c:cd:db:b8:8d:c3:af:74:24:ef:c5:f9:61:
         d5:eb:94:4c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUELrsKsbFXEod3+M443VDsvFFJY0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzE1MTIxMzE5WhcNMjUwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjM2MTM5MjQwMjE2NjliOWY0NzBiZDhkOTdmNmNhMjM4
ZTBkYmViMTAyYTgxNzQ2MzU3Zjc1Yjk5NGI0OGFkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5D70ivmgzg+oc5wLbdiaifB5oyonUIhlyNioOoivKIDIO
Ye0xGRYBzlLoldXKo2YtzdpV/EfxIQb1R8CQXx6bu1XcthLTXeEUq2eE4AQkfKZp
UKcOCpCWvsMcEuPlq72YXoTHglH0kF5rbPSozXQJogOexE2pO/umKOj3pXdCld7a
GarcFEdQWGckO8R2NWKA67mQ7Lhfh1ANPZlsuDSB4KgtnZj3VZ3N1rSIIEHes+Pj
HCxN1dqi/K8+Hm6bAgKJi/wbLMzEUz8UCTOkA9k66YmiOseESWioOFr+6kekr3AI
HFDbDrM6QtwmNoFz/CDQmdgVI/t/gVxdVAd8Koy/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7hotkyX3AvR5tEdzvo/hX3zUsbEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNhY2Y0OTFhLWY5ZWQtNDZjNC1hOTBlLTdkNWQwYjkxZjY5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI/v+BXK1XZLTGafTJFSxhSmgWdm
fnLZJ/6olQ3bPvWeGE/blsWki2ZGunm2iQLAmV7XCOR8nb8ygM32WDqf+c8iSRc9
3ueQqEc9zynp1jL5sJDvAusHXdrRm/pnIAhmLUxvgdlP2vBUNYTgzDXBsQjB+D/W
Lb9Tnwn76KAgcn19f+1x3U2dqhPh12b8PnCPp0tuRWPlNZlrl//ydvIb9mbYQDDu
B3wJWa8ZsO8iSved1rVMTMallFI+fBeoSo+OXs4INinRnaoCP8Eim7J6srSIoC6S
KioeofH2/ivsgUKueCTVV+kLEzxomoQCxVg2jM3buI3Dr3Qk78X5YdXrlEw=
-----END CERTIFICATE-----