Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/516c08a1-eca0-4db8-8070-299e1a0c6bf6.roa
File:                     516c08a1-eca0-4db8-8070-299e1a0c6bf6.roa (raw, json)
Hash identifier:          hgKrfafZCEbumfm1cPjBWyHT2DjG6RKmlel+ExqY8SM=
Subject key identifier:   D7:72:97:AF:88:46:62:BE:EA:18:01:6D:5D:0A:C7:84:FA:90:11:F9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4DAAD273A7F74ADB26CE182090FA6243AAEB0BF4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/516c08a1-eca0-4db8-8070-299e1a0c6bf6.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:aa:d2:73:a7:f7:4a:db:26:ce:18:20:90:fa:62:43:aa:eb:0b:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: serialNumber=0fcadd40eb02a4e9c9eb794e3824f2226a1285e85b95952b4167c32495c5f7c2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9a:dc:01:e1:e0:6a:48:d3:05:c7:d0:69:b3:
                    85:99:d8:d0:90:3d:bf:10:61:e8:2e:a1:aa:80:05:
                    92:2e:33:69:18:9e:27:f4:65:0c:0d:be:30:dd:19:
                    23:2f:65:3b:eb:ff:4f:ae:12:bd:50:cd:bc:d5:5b:
                    b9:fe:a4:7a:30:c2:e6:2e:79:63:81:dd:a6:1d:3c:
                    2d:6b:12:fa:e6:57:43:56:dc:60:0c:9a:24:09:27:
                    0c:5b:0b:5b:f8:73:9f:84:43:08:d4:66:67:33:f3:
                    ce:ef:2a:27:bd:96:a7:27:1b:aa:8f:45:d2:25:92:
                    21:b7:04:92:62:56:c5:f7:03:67:1c:88:2f:71:13:
                    d9:e4:b0:58:1e:55:e8:de:4f:0b:cb:90:67:71:57:
                    9a:5b:b6:b0:93:50:e0:42:96:3f:d2:34:f2:85:9b:
                    75:0d:cb:75:23:b0:23:60:ed:f8:fb:87:a1:bc:04:
                    da:b4:76:68:6f:49:38:0f:b0:bd:b1:51:45:8d:2e:
                    32:19:24:21:63:8f:d6:91:cc:bc:c7:95:77:f5:6c:
                    3f:3c:2c:60:22:84:3e:60:73:9f:ac:68:4b:5a:8f:
                    71:2d:02:34:d6:9e:34:8c:5b:8c:0a:fc:14:c2:f4:
                    0d:f5:3b:dd:1f:11:08:86:6b:1c:22:eb:e3:a8:93:
                    3f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:72:97:AF:88:46:62:BE:EA:18:01:6D:5D:0A:C7:84:FA:90:11:F9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/516c08a1-eca0-4db8-8070-299e1a0c6bf6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:55:b8:c3:a0:46:26:49:90:57:e4:20:14:b7:df:e8:4e:8b:
         20:2d:fb:3c:a5:47:90:10:9d:2c:aa:d4:be:6a:43:36:25:03:
         b3:67:5e:04:01:53:15:64:e7:e7:58:1d:24:7e:f4:f5:84:45:
         15:ca:de:de:d1:59:3e:10:8b:b0:d2:77:8d:10:5e:fb:1d:e0:
         16:15:fc:34:79:0d:48:e3:a3:be:be:da:6b:ed:71:3e:a7:4d:
         58:31:f2:51:37:d3:10:22:a1:29:ef:f0:b4:aa:e5:70:cd:22:
         f1:7b:7d:40:b0:42:7d:e0:1e:69:14:40:af:11:b7:76:56:1a:
         74:f5:87:6a:be:2e:2b:b3:3d:da:77:58:42:47:48:2f:c7:1c:
         90:f1:c8:f7:9b:34:f3:b5:ad:ad:c6:23:fe:c4:41:e4:e9:4b:
         44:83:cd:81:08:ad:64:3f:44:1e:63:d3:80:b9:c6:2a:22:44:
         c4:f7:32:ab:ba:20:4f:17:ca:fa:5d:b5:ea:26:8d:ed:a4:4b:
         99:06:7b:67:3b:39:13:66:26:23:4b:2b:68:80:1d:ab:c6:d5:
         3a:9e:69:3b:84:68:15:30:02:12:87:ea:9e:6e:83:b0:09:c8:
         03:70:36:32:71:af:5d:5f:2f:d1:95:34:6f:b4:0b:43:36:18:
         c3:39:79:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTarSc6f3StsmzhggkPpiQ6rrC/QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmNhZGQ0MGViMDJhNGU5YzllYjc5NGUzODI0ZjIyMjZh
MTI4NWU4NWI5NTk1MmI0MTY3YzMyNDk1YzVmN2MyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpmtwB4eBqSNMFx9Bps4WZ2NCQPb8QYeguoaqABZIuM2kY
nif0ZQwNvjDdGSMvZTvr/0+uEr1QzbzVW7n+pHowwuYueWOB3aYdPC1rEvrmV0NW
3GAMmiQJJwxbC1v4c5+EQwjUZmcz887vKie9lqcnG6qPRdIlkiG3BJJiVsX3A2cc
iC9xE9nksFgeVejeTwvLkGdxV5pbtrCTUOBClj/SNPKFm3UNy3UjsCNg7fj7h6G8
BNq0dmhvSTgPsL2xUUWNLjIZJCFjj9aRzLzHlXf1bD88LGAihD5gc5+saEtaj3Et
AjTWnjSMW4wK/BTC9A31O90fEQiGaxwi6+Ookz87AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU13KXr4hGYr7qGAFtXQrHhPqQEfkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUxNmMwOGExLWVjYTAtNGRiOC04MDcwLTI5OWUxYTBjNmJmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALdVuMOgRiZJkFfkIBS33+hOiyAt
+zylR5AQnSyq1L5qQzYlA7NnXgQBUxVk5+dYHSR+9PWERRXK3t7RWT4Qi7DSd40Q
Xvsd4BYV/DR5DUjjo76+2mvtcT6nTVgx8lE30xAioSnv8LSq5XDNIvF7fUCwQn3g
HmkUQK8Rt3ZWGnT1h2q+LiuzPdp3WEJHSC/HHJDxyPebNPO1ra3GI/7EQeTpS0SD
zYEIrWQ/RB5j04C5xioiRMT3Mqu6IE8Xyvpdteomje2kS5kGe2c7ORNmJiNLK2iA
HavG1TqeaTuEaBUwAhKH6p5ug7AJyANwNjJxr11fL9GVNG+0C0M2GMM5eU8=
-----END CERTIFICATE-----