Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5b4f7f31-d361-4255-b70b-aa948badcb3a.roa
File:                     5b4f7f31-d361-4255-b70b-aa948badcb3a.roa (raw, json)
Hash identifier:          T2DLYvypPTiQ4EwLr6vVMxQFQoFTUQ8XqcVr6C1Nu5Q=
Subject key identifier:   25:00:93:F4:D9:D4:83:F8:35:CB:0B:6A:6E:9C:D0:EA:20:7E:BE:0B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3196978C4811F5B51446E0FAA1B831E1003C73AA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5b4f7f31-d361-4255-b70b-aa948badcb3a.roa
Signing time:             Sun 05 Jan 2025 00:00:00 +0000
ROA not before:           Sun 05 Jan 2025 00:00:00 +0000
ROA not after:            Sun 09 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:96:97:8c:48:11:f5:b5:14:46:e0:fa:a1:b8:31:e1:00:3c:73:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan  5 00:00:00 2025 GMT
            Not After : Feb  9 23:59:59 2025 GMT
        Subject: serialNumber=3496ffc0573ef23bd66b45bef8e97c6eb899928e34a8d3de7d7b2bbb8db39deb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9e:37:ee:e6:54:64:44:d0:d8:d3:84:ac:0c:
                    f0:b3:48:cf:93:b0:85:be:2d:cc:ee:2d:4e:37:9b:
                    dd:e7:07:66:1d:d3:b4:90:d8:4a:34:72:51:42:05:
                    4f:03:1e:ca:4c:22:30:b8:59:24:79:db:02:9f:9f:
                    5a:a9:71:b2:e3:9a:b3:f7:6c:57:f9:3f:e5:7c:5f:
                    8d:ff:1a:45:06:80:ed:5a:a1:0a:83:55:7e:d5:dc:
                    33:15:92:cb:40:20:ac:b7:73:a7:d8:90:f0:df:53:
                    19:09:93:22:5f:d8:0b:b8:70:fd:8c:fc:94:69:6f:
                    b4:05:b5:18:df:fa:94:e9:84:47:f7:dd:64:ee:25:
                    46:1e:f3:c6:26:e1:eb:b8:a6:80:70:0d:c9:e8:0c:
                    4f:d0:53:70:21:ba:21:24:ac:70:e9:44:29:70:3e:
                    5a:13:d7:9c:5b:ee:ee:2d:4e:ff:f6:0d:d2:37:cb:
                    be:b7:e1:66:67:55:68:33:a2:10:fd:e6:55:37:fc:
                    e3:22:a8:30:01:91:25:dd:e1:fe:84:8a:6e:1e:79:
                    3c:92:3c:06:40:d9:4a:53:f0:a7:24:3e:d6:b0:f0:
                    3d:cc:8d:8c:9c:c5:bc:14:c5:c6:82:33:8a:12:c1:
                    ac:b3:53:64:cb:41:22:33:e3:94:bd:4a:8f:ee:06:
                    44:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:00:93:F4:D9:D4:83:F8:35:CB:0B:6A:6E:9C:D0:EA:20:7E:BE:0B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5b4f7f31-d361-4255-b70b-aa948badcb3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:8d:ce:98:9b:f4:2b:0d:54:56:e3:c6:4d:3e:ea:10:5d:32:
         9a:50:33:8f:ad:aa:ed:9e:c9:fc:b5:ca:7a:0f:da:fc:f1:66:
         ad:1d:02:7f:b3:e3:f0:e1:fa:4f:a9:76:e0:d4:34:48:fa:d4:
         b5:e3:7a:56:64:35:1e:52:c6:eb:8b:f1:83:a0:de:e0:78:f7:
         c1:f1:da:59:e4:42:0c:ee:7a:5b:c7:f7:96:9b:ba:e0:ae:d8:
         b6:d5:66:35:2e:74:fa:3e:d8:cb:e6:de:77:83:6c:71:ad:40:
         e7:03:96:df:f3:93:90:23:db:63:a7:0a:53:64:20:5d:fb:eb:
         13:dd:c7:95:d2:56:97:b0:36:53:54:25:26:79:73:ab:39:cd:
         9e:75:35:2e:c1:a9:40:e5:de:74:f9:0e:cf:01:12:03:6c:cd:
         35:ea:df:9d:f1:d8:27:6c:ce:36:1b:5b:6b:ec:52:02:66:65:
         87:67:fc:2a:a6:fa:74:25:e3:23:f1:9e:7f:47:82:4d:fc:2e:
         fe:64:0d:33:71:63:1e:f2:5c:c6:10:95:b3:57:b3:04:27:3c:
         f8:69:84:7a:2f:93:3c:4b:53:3c:28:26:3b:1e:c9:be:bf:aa:
         22:36:cb:7a:25:e7:0e:43:9b:70:eb:31:e4:4d:03:1a:29:f2:
         05:c1:0e:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMZaXjEgR9bUURuD6obgx4QA8c6owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTA1MDAwMDAwWhcNMjUwMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDk2ZmZjMDU3M2VmMjNiZDY2YjQ1YmVmOGU5N2M2ZWI4
OTk5MjhlMzRhOGQzZGU3ZDdiMmJiYjhkYjM5ZGViMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDnjfu5lRkRNDY04SsDPCzSM+TsIW+LczuLU43m93nB2Yd
07SQ2Eo0clFCBU8DHspMIjC4WSR52wKfn1qpcbLjmrP3bFf5P+V8X43/GkUGgO1a
oQqDVX7V3DMVkstAIKy3c6fYkPDfUxkJkyJf2Au4cP2M/JRpb7QFtRjf+pTphEf3
3WTuJUYe88Ym4eu4poBwDcnoDE/QU3AhuiEkrHDpRClwPloT15xb7u4tTv/2DdI3
y7634WZnVWgzohD95lU3/OMiqDABkSXd4f6Eim4eeTySPAZA2UpT8KckPtaw8D3M
jYycxbwUxcaCM4oSwayzU2TLQSIz45S9So/uBkTTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJQCT9NnUg/g1ywtqbpzQ6iB+vgswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzViNGY3ZjMxLWQzNjEtNDI1NS1iNzBiLWFhOTQ4YmFkY2IzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABqNzpib9CsNVFbjxk0+6hBdMppQ
M4+tqu2eyfy1ynoP2vzxZq0dAn+z4/Dh+k+pduDUNEj61LXjelZkNR5SxuuL8YOg
3uB498Hx2lnkQgzuelvH95abuuCu2LbVZjUudPo+2Mvm3neDbHGtQOcDlt/zk5Aj
22OnClNkIF376xPdx5XSVpewNlNUJSZ5c6s5zZ51NS7BqUDl3nT5Ds8BEgNszTXq
353x2CdszjYbW2vsUgJmZYdn/Cqm+nQl4yPxnn9Hgk38Lv5kDTNxYx7yXMYQlbNX
swQnPPhphHovkzxLUzwoJjseyb6/qiI2y3ol5w5Dm3DrMeRNAxop8gXBDiU=
-----END CERTIFICATE-----