Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6e213bd0-054d-4712-b4d3-a2e873a869c5.roa
File:                     6e213bd0-054d-4712-b4d3-a2e873a869c5.roa (raw, json)
Hash identifier:          gY87CoRnNVkP/ZSQ1gUZznUmipVPzBBcsHsDpZOiDRk=
Subject key identifier:   55:20:B0:42:AB:70:8B:94:8F:3C:E3:ED:55:94:ED:74:2F:E8:16:B5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       535B5894043747C33C4954DF21A26E5CEA589C6E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6e213bd0-054d-4712-b4d3-a2e873a869c5.roa
Signing time:             Tue 18 Feb 2025 16:13:19 +0000
ROA not before:           Tue 18 Feb 2025 16:13:19 +0000
ROA not after:            Tue 25 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:5b:58:94:04:37:47:c3:3c:49:54:df:21:a2:6e:5c:ea:58:9c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 18 16:13:19 2025 GMT
            Not After : Mar 25 23:59:59 2025 GMT
        Subject: serialNumber=b12b3822a64860ff24bcd8eedf66368f5e28d0cfab84e2d98afedb047ad17945, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:67:c8:21:e1:55:88:77:e6:31:db:fe:e3:28:
                    c4:fd:b5:0b:09:4e:35:81:58:f1:28:29:b1:3e:54:
                    05:9e:3c:ba:38:39:0a:f0:cf:f3:3d:60:84:62:e0:
                    62:0a:2a:9c:30:c8:04:ec:0b:f0:e1:69:70:9f:67:
                    65:dc:e3:aa:ea:1f:31:72:e6:5a:89:6b:e6:e6:83:
                    96:38:2b:87:02:76:07:50:46:e5:92:b4:13:cf:b4:
                    db:df:e5:fb:7f:29:d6:b5:c6:09:d2:8b:6f:f6:56:
                    f9:98:a7:b2:a4:fe:75:e9:d7:4a:6e:a5:f8:6d:d1:
                    ab:23:dc:c2:f6:41:e2:61:6e:7d:0a:5e:ef:7e:eb:
                    8d:bb:55:e7:b1:da:d9:ee:51:9d:87:8c:64:7d:d3:
                    c2:09:f0:41:49:3b:9c:08:cd:30:0e:70:42:aa:25:
                    a4:fa:8c:68:e5:37:ec:bc:b3:f4:53:54:a7:4a:c7:
                    24:53:66:44:a0:a5:5d:22:f5:ec:9c:05:cd:97:0d:
                    3b:47:71:a9:04:ef:b3:a0:75:df:58:4d:74:a1:7c:
                    03:58:da:8e:38:22:2c:90:f5:e7:e8:ee:3c:61:37:
                    f5:c7:0a:7c:dd:3f:7f:68:72:88:29:85:3f:8b:05:
                    a0:db:88:ea:5f:4c:aa:ad:91:0d:05:04:b8:38:ed:
                    2c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:20:B0:42:AB:70:8B:94:8F:3C:E3:ED:55:94:ED:74:2F:E8:16:B5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6e213bd0-054d-4712-b4d3-a2e873a869c5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ae:ae:f8:b6:21:66:ce:ce:8d:cb:6d:54:05:bd:a9:80:7f:
         85:74:e3:92:d7:3b:f5:06:e1:ff:5f:fb:b0:d4:f3:89:4c:16:
         73:79:f7:a3:75:6f:59:60:86:d1:fb:c0:fe:53:c3:61:22:fe:
         95:55:6a:41:87:7c:9e:56:01:4c:97:9a:1c:e0:cc:03:55:81:
         67:13:2a:b8:e4:d6:12:43:45:93:23:05:f9:64:a9:b6:09:ec:
         ed:22:0d:d3:1f:1a:0a:e5:8a:f0:51:b5:62:d9:f1:0d:17:76:
         55:e1:05:1b:a7:c0:27:ff:9e:ca:88:28:4d:82:a0:b8:30:71:
         cd:68:90:1f:6d:c6:e5:43:ed:6e:3a:b1:ab:b4:b9:38:39:b8:
         70:20:78:1e:b6:39:f5:9c:bf:38:46:0f:d8:41:93:52:80:46:
         f5:50:e5:31:7d:4b:74:44:3d:37:19:74:fa:20:d6:4e:51:9a:
         cc:fd:16:96:ba:fe:04:42:03:5c:b6:bb:0a:32:77:37:34:e2:
         ab:fb:41:ea:e5:3a:1e:83:e1:8b:10:58:7e:24:64:04:20:ee:
         3d:6a:b5:2a:35:51:51:22:3f:1d:3b:04:b2:92:1a:c3:07:66:
         66:ef:a9:63:ad:1e:a7:bd:68:5c:a9:3c:59:e2:e4:42:dc:e8:
         cf:8a:47:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU1tYlAQ3R8M8SVTfIaJuXOpYnG4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjE4MTYxMzE5WhcNMjUwMzI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTJiMzgyMmE2NDg2MGZmMjRiY2Q4ZWVkZjY2MzY4ZjVl
MjhkMGNmYWI4NGUyZDk4YWZlZGIwNDdhZDE3OTQ1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgZ8gh4VWId+Yx2/7jKMT9tQsJTjWBWPEoKbE+VAWePLo4
OQrwz/M9YIRi4GIKKpwwyATsC/DhaXCfZ2Xc46rqHzFy5lqJa+bmg5Y4K4cCdgdQ
RuWStBPPtNvf5ft/Kda1xgnSi2/2VvmYp7Kk/nXp10pupfht0asj3ML2QeJhbn0K
Xu9+6427Veex2tnuUZ2HjGR908IJ8EFJO5wIzTAOcEKqJaT6jGjlN+y8s/RTVKdK
xyRTZkSgpV0i9eycBc2XDTtHcakE77Ogdd9YTXShfANY2o44IiyQ9efo7jxhN/XH
CnzdP39ocogphT+LBaDbiOpfTKqtkQ0FBLg47SzXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVSCwQqtwi5SPPOPtVZTtdC/oFrUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzZlMjEzYmQwLTA1NGQtNDcxMi1iNGQzLWEyZTg3M2E4NjljNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFyurvi2IWbOzo3LbVQFvamAf4V0
45LXO/UG4f9f+7DU84lMFnN596N1b1lghtH7wP5Tw2Ei/pVVakGHfJ5WAUyXmhzg
zANVgWcTKrjk1hJDRZMjBflkqbYJ7O0iDdMfGgrlivBRtWLZ8Q0XdlXhBRunwCf/
nsqIKE2CoLgwcc1okB9txuVD7W46sau0uTg5uHAgeB62OfWcvzhGD9hBk1KARvVQ
5TF9S3REPTcZdPog1k5Rmsz9Fpa6/gRCA1y2uwoydzc04qv7QerlOh6D4YsQWH4k
ZAQg7j1qtSo1UVEiPx07BLKSGsMHZmbvqWOtHqe9aFypPFni5ELc6M+KR54=
-----END CERTIFICATE-----