Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/792a09cf-5e17-48b3-a5ca-edb24d2f7e88.roa
File:                     792a09cf-5e17-48b3-a5ca-edb24d2f7e88.roa (raw, json)
Hash identifier:          YEaxNSnZ2KHTrF9O5qVLFbyCcNeSVWrGL5FXBpyj+OY=
Subject key identifier:   61:5A:68:6C:3A:B9:A6:7E:A9:8D:5F:AD:7C:BF:11:A5:13:0C:DE:68
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3A9CA7A790DED262E3A60EBD7D48D3BCC55125F2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/792a09cf-5e17-48b3-a5ca-edb24d2f7e88.roa
Signing time:             Tue 25 Feb 2025 12:43:20 +0000
ROA not before:           Tue 25 Feb 2025 12:43:20 +0000
ROA not after:            Tue 01 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:9c:a7:a7:90:de:d2:62:e3:a6:0e:bd:7d:48:d3:bc:c5:51:25:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 25 12:43:20 2025 GMT
            Not After : Apr  1 23:59:59 2025 GMT
        Subject: serialNumber=6c358a0ed52b27629c70e920d5576f360a1c989f89734df742f0075337138f1d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b0:bb:ef:72:7c:60:25:40:1b:cc:75:16:ce:
                    c2:d0:ca:a6:c3:dc:98:b2:e3:a6:65:b0:90:88:f8:
                    28:86:97:91:90:22:9c:82:84:17:2e:fe:27:96:ec:
                    d0:78:84:8e:25:49:df:8f:93:23:e1:7b:7e:10:08:
                    97:3b:85:52:bb:0a:b8:5b:1b:87:b9:73:6b:9f:81:
                    29:12:53:67:1a:63:50:a8:14:c2:ea:e2:cd:82:b6:
                    05:73:88:fa:22:ad:5f:20:51:a6:da:0b:6c:cb:20:
                    e2:11:4a:e6:2e:26:1f:ac:80:dc:d1:b4:16:2f:c5:
                    63:c8:fb:35:c5:d2:55:0f:61:4c:e9:62:88:4c:5d:
                    14:2c:53:a7:18:ad:be:01:76:8a:cd:67:0e:0c:69:
                    f2:df:e6:c5:0d:b9:f7:25:65:7c:84:7f:55:53:dd:
                    88:af:27:5e:c8:85:c7:7b:0e:9c:db:54:c9:0d:12:
                    69:ff:57:6e:5b:40:d0:3b:55:5c:33:15:68:cc:c2:
                    66:b3:66:24:76:f7:06:27:da:00:b5:6d:b9:e7:82:
                    46:8e:f2:0f:3b:de:3d:9a:e8:d7:0a:9c:b2:79:43:
                    f7:cd:a7:60:82:54:41:88:3b:11:fa:03:ec:5e:0f:
                    de:43:9b:ec:e3:ff:e5:bc:f0:a5:18:2b:da:c2:de:
                    bd:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:5A:68:6C:3A:B9:A6:7E:A9:8D:5F:AD:7C:BF:11:A5:13:0C:DE:68
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/792a09cf-5e17-48b3-a5ca-edb24d2f7e88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:c2:25:f5:35:c4:71:d1:a6:c8:de:57:66:2c:b6:15:96:92:
         ae:30:8b:98:e4:aa:91:61:88:90:3c:a5:be:1c:4f:1d:1b:59:
         5b:f4:5d:0a:8c:90:37:48:dd:fb:40:b1:b2:69:76:3a:08:17:
         f9:65:05:b6:8a:27:d4:c0:18:25:6b:10:a0:df:69:c4:8c:61:
         6f:c0:12:8b:4c:09:40:a6:6c:2e:ac:84:10:de:f3:4d:65:43:
         de:0c:f6:c4:8e:4b:38:cb:7d:82:f4:05:35:69:dc:97:ee:17:
         cb:09:1e:f2:65:82:96:d6:e6:f1:03:6a:3e:b1:07:ee:2f:95:
         02:65:e3:de:c7:24:a0:ae:60:45:cd:f7:a5:e0:52:2e:44:60:
         b5:b4:11:3d:57:b8:a0:13:79:48:14:c4:08:c2:08:fc:2a:4c:
         f0:a3:73:35:20:d4:db:39:06:95:d7:c6:28:6c:1b:65:0f:ad:
         67:ec:04:43:05:33:ed:a0:be:02:2a:b7:f0:e0:a9:54:05:8a:
         69:f7:2d:d9:ef:2f:e5:14:b5:29:ee:bc:f6:66:35:02:da:e4:
         29:59:da:32:58:85:23:df:8d:9d:0d:3c:00:31:62:fc:e9:f9:
         08:2e:75:a8:37:aa:27:92:21:ef:4f:48:d6:fb:95:4e:73:b0:
         8d:a2:8f:a7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOpynp5De0mLjpg69fUjTvMVRJfIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjI1MTI0MzIwWhcNMjUwNDAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YzM1OGEwZWQ1MmIyNzYyOWM3MGU5MjBkNTU3NmYzNjBh
MWM5ODlmODk3MzRkZjc0MmYwMDc1MzM3MTM4ZjFkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1sLvvcnxgJUAbzHUWzsLQyqbD3Jiy46ZlsJCI+CiGl5GQ
IpyChBcu/ieW7NB4hI4lSd+PkyPhe34QCJc7hVK7CrhbG4e5c2ufgSkSU2caY1Co
FMLq4s2CtgVziPoirV8gUabaC2zLIOIRSuYuJh+sgNzRtBYvxWPI+zXF0lUPYUzp
YohMXRQsU6cYrb4BdorNZw4MafLf5sUNufclZXyEf1VT3YivJ17Ihcd7DpzbVMkN
Emn/V25bQNA7VVwzFWjMwmazZiR29wYn2gC1bbnngkaO8g873j2a6NcKnLJ5Q/fN
p2CCVEGIOxH6A+xeD95Dm+zj/+W88KUYK9rC3r3ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYVpobDq5pn6pjV+tfL8RpRMM3mgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc5MmEwOWNmLTVlMTctNDhiMy1hNWNhLWVkYjI0ZDJmN2U4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHzCJfU1xHHRpsjeV2YsthWWkq4w
i5jkqpFhiJA8pb4cTx0bWVv0XQqMkDdI3ftAsbJpdjoIF/llBbaKJ9TAGCVrEKDf
acSMYW/AEotMCUCmbC6shBDe801lQ94M9sSOSzjLfYL0BTVp3JfuF8sJHvJlgpbW
5vEDaj6xB+4vlQJl497HJKCuYEXN96XgUi5EYLW0ET1XuKATeUgUxAjCCPwqTPCj
czUg1Ns5BpXXxihsG2UPrWfsBEMFM+2gvgIqt/DgqVQFimn3LdnvL+UUtSnuvPZm
NQLa5ClZ2jJYhSPfjZ0NPAAxYvzp+Qgudag3qieSIe9PSNb7lU5zsI2ij6c=
-----END CERTIFICATE-----