Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a07be587-6764-4346-b664-702f800ec554.roa
File:                     a07be587-6764-4346-b664-702f800ec554.roa (raw, json)
Hash identifier:          hrK6ERqcW13DElawyxvzCm/R1WsFJYht8SbSEUmQDqM=
Subject key identifier:   35:3E:B2:01:F8:F0:B3:E7:6A:5B:ED:1B:CB:F6:7C:32:C0:AD:46:D1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       30272814D906ED73A308EA38C9DB8C096D97A543
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a07be587-6764-4346-b664-702f800ec554.roa
Signing time:             Mon 24 Feb 2025 08:13:12 +0000
ROA not before:           Mon 24 Feb 2025 08:13:12 +0000
ROA not after:            Mon 31 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:27:28:14:d9:06:ed:73:a3:08:ea:38:c9:db:8c:09:6d:97:a5:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 24 08:13:12 2025 GMT
            Not After : Mar 31 23:59:59 2025 GMT
        Subject: serialNumber=6ab0a3c71d3ecb87ef0a9345338c7fcb89868741cfbd8d58d8004263af4d565c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:61:7b:8d:05:d8:cc:ef:5c:6b:0f:19:3f:bb:
                    80:f1:72:8b:ee:70:01:a5:57:91:84:c9:1b:da:5e:
                    8c:3a:83:1a:78:01:5f:7f:8f:c8:3c:a4:fc:f4:92:
                    4e:65:2b:41:41:b7:93:70:07:2f:42:e7:cb:21:ed:
                    46:60:2f:04:3a:ac:d2:24:2d:e5:d2:27:92:95:d5:
                    17:2c:9c:23:0f:29:6e:48:05:55:94:76:af:c8:8a:
                    6c:f7:8a:f3:cb:41:dd:9d:ec:e0:d3:a4:64:77:97:
                    4a:0d:91:07:b0:88:e1:0f:12:c2:73:0c:6b:ad:14:
                    e1:18:a4:93:4f:ba:94:25:1c:2a:fd:c9:94:e9:c2:
                    1e:9f:6c:b2:e8:b4:38:90:11:e1:66:b4:38:43:57:
                    d5:98:b8:c0:50:fc:1d:b2:87:53:ea:d6:6b:d3:eb:
                    68:b8:14:8d:85:a6:fc:c3:89:76:11:df:28:11:e1:
                    f1:ad:f9:1d:bc:a2:b0:f0:03:43:a2:c7:68:be:f4:
                    2c:83:a8:f0:5a:4f:28:c9:bc:39:b0:93:d8:3e:c9:
                    55:49:85:25:ce:a7:81:51:f7:63:5c:9e:81:3c:7f:
                    32:c7:2c:04:7f:c4:d7:ed:44:b1:0a:fd:e6:d4:94:
                    81:58:1b:69:45:6f:48:ef:1e:d8:58:cd:6c:9e:26:
                    c6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:3E:B2:01:F8:F0:B3:E7:6A:5B:ED:1B:CB:F6:7C:32:C0:AD:46:D1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a07be587-6764-4346-b664-702f800ec554.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:3d:c5:67:a7:74:ad:ca:a6:df:52:48:a5:d6:35:cc:72:7a:
         c5:09:96:45:55:51:31:c1:8f:06:1b:c7:a7:e7:10:8d:16:91:
         33:26:87:0e:fc:79:1b:98:ea:aa:35:79:f4:94:f8:7f:bf:3e:
         c2:52:a7:be:b0:3a:40:21:0d:73:f1:47:46:8a:b3:00:fb:1b:
         99:d1:b8:97:80:44:c5:f9:74:3c:aa:f6:8f:ff:80:e9:ea:82:
         df:c4:7a:37:9e:77:07:a3:2a:e2:22:aa:c6:c0:9b:79:57:1d:
         15:25:53:a9:8e:d1:9c:66:71:6e:04:48:97:a9:43:3a:4a:4e:
         78:46:9d:58:2d:72:ad:6f:df:a5:52:95:e9:4f:0c:c1:3f:26:
         fb:6d:dd:7e:24:74:a5:8f:71:38:58:5d:71:a8:73:e2:53:ff:
         cb:11:02:64:76:16:75:50:52:82:89:18:df:d4:8c:b2:81:d3:
         6d:30:34:e2:ca:9f:6a:a9:5e:2b:bb:2b:f4:72:4c:11:20:49:
         0a:3c:df:75:09:95:87:0f:2d:63:04:cf:02:a2:ef:80:e0:0e:
         cc:3e:a6:7a:07:3f:7a:17:e8:a1:f4:a0:bb:27:36:77:ba:80:
         f0:ab:34:42:6c:73:65:2b:2e:de:55:fb:29:bd:6d:20:31:52:
         26:3d:35:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMCcoFNkG7XOjCOo4yduMCW2XpUMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjI0MDgxMzEyWhcNMjUwMzMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YWIwYTNjNzFkM2VjYjg3ZWYwYTkzNDUzMzhjN2ZjYjg5
ODY4NzQxY2ZiZDhkNThkODAwNDI2M2FmNGQ1NjVjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbYXuNBdjM71xrDxk/u4DxcovucAGlV5GEyRvaXow6gxp4
AV9/j8g8pPz0kk5lK0FBt5NwBy9C58sh7UZgLwQ6rNIkLeXSJ5KV1RcsnCMPKW5I
BVWUdq/Iimz3ivPLQd2d7ODTpGR3l0oNkQewiOEPEsJzDGutFOEYpJNPupQlHCr9
yZTpwh6fbLLotDiQEeFmtDhDV9WYuMBQ/B2yh1Pq1mvT62i4FI2FpvzDiXYR3ygR
4fGt+R28orDwA0Oix2i+9CyDqPBaTyjJvDmwk9g+yVVJhSXOp4FR92NcnoE8fzLH
LAR/xNftRLEK/ebUlIFYG2lFb0jvHthYzWyeJsYZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNT6yAfjws+dqW+0by/Z8MsCtRtEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2EwN2JlNTg3LTY3NjQtNDM0Ni1iNjY0LTcwMmY4MDBlYzU1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIE9xWendK3Kpt9SSKXWNcxyesUJ
lkVVUTHBjwYbx6fnEI0WkTMmhw78eRuY6qo1efSU+H+/PsJSp76wOkAhDXPxR0aK
swD7G5nRuJeARMX5dDyq9o//gOnqgt/EejeedwejKuIiqsbAm3lXHRUlU6mO0Zxm
cW4ESJepQzpKTnhGnVgtcq1v36VSlelPDME/Jvtt3X4kdKWPcThYXXGoc+JT/8sR
AmR2FnVQUoKJGN/UjLKB020wNOLKn2qpXiu7K/RyTBEgSQo833UJlYcPLWMEzwKi
74DgDsw+pnoHP3oX6KH0oLsnNne6gPCrNEJsc2UrLt5V+ym9bSAxUiY9Neg=
-----END CERTIFICATE-----