Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a5c42548-38d8-4926-9b2a-ddb0bda751e0.roa
File:                     a5c42548-38d8-4926-9b2a-ddb0bda751e0.roa (raw, json)
Hash identifier:          1CvY2iaRqOWdjP3qB4viS3fUoMRjetdNqm726iVdyFo=
Subject key identifier:   28:1C:22:82:72:1D:AC:9E:62:C4:6F:DA:71:3E:C4:35:76:82:D3:93
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       378C34DBEEBF16879B936C00C9142C6B22EA521B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a5c42548-38d8-4926-9b2a-ddb0bda751e0.roa
Signing time:             Mon 03 Feb 2025 00:00:00 +0000
ROA not before:           Mon 03 Feb 2025 00:00:00 +0000
ROA not after:            Mon 10 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:8c:34:db:ee:bf:16:87:9b:93:6c:00:c9:14:2c:6b:22:ea:52:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  3 00:00:00 2025 GMT
            Not After : Mar 10 23:59:59 2025 GMT
        Subject: serialNumber=a3a72137c20e2b2f1973237b87bf489a4c81d2ba7ecbc895a6b0bba1e80610a0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:aa:93:2f:58:1b:a9:4c:6c:f4:f3:9e:da:02:
                    92:aa:62:ff:ec:7c:9c:47:39:a9:43:c8:5c:a9:9a:
                    05:1f:2d:8d:7d:c9:6b:33:ed:98:5c:9b:45:07:c1:
                    8c:af:74:82:c2:ef:78:5b:1e:e8:c3:7c:fb:9f:67:
                    3c:3b:a1:b4:1a:5b:0e:e8:65:e2:ea:97:77:6a:ae:
                    3b:fb:20:a7:93:b7:fc:c8:cd:8e:7e:f9:e0:aa:6f:
                    6b:fe:12:8a:2d:d6:97:91:2d:8f:4a:1e:5d:f6:02:
                    72:88:a2:81:79:ae:cb:f4:d7:b3:9e:25:9d:14:3a:
                    f5:56:e6:cf:8a:54:96:ce:d1:e1:6a:e4:d1:de:60:
                    c7:e4:1e:38:7a:35:d0:ee:ae:90:b9:b0:76:33:d3:
                    32:20:ae:eb:46:e4:4e:bc:de:42:0b:40:b7:42:a7:
                    e4:27:a1:5e:63:9a:4c:6c:7f:de:12:96:fa:bc:c3:
                    5c:a5:e2:94:10:76:85:de:82:20:1f:48:17:88:40:
                    a0:00:89:7f:c6:20:d6:86:ce:e0:3f:85:e5:d8:39:
                    06:22:97:b2:33:00:b5:03:32:2d:86:d5:05:4d:0a:
                    43:ca:0e:24:c6:80:a7:0f:8b:3b:2b:ca:3e:5d:c9:
                    1e:1c:2f:42:b1:f7:a9:07:7d:4f:c7:6f:82:06:58:
                    ac:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:1C:22:82:72:1D:AC:9E:62:C4:6F:DA:71:3E:C4:35:76:82:D3:93
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a5c42548-38d8-4926-9b2a-ddb0bda751e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:cb:98:ce:08:d0:5b:72:46:47:85:d9:be:ea:91:ce:1e:e7:
         f6:5a:e4:c9:f2:fe:b1:52:62:6a:f1:37:53:99:88:6a:fa:f0:
         cc:47:6b:8e:1f:01:b7:5e:70:d6:30:09:fb:1e:12:06:0c:da:
         23:e0:e9:6b:e6:4c:f8:3b:ae:19:55:c1:6d:55:56:a1:bb:6e:
         ef:8b:95:9b:27:3c:1b:e3:9f:48:16:be:07:d3:75:66:4a:93:
         74:4e:74:b4:8a:e6:a0:14:d3:f4:aa:83:3f:70:bd:0e:93:50:
         03:93:7d:f6:71:1d:e6:bb:92:43:e6:d0:5b:87:0e:5c:11:ff:
         55:b6:6a:b7:29:07:43:ae:bf:7d:c0:6d:ac:18:11:e7:2c:04:
         c2:a7:45:a8:4c:9d:c8:84:8c:27:62:f2:19:72:b0:39:c6:57:
         c2:7d:39:34:89:3e:73:72:18:be:5d:15:bc:dd:32:d0:ac:89:
         ed:50:63:4b:1d:a5:d9:c1:65:b7:a2:40:38:fa:ee:ed:bf:cb:
         c5:3e:1c:b8:13:b8:4f:7e:a1:81:d0:11:06:ea:bd:cf:c6:d5:
         c2:ed:13:6c:90:58:06:e2:ef:b9:6c:1a:d4:7f:3e:bb:eb:93:
         d5:f2:bf:24:59:22:0e:d4:04:fc:6c:6f:f5:18:dd:c6:76:eb:
         6c:5d:1e:31
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN4w02+6/Foebk2wAyRQsayLqUhswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjAzMDAwMDAwWhcNMjUwMzEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhM2E3MjEzN2MyMGUyYjJmMTk3MzIzN2I4N2JmNDg5YTRj
ODFkMmJhN2VjYmM4OTVhNmIwYmJhMWU4MDYxMGEwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcqpMvWBupTGz0857aApKqYv/sfJxHOalDyFypmgUfLY19
yWsz7Zhcm0UHwYyvdILC73hbHujDfPufZzw7obQaWw7oZeLql3dqrjv7IKeTt/zI
zY5++eCqb2v+Eoot1peRLY9KHl32AnKIooF5rsv017OeJZ0UOvVW5s+KVJbO0eFq
5NHeYMfkHjh6NdDurpC5sHYz0zIgrutG5E683kILQLdCp+QnoV5jmkxsf94Slvq8
w1yl4pQQdoXegiAfSBeIQKAAiX/GINaGzuA/heXYOQYil7IzALUDMi2G1QVNCkPK
DiTGgKcPizsryj5dyR4cL0Kx96kHfU/Hb4IGWKzZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKBwignIdrJ5ixG/acT7ENXaC05MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E1YzQyNTQ4LTM4ZDgtNDkyNi05YjJhLWRkYjBiZGE3NTFlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKTLmM4I0FtyRkeF2b7qkc4e5/Za
5Mny/rFSYmrxN1OZiGr68MxHa44fAbdecNYwCfseEgYM2iPg6WvmTPg7rhlVwW1V
VqG7bu+LlZsnPBvjn0gWvgfTdWZKk3ROdLSK5qAU0/Sqgz9wvQ6TUAOTffZxHea7
kkPm0FuHDlwR/1W2arcpB0Ouv33AbawYEecsBMKnRahMnciEjCdi8hlysDnGV8J9
OTSJPnNyGL5dFbzdMtCsie1QY0sdpdnBZbeiQDj67u2/y8U+HLgTuE9+oYHQEQbq
vc/G1cLtE2yQWAbi77lsGtR/Prvrk9XyvyRZIg7UBPxsb/UY3cZ262xdHjE=
-----END CERTIFICATE-----