Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b043d368-5ba1-41e1-85eb-07699a3d7107.roa
File:                     b043d368-5ba1-41e1-85eb-07699a3d7107.roa (raw, json)
Hash identifier:          3XVbA9GOkYWKqYmCSGv27EhOrKVh5iDAMAaEslpjr5Q=
Subject key identifier:   E1:31:44:65:D1:76:EA:C4:53:51:9B:9B:30:27:00:AE:BD:0B:96:34
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       24D22BB44139CD40F2B24AC9CBFB3AC5A7A988AE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b043d368-5ba1-41e1-85eb-07699a3d7107.roa
Signing time:             Sat 15 Mar 2025 10:53:18 +0000
ROA not before:           Sat 15 Mar 2025 10:53:18 +0000
ROA not after:            Sat 19 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:d2:2b:b4:41:39:cd:40:f2:b2:4a:c9:cb:fb:3a:c5:a7:a9:88:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 15 10:53:18 2025 GMT
            Not After : Apr 19 23:59:59 2025 GMT
        Subject: serialNumber=28f9c374bab8977ef556b7fb8253bf700577bc149ef03d59cda41c91a72b72a9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:4f:28:0c:47:b3:9f:8c:9e:f4:9c:fd:ac:1c:
                    f4:0e:ea:ff:56:b0:38:15:35:e6:ba:1c:fb:ec:66:
                    09:6f:ba:17:c8:a7:a6:3f:83:ab:14:db:de:fe:03:
                    6b:a3:f6:d0:06:ce:62:1b:f5:6e:de:42:30:53:2a:
                    7b:01:ac:0b:07:e7:41:f4:47:95:2e:e9:d1:a0:80:
                    a0:14:09:a9:c6:41:64:1b:f2:05:e0:8c:6c:c0:b0:
                    9e:ff:21:87:fa:c5:e7:fc:52:6d:8e:d5:39:75:f5:
                    a4:06:24:f9:b4:14:d8:5f:10:da:9d:ca:6c:1b:ed:
                    06:d3:14:53:7f:58:b1:f9:70:57:5c:30:d6:15:ce:
                    d0:28:ec:85:37:1d:4a:75:7a:8e:71:f9:18:4c:8c:
                    54:d3:c2:5d:79:48:03:e5:f9:f4:74:6a:97:45:29:
                    c0:22:00:46:fa:1a:0a:fd:9c:74:6c:76:9d:67:29:
                    14:41:f6:2d:11:9a:58:f6:4d:e1:ee:10:06:75:6e:
                    48:aa:d8:a1:59:16:24:df:ae:90:c9:44:21:86:94:
                    e4:9b:75:e9:97:4b:af:d0:e6:3d:23:ec:9d:fe:a6:
                    66:c4:2e:bc:ed:85:af:ac:ae:bd:d5:22:a4:3c:e8:
                    a3:2a:92:8e:2b:bd:06:60:46:22:5c:de:1b:b1:9f:
                    18:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:31:44:65:D1:76:EA:C4:53:51:9B:9B:30:27:00:AE:BD:0B:96:34
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b043d368-5ba1-41e1-85eb-07699a3d7107.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:52:45:76:0c:3b:7f:aa:16:9b:24:77:c0:8f:68:25:ee:67:
         5b:8e:8b:e7:61:cd:4e:47:ee:b7:fe:76:fb:f7:35:0a:20:79:
         df:fc:5a:64:ae:2b:e9:9a:06:d7:06:a2:f1:fa:84:f8:d6:5c:
         97:73:91:4e:4c:7a:fa:30:f5:d0:99:c5:8e:36:d3:9f:99:f9:
         bd:6f:10:e5:94:7e:d9:23:2b:11:11:84:ae:a0:55:d8:64:43:
         73:fe:fa:54:a0:93:36:8f:34:96:c5:b1:67:74:a0:e3:71:bb:
         b0:32:f7:4c:b5:5b:8a:b1:c3:59:2d:61:b9:a9:7c:03:2c:f4:
         e4:12:b1:a1:11:71:49:d5:80:93:44:c0:62:a1:d2:3b:75:ff:
         2d:28:ab:7c:6a:d1:78:c5:f2:1e:94:b7:05:c4:c3:cd:20:57:
         6f:59:ee:6f:0f:8d:9b:ff:28:e9:9c:a1:76:48:cc:1a:1d:d8:
         88:c1:0f:c0:e3:f4:9a:4f:e9:35:70:08:09:08:59:a2:41:4f:
         50:a4:f5:1a:69:fe:9e:fe:02:13:6f:4a:8a:6d:62:3b:e1:b6:
         d3:f1:9b:3d:15:dd:76:5e:e9:b2:e2:2e:fa:72:40:a2:22:5f:
         24:18:41:1e:c0:a4:58:05:55:6b:5c:f3:67:f2:a6:d2:f0:72:
         51:71:6c:a0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJNIrtEE5zUDyskrJy/s6xaepiK4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzE1MTA1MzE4WhcNMjUwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOGY5YzM3NGJhYjg5NzdlZjU1NmI3ZmI4MjUzYmY3MDA1
NzdiYzE0OWVmMDNkNTljZGE0MWM5MWE3MmI3MmE5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmTygMR7OfjJ70nP2sHPQO6v9WsDgVNea6HPvsZglvuhfI
p6Y/g6sU297+A2uj9tAGzmIb9W7eQjBTKnsBrAsH50H0R5Uu6dGggKAUCanGQWQb
8gXgjGzAsJ7/IYf6xef8Um2O1Tl19aQGJPm0FNhfENqdymwb7QbTFFN/WLH5cFdc
MNYVztAo7IU3HUp1eo5x+RhMjFTTwl15SAPl+fR0apdFKcAiAEb6Ggr9nHRsdp1n
KRRB9i0Rmlj2TeHuEAZ1bkiq2KFZFiTfrpDJRCGGlOSbdemXS6/Q5j0j7J3+pmbE
Lrztha+srr3VIqQ86KMqko4rvQZgRiJc3huxnxgJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4TFEZdF26sRTUZubMCcArr0LljQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2IwNDNkMzY4LTViYTEtNDFlMS04NWViLTA3Njk5YTNkNzEwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABpSRXYMO3+qFpskd8CPaCXuZ1uO
i+dhzU5H7rf+dvv3NQoged/8WmSuK+maBtcGovH6hPjWXJdzkU5Mevow9dCZxY42
05+Z+b1vEOWUftkjKxERhK6gVdhkQ3P++lSgkzaPNJbFsWd0oONxu7Ay90y1W4qx
w1ktYbmpfAMs9OQSsaERcUnVgJNEwGKh0jt1/y0oq3xq0XjF8h6UtwXEw80gV29Z
7m8PjZv/KOmcoXZIzBod2IjBD8Dj9JpP6TVwCAkIWaJBT1Ck9Rpp/p7+AhNvSopt
YjvhttPxmz0V3XZe6bLiLvpyQKIiXyQYQR7ApFgFVWtc82fyptLwclFxbKA=
-----END CERTIFICATE-----