Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb322088-574f-4ad1-b492-3e4b9ea88495.roa
File:                     bb322088-574f-4ad1-b492-3e4b9ea88495.roa (raw, json)
Hash identifier:          nUuEmjPDzGmvKpKALt4tiW75rU8W1LHm0FSrflivRTo=
Subject key identifier:   A1:32:A6:6C:E6:06:81:E9:88:36:9D:D7:1B:5F:BB:8E:5B:E0:0C:48
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2986F8BE8A54CB6844146346C1843BBE27208A69
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb322088-574f-4ad1-b492-3e4b9ea88495.roa
Signing time:             Sun 09 Mar 2025 17:08:20 +0000
ROA not before:           Sun 09 Mar 2025 17:08:20 +0000
ROA not after:            Sun 13 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:86:f8:be:8a:54:cb:68:44:14:63:46:c1:84:3b:be:27:20:8a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  9 17:08:20 2025 GMT
            Not After : Apr 13 23:59:59 2025 GMT
        Subject: serialNumber=d93084e9664a2607d5514366e5236374ef75cddcde846e5d0e3a9c5ba9d23b45, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:01:fa:d7:e8:d6:52:42:42:d9:dc:37:4c:93:
                    5e:00:76:f2:ee:a3:62:68:ab:a6:57:1f:0f:6e:e4:
                    c9:41:f2:7e:de:9c:73:0a:07:51:74:25:e5:48:4a:
                    f3:46:58:bd:2a:78:3c:4b:9c:85:40:72:88:d9:a1:
                    21:e4:ca:fc:55:97:81:72:fb:66:23:3e:45:bd:8e:
                    cc:62:51:3f:46:7b:1b:15:19:73:c6:03:1b:b1:19:
                    19:fe:91:75:cc:ee:92:ec:7f:9f:07:7b:1d:01:c8:
                    4c:73:92:d8:92:0a:66:d0:c3:93:fe:26:9c:85:81:
                    6f:cc:82:b9:7f:ee:10:d6:24:39:a4:ea:5a:75:13:
                    e8:e6:0b:88:a4:98:a5:5a:e3:2b:64:f6:40:fb:41:
                    9f:84:25:35:02:b1:fa:5c:e3:c2:f5:4e:a6:95:fa:
                    16:a4:5b:4b:f7:e5:fa:9d:ca:76:dc:0b:42:a6:d0:
                    a4:db:10:2c:67:2b:8f:7c:c8:60:ab:36:bb:80:68:
                    f8:7a:15:71:29:0c:9a:e7:90:8a:3a:4a:20:14:a4:
                    7c:01:b5:3a:06:78:4d:31:1d:53:d0:0a:2e:a1:91:
                    5c:90:5e:30:1a:06:1c:e0:fc:3e:9b:16:cb:60:ef:
                    5a:8c:2a:77:bb:f1:a3:be:c8:cc:d2:fd:8c:ef:64:
                    d7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:32:A6:6C:E6:06:81:E9:88:36:9D:D7:1B:5F:BB:8E:5B:E0:0C:48
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb322088-574f-4ad1-b492-3e4b9ea88495.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:98:13:8f:20:bb:ad:b6:44:81:22:e0:98:de:61:16:68:db:
         8c:c6:a3:20:a3:1e:a4:6c:05:04:81:76:8a:14:98:c1:ff:da:
         0e:36:a6:4e:a6:4f:11:84:c6:9b:de:32:b0:d5:dc:bc:b3:ac:
         6c:68:3c:6e:2f:ff:ca:dd:5a:d9:60:b1:c3:69:5f:51:3e:b5:
         c6:f8:40:28:85:a4:eb:b9:8a:64:51:64:a9:c3:4b:78:58:3e:
         d9:50:2d:d3:26:8c:a4:11:69:7c:b6:9c:8d:f8:49:46:49:e2:
         d9:8a:fb:56:66:f1:6c:34:45:b1:a3:9d:16:82:9e:52:25:21:
         9c:82:d9:ae:e1:45:d8:00:c0:3d:19:0e:08:90:68:b1:3e:6b:
         a3:fe:92:e5:87:51:db:e7:a4:f3:ee:99:45:32:6c:4b:43:40:
         17:f2:95:1d:c9:b7:53:62:e9:d3:b7:6b:42:48:13:c9:f2:53:
         3b:cc:f2:10:d2:aa:a4:20:2a:44:f5:a3:a7:5d:1a:2f:2e:04:
         ec:61:44:bf:96:ee:69:c8:d3:62:0a:97:fb:79:4d:3a:27:dd:
         5b:b6:7f:1e:e4:62:eb:d0:aa:48:10:4f:77:c0:62:39:ba:71:
         8a:3b:6e:8a:f1:71:e1:af:67:71:75:88:c3:6e:cd:52:bf:51:
         46:5a:48:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKYb4vopUy2hEFGNGwYQ7vicgimkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA5MTcwODIwWhcNMjUwNDEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTMwODRlOTY2NGEyNjA3ZDU1MTQzNjZlNTIzNjM3NGVm
NzVjZGRjZGU4NDZlNWQwZTNhOWM1YmE5ZDIzYjQ1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4AfrX6NZSQkLZ3DdMk14AdvLuo2Joq6ZXHw9u5MlB8n7e
nHMKB1F0JeVISvNGWL0qeDxLnIVAcojZoSHkyvxVl4Fy+2YjPkW9jsxiUT9GexsV
GXPGAxuxGRn+kXXM7pLsf58Hex0ByExzktiSCmbQw5P+JpyFgW/Mgrl/7hDWJDmk
6lp1E+jmC4ikmKVa4ytk9kD7QZ+EJTUCsfpc48L1TqaV+hakW0v35fqdynbcC0Km
0KTbECxnK498yGCrNruAaPh6FXEpDJrnkIo6SiAUpHwBtToGeE0xHVPQCi6hkVyQ
XjAaBhzg/D6bFstg71qMKne78aO+yMzS/YzvZNcJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoTKmbOYGgemINp3XG1+7jlvgDEgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JiMzIyMDg4LTU3NGYtNGFkMS1iNDkyLTNlNGI5ZWE4ODQ5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADSYE48gu622RIEi4JjeYRZo24zG
oyCjHqRsBQSBdooUmMH/2g42pk6mTxGExpveMrDV3LyzrGxoPG4v/8rdWtlgscNp
X1E+tcb4QCiFpOu5imRRZKnDS3hYPtlQLdMmjKQRaXy2nI34SUZJ4tmK+1Zm8Ww0
RbGjnRaCnlIlIZyC2a7hRdgAwD0ZDgiQaLE+a6P+kuWHUdvnpPPumUUybEtDQBfy
lR3Jt1Ni6dO3a0JIE8nyUzvM8hDSqqQgKkT1o6ddGi8uBOxhRL+W7mnI02IKl/t5
TTon3Vu2fx7kYuvQqkgQT3fAYjm6cYo7borxceGvZ3F1iMNuzVK/UUZaSN8=
-----END CERTIFICATE-----