Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb3c517a-9936-45f8-bd62-db1ccb534d9b.roa
File:                     bb3c517a-9936-45f8-bd62-db1ccb534d9b.roa (raw, json)
Hash identifier:          wBC+v23IbM1aiOMmqWVP6p+w/AzUErv3F3y517AMauk=
Subject key identifier:   D3:4C:D5:DC:06:7B:95:16:CA:CC:D9:35:8F:CB:B1:FD:11:13:AC:E0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7019BCC80B3CB730DFD083F6F6FD00B58FD290CF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb3c517a-9936-45f8-bd62-db1ccb534d9b.roa
Signing time:             Wed 19 Mar 2025 10:28:15 +0000
ROA not before:           Wed 19 Mar 2025 10:28:15 +0000
ROA not after:            Wed 23 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:19:bc:c8:0b:3c:b7:30:df:d0:83:f6:f6:fd:00:b5:8f:d2:90:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 19 10:28:15 2025 GMT
            Not After : Apr 23 23:59:59 2025 GMT
        Subject: serialNumber=d1b57b048ef0a1c021625ce6a211a340c43751e3e171d965b179d74fc7206bdb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:2a:43:53:7c:ef:0a:18:ec:d8:50:bf:b0:b0:
                    56:e5:5f:2d:2a:e2:2b:81:bb:76:f6:06:b4:82:61:
                    4d:49:4e:dd:1c:51:4a:6a:56:cd:de:33:90:60:9a:
                    81:2b:0b:0e:2e:be:bd:61:6a:d2:7f:89:71:54:c5:
                    de:1c:b5:8d:e9:45:ff:f2:51:58:46:c6:ef:d7:3c:
                    3d:af:71:b9:60:24:3e:6a:a2:9e:6f:05:b8:4d:e2:
                    7e:c3:f7:f9:20:57:64:60:90:ef:68:7c:c0:4d:04:
                    52:dd:89:25:9b:ae:b2:e0:02:e8:3e:8c:5b:ae:65:
                    3d:ad:72:ff:fb:a6:4c:a4:dd:6b:29:b9:39:7d:fc:
                    ac:d0:83:b1:ce:0c:8e:b6:5d:76:3f:a9:43:5f:4c:
                    72:18:80:a3:5b:66:d8:d9:c5:4b:7b:2a:80:04:43:
                    88:00:e5:b1:a9:ec:ec:32:d9:37:cf:0c:74:6b:6b:
                    e8:06:bf:5e:a4:70:4a:d2:50:82:d9:9c:51:22:6c:
                    dd:ce:27:f7:6e:fb:e4:89:9e:f4:5b:16:0d:ad:57:
                    02:32:e9:b4:4e:a8:c3:60:9c:b8:ce:3a:6c:bd:bf:
                    c2:39:8a:90:d5:2b:83:2c:37:e4:d7:48:c1:b8:09:
                    42:02:98:11:dd:2c:9a:6f:a9:11:ac:4b:95:d9:65:
                    2a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:4C:D5:DC:06:7B:95:16:CA:CC:D9:35:8F:CB:B1:FD:11:13:AC:E0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bb3c517a-9936-45f8-bd62-db1ccb534d9b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:13:5f:61:ff:f2:fe:12:46:18:33:0f:0d:b2:4a:9b:53:b0:
         65:d8:55:49:ae:35:79:8d:94:e5:fc:c2:9f:17:03:50:9f:d9:
         e6:0e:b3:ca:ef:a2:84:05:b0:c1:32:46:2a:e6:e5:87:97:a7:
         ba:80:85:ac:33:db:88:fb:c4:4c:74:7a:8c:83:3c:0a:4d:1b:
         a9:5b:8f:6b:db:de:72:6e:5c:61:96:52:cf:bb:db:18:e4:86:
         fa:62:5a:b7:c0:5b:4e:fc:1a:ee:21:74:c0:8a:39:a8:a9:d0:
         59:19:a7:45:48:b2:10:24:ae:74:dc:cf:f1:94:b3:92:8c:4e:
         c0:92:ed:bf:d5:50:ed:ce:6f:a3:97:1f:96:b5:88:79:b9:64:
         f5:13:87:11:1f:cb:4b:94:c5:29:f2:88:c1:00:70:51:85:67:
         6d:f8:9c:9c:f9:cb:9d:15:32:0c:4d:46:71:8a:5e:62:8b:f9:
         56:c6:43:85:cc:19:f7:1a:b7:13:81:de:a1:1f:5e:c6:25:7e:
         af:3b:ae:49:27:c5:a7:6c:53:ef:87:11:65:e8:28:17:0e:02:
         54:01:ec:54:ce:e2:41:d4:98:df:cf:16:45:6d:73:17:e6:81:
         4f:5e:d9:bd:27:de:c2:4c:fa:9d:7c:85:ca:17:6a:05:7f:70:
         34:3b:cb:0e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcBm8yAs8tzDf0IP29v0AtY/SkM8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzE5MTAyODE1WhcNMjUwNDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMWI1N2IwNDhlZjBhMWMwMjE2MjVjZTZhMjExYTM0MGM0
Mzc1MWUzZTE3MWQ5NjViMTc5ZDc0ZmM3MjA2YmRiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLKkNTfO8KGOzYUL+wsFblXy0q4iuBu3b2BrSCYU1JTt0c
UUpqVs3eM5BgmoErCw4uvr1hatJ/iXFUxd4ctY3pRf/yUVhGxu/XPD2vcblgJD5q
op5vBbhN4n7D9/kgV2RgkO9ofMBNBFLdiSWbrrLgAug+jFuuZT2tcv/7pkyk3Wsp
uTl9/KzQg7HODI62XXY/qUNfTHIYgKNbZtjZxUt7KoAEQ4gA5bGp7Owy2TfPDHRr
a+gGv16kcErSUILZnFEibN3OJ/du++SJnvRbFg2tVwIy6bROqMNgnLjOOmy9v8I5
ipDVK4MsN+TXSMG4CUICmBHdLJpvqRGsS5XZZSq5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU00zV3AZ7lRbKzNk1j8ux/RETrOAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JiM2M1MTdhLTk5MzYtNDVmOC1iZDYyLWRiMWNjYjUzNGQ5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH8TX2H/8v4SRhgzDw2ySptTsGXY
VUmuNXmNlOX8wp8XA1Cf2eYOs8rvooQFsMEyRirm5YeXp7qAhawz24j7xEx0eoyD
PApNG6lbj2vb3nJuXGGWUs+72xjkhvpiWrfAW078Gu4hdMCKOaip0FkZp0VIshAk
rnTcz/GUs5KMTsCS7b/VUO3Ob6OXH5a1iHm5ZPUThxEfy0uUxSnyiMEAcFGFZ234
nJz5y50VMgxNRnGKXmKL+VbGQ4XMGfcatxOB3qEfXsYlfq87rkknxadsU++HEWXo
KBcOAlQB7FTO4kHUmN/PFkVtcxfmgU9e2b0n3sJM+p18hcoXagV/cDQ7yw4=
-----END CERTIFICATE-----