Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdd6596-63ee-4e65-a34f-714419b4bf6f.roa
File:                     dcdd6596-63ee-4e65-a34f-714419b4bf6f.roa (raw, json)
Hash identifier:          Q0fAk2Fz5qjI1yLhTOHP1W4VbP6xh3P3mt59eEZDx4E=
Subject key identifier:   84:40:F7:B8:F9:11:B8:E3:9C:EC:B3:9E:CC:C6:82:63:D2:38:90:99
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4BA15860A3C7DDB81F556237D9372986F94D5AEA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdd6596-63ee-4e65-a34f-714419b4bf6f.roa
Signing time:             Thu 27 Mar 2025 02:43:22 +0000
ROA not before:           Thu 27 Mar 2025 02:43:22 +0000
ROA not after:            Thu 01 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:a1:58:60:a3:c7:dd:b8:1f:55:62:37:d9:37:29:86:f9:4d:5a:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 27 02:43:22 2025 GMT
            Not After : May  1 23:59:59 2025 GMT
        Subject: serialNumber=22d31a3eede1a44de2b3584a56404cfad4246af306f37c94f891df11e0f915b2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f4:e3:1b:8f:e2:50:88:84:73:f3:7b:e8:52:
                    c8:66:d0:68:1f:eb:c5:c9:01:f8:1b:5b:06:b6:17:
                    1d:8c:6f:4b:52:fb:1d:49:57:c1:dc:68:b7:26:94:
                    11:72:38:39:21:9f:bc:84:3c:26:73:6d:be:19:67:
                    34:f9:42:3b:9e:b6:b4:48:74:57:47:37:f5:c7:9e:
                    2b:ac:c7:91:0a:e8:ea:d3:c9:5d:09:e5:da:74:05:
                    e3:a1:69:0e:f5:a4:5f:72:8c:6b:51:db:76:c7:26:
                    0a:91:a6:7b:8c:84:e2:83:94:f1:41:a4:3a:93:4e:
                    9d:40:1f:02:2b:67:a2:71:5d:79:d9:c8:af:dd:cf:
                    c6:a2:d2:76:d4:70:d0:2b:8b:ea:6a:42:4d:80:32:
                    6e:0a:95:72:72:b3:91:1f:2d:5a:57:3f:6d:dc:87:
                    d5:90:21:b1:bd:01:07:85:6b:01:84:97:cb:7f:12:
                    61:cf:7c:8d:32:c4:59:a7:48:64:5e:8e:81:e5:11:
                    a8:f0:21:bd:20:99:36:45:7e:65:a0:ee:34:15:c9:
                    ad:a5:b9:21:0d:53:a9:b6:bc:22:67:4c:da:d0:1d:
                    7c:87:19:5a:9f:64:2d:17:99:13:c4:34:62:6b:22:
                    36:61:f7:ae:e0:57:97:c1:54:c1:13:27:94:ce:cd:
                    ba:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:40:F7:B8:F9:11:B8:E3:9C:EC:B3:9E:CC:C6:82:63:D2:38:90:99
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdd6596-63ee-4e65-a34f-714419b4bf6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:ef:ff:14:29:f5:ba:f6:3e:0f:df:ec:1a:05:4b:bc:7c:82:
         cb:cb:95:6a:e3:bd:34:1d:09:9d:29:39:de:7e:08:6a:6b:96:
         82:2c:b3:d6:d9:b9:90:bb:11:71:e3:e8:f4:1c:59:08:68:19:
         2f:9b:6f:cd:7a:5a:64:1f:b7:b2:f7:74:99:8a:54:f7:4b:83:
         86:39:16:39:5e:14:d6:7f:7e:4f:17:52:9f:c5:2b:d3:6d:be:
         0a:fb:8f:dc:8b:b9:7b:7a:b2:6c:6d:b1:1a:c2:85:92:12:c7:
         6b:31:a1:3b:0d:da:2a:d9:6f:1d:29:76:9c:b4:a5:f7:e3:2b:
         5f:e9:37:06:56:93:c5:40:9a:76:eb:2a:ca:b9:a0:2c:72:00:
         69:a4:03:cf:74:15:e2:d4:8a:05:3a:97:95:f3:74:ce:85:64:
         25:4d:11:1b:f2:02:9c:12:9a:1b:da:6c:18:fd:69:a4:8b:36:
         d6:c7:e4:19:94:7e:83:94:99:00:36:eb:82:fd:b8:64:a7:4a:
         02:84:ee:71:d2:d5:ef:61:97:b9:fd:99:dd:68:0a:d4:46:ea:
         98:dc:23:d7:48:f2:cd:3c:74:ca:0e:27:2a:22:e8:74:ec:cc:
         41:91:3f:bc:a2:e8:8d:30:e2:08:ca:a1:74:3e:6c:f4:a3:ff:
         ad:87:05:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUS6FYYKPH3bgfVWI32TcphvlNWuowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI3MDI0MzIyWhcNMjUwNTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMmQzMWEzZWVkZTFhNDRkZTJiMzU4NGE1NjQwNGNmYWQ0
MjQ2YWYzMDZmMzdjOTRmODkxZGYxMWUwZjkxNWIyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr9OMbj+JQiIRz83voUshm0Ggf68XJAfgbWwa2Fx2Mb0tS
+x1JV8HcaLcmlBFyODkhn7yEPCZzbb4ZZzT5QjuetrRIdFdHN/XHniusx5EK6OrT
yV0J5dp0BeOhaQ71pF9yjGtR23bHJgqRpnuMhOKDlPFBpDqTTp1AHwIrZ6JxXXnZ
yK/dz8ai0nbUcNAri+pqQk2AMm4KlXJys5EfLVpXP23ch9WQIbG9AQeFawGEl8t/
EmHPfI0yxFmnSGRejoHlEajwIb0gmTZFfmWg7jQVya2luSENU6m2vCJnTNrQHXyH
GVqfZC0XmRPENGJrIjZh967gV5fBVMETJ5TOzbovAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhED3uPkRuOOc7LOezMaCY9I4kJkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RjZGQ2NTk2LTYzZWUtNGU2NS1hMzRmLTcxNDQxOWI0YmY2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADjv/xQp9br2Pg/f7BoFS7x8gsvL
lWrjvTQdCZ0pOd5+CGprloIss9bZuZC7EXHj6PQcWQhoGS+bb816WmQft7L3dJmK
VPdLg4Y5FjleFNZ/fk8XUp/FK9Ntvgr7j9yLuXt6smxtsRrChZISx2sxoTsN2irZ
bx0pdpy0pffjK1/pNwZWk8VAmnbrKsq5oCxyAGmkA890FeLUigU6l5XzdM6FZCVN
ERvyApwSmhvabBj9aaSLNtbH5BmUfoOUmQA264L9uGSnSgKE7nHS1e9hl7n9md1o
CtRG6pjcI9dI8s08dMoOJyoi6HTszEGRP7yi6I0w4gjKoXQ+bPSj/62HBf8=
-----END CERTIFICATE-----