Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/eda29f3f-ea73-4628-9bdf-ee87f61d51c9.roa
File:                     eda29f3f-ea73-4628-9bdf-ee87f61d51c9.roa (raw, json)
Hash identifier:          /cY2uD0xFQKEX5opuLF/QugMHQTrq1qgU90iuiXtP6A=
Subject key identifier:   24:A0:70:BB:04:EB:88:6C:CD:8C:6E:5D:57:9A:27:AD:97:B1:BC:FF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       67BBC7E66942331B27DC1E86725470F2053E63FF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/eda29f3f-ea73-4628-9bdf-ee87f61d51c9.roa
Signing time:             Sun 23 Feb 2025 15:28:18 +0000
ROA not before:           Sun 23 Feb 2025 15:28:18 +0000
ROA not after:            Sun 30 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:bb:c7:e6:69:42:33:1b:27:dc:1e:86:72:54:70:f2:05:3e:63:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 23 15:28:18 2025 GMT
            Not After : Mar 30 23:59:59 2025 GMT
        Subject: serialNumber=e2f285fa31e38a34bdcfe98a4e9ede52f3679d7fd02b21d5c4031ca9f72aadb8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:13:f1:8a:46:7d:bc:1e:33:c1:c3:3a:76:66:
                    6c:d0:b9:6b:fe:38:ff:90:4a:9d:60:01:47:75:50:
                    a5:71:3d:0a:86:15:46:5d:c0:90:77:4c:91:e8:91:
                    9a:f2:7f:72:4b:09:8f:de:50:f6:7c:6e:b5:c0:af:
                    1a:c1:a4:ae:74:7f:a3:f6:02:4b:ca:8d:8a:28:f5:
                    d6:cc:0d:e7:4b:c5:16:89:89:e2:67:fc:e7:a5:45:
                    d7:56:45:7d:8f:cb:05:94:16:1c:37:ef:f3:02:ec:
                    0a:7f:ea:56:99:b3:f9:6c:ea:a1:68:77:63:dc:2d:
                    f4:cf:19:53:5b:30:d9:34:f6:42:d5:f5:62:25:70:
                    0e:21:24:10:b0:11:d2:cc:d1:01:6b:5a:6b:15:3a:
                    b4:a7:e6:69:3a:58:82:ba:24:17:75:8e:81:ea:18:
                    2f:c0:5c:55:09:9c:97:2c:39:e6:9e:31:b2:d4:f1:
                    f6:c3:85:6d:ce:8c:e6:1d:6d:fe:b4:3c:b9:d0:a6:
                    91:55:3e:56:b8:28:50:71:00:48:83:c9:af:dd:1a:
                    d7:e3:7d:16:12:33:09:3c:17:5d:ce:13:1e:57:6d:
                    6e:61:a3:f0:5a:02:cc:e1:3e:36:79:71:c2:bc:de:
                    dd:3f:22:b0:87:de:3f:8f:ba:8d:2d:d1:62:e3:31:
                    7c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A0:70:BB:04:EB:88:6C:CD:8C:6E:5D:57:9A:27:AD:97:B1:BC:FF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/eda29f3f-ea73-4628-9bdf-ee87f61d51c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:a1:eb:b5:24:7e:ee:56:5f:84:47:c7:a0:15:d5:65:c7:a7:
         e2:15:52:da:c6:e4:8f:76:4a:6b:ef:67:a3:81:f8:c4:ac:a2:
         1f:06:9e:73:9f:9e:58:93:81:6a:c6:ed:f4:21:ca:75:6e:c3:
         bc:6e:9e:e3:0e:16:23:73:b7:fa:ff:6f:c3:4a:74:24:7f:0f:
         d1:b9:bc:ea:59:ca:7e:98:c8:e8:72:ea:28:0a:ae:3a:f6:c1:
         0d:bb:73:d2:b1:b0:12:70:2a:c8:85:f7:ba:5b:06:4a:b0:53:
         e1:f9:77:4f:94:20:c9:02:6a:a5:11:f2:bf:61:e5:50:2c:94:
         03:9b:a7:88:f0:19:2c:c8:81:37:b6:c2:e7:c4:d2:42:3a:44:
         5c:41:0d:10:8e:f8:9d:8e:0d:cc:04:5e:d6:7a:3f:3f:15:f4:
         c9:86:99:71:b5:4d:4c:c7:dc:89:63:fc:68:89:d1:cb:19:35:
         69:03:e8:e5:f2:9b:fb:19:c4:51:ce:3f:0e:ec:97:1e:9f:4f:
         26:0f:ac:a2:fa:80:8a:15:b7:6b:a7:aa:15:97:5f:c4:b3:d3:
         91:86:9c:3c:ce:f7:6f:bf:a8:6b:09:31:ab:79:a9:ab:a3:0f:
         0f:f9:5d:2b:68:21:5b:dd:ee:49:50:01:08:1c:9c:95:20:34:
         6a:1e:a1:db
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ7vH5mlCMxsn3B6GclRw8gU+Y/8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjIzMTUyODE4WhcNMjUwMzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMmYyODVmYTMxZTM4YTM0YmRjZmU5OGE0ZTllZGU1MmYz
Njc5ZDdmZDAyYjIxZDVjNDAzMWNhOWY3MmFhZGI4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjE/GKRn28HjPBwzp2ZmzQuWv+OP+QSp1gAUd1UKVxPQqG
FUZdwJB3TJHokZryf3JLCY/eUPZ8brXArxrBpK50f6P2AkvKjYoo9dbMDedLxRaJ
ieJn/OelRddWRX2PywWUFhw37/MC7Ap/6laZs/ls6qFod2PcLfTPGVNbMNk09kLV
9WIlcA4hJBCwEdLM0QFrWmsVOrSn5mk6WIK6JBd1joHqGC/AXFUJnJcsOeaeMbLU
8fbDhW3OjOYdbf60PLnQppFVPla4KFBxAEiDya/dGtfjfRYSMwk8F13OEx5XbW5h
o/BaAszhPjZ5ccK83t0/IrCH3j+Puo0t0WLjMXyhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJKBwuwTriGzNjG5dV5onrZexvP8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VkYTI5ZjNmLWVhNzMtNDYyOC05YmRmLWVlODdmNjFkNTFjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAah67Ukfu5WX4RHx6AV1WXHp+IV
UtrG5I92SmvvZ6OB+MSsoh8GnnOfnliTgWrG7fQhynVuw7xunuMOFiNzt/r/b8NK
dCR/D9G5vOpZyn6YyOhy6igKrjr2wQ27c9KxsBJwKsiF97pbBkqwU+H5d0+UIMkC
aqUR8r9h5VAslAObp4jwGSzIgTe2wufE0kI6RFxBDRCO+J2ODcwEXtZ6Pz8V9MmG
mXG1TUzH3Ilj/GiJ0csZNWkD6OXym/sZxFHOPw7slx6fTyYPrKL6gIoVt2unqhWX
X8Sz05GGnDzO92+/qGsJMat5qaujDw/5XStoIVvd7klQAQgcnJUgNGoeods=
-----END CERTIFICATE-----