Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0fde3f46-596f-4491-876b-5ad1d84d3f8c.roa
File:                     0fde3f46-596f-4491-876b-5ad1d84d3f8c.roa (raw, json)
Hash identifier:          R8SRVer7SDvThdFOYy6XQiN1XxKDejc7gwSCMqA1xWU=
Subject key identifier:   5B:DF:CE:DE:A4:53:C8:4F:54:F0:80:90:78:2A:08:84:71:9D:B8:0A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7AC5B66A5B08E3B730F18FB5E2AEA88CDFA219E4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0fde3f46-596f-4491-876b-5ad1d84d3f8c.roa
Signing time:             Sun 16 Feb 2025 07:53:22 +0000
ROA not before:           Sun 16 Feb 2025 07:53:22 +0000
ROA not after:            Sun 23 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:c5:b6:6a:5b:08:e3:b7:30:f1:8f:b5:e2:ae:a8:8c:df:a2:19:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 16 07:53:22 2025 GMT
            Not After : Mar 23 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:25:f6:c5:89:d6:07:1c:32:a7:27:73:f4:5a:
                    3f:1b:fd:f6:35:50:a8:ef:d7:b0:8a:02:31:43:88:
                    04:f5:93:1e:ab:e0:f3:40:01:f3:68:09:f5:ed:b9:
                    d8:61:4f:aa:d4:9a:a7:f7:e6:a4:2d:4c:b8:25:67:
                    ef:43:fb:19:ff:67:05:21:1f:72:a3:ca:fb:84:4b:
                    e1:fa:de:18:87:93:7f:3d:0c:aa:ab:fe:27:7c:05:
                    c4:f9:06:65:d4:fe:1b:e9:1f:9e:18:7e:7a:3e:98:
                    1c:c9:de:a2:a5:1a:34:aa:fe:a6:12:24:fc:4b:25:
                    0e:bd:2e:f7:75:fb:a9:15:64:a5:85:eb:14:c1:2b:
                    59:42:1c:f1:06:27:88:1f:4a:4f:cb:5b:89:2f:4c:
                    65:ec:f1:db:84:cb:ad:a2:4e:97:03:b2:38:21:3b:
                    77:3e:e7:1d:d5:f0:e1:f5:d0:87:a3:dd:e3:83:92:
                    1b:87:d4:f4:8c:59:d9:2e:9e:80:15:e2:c9:6a:1b:
                    58:9b:bb:73:63:4e:1d:ce:9c:b5:62:58:a8:b8:12:
                    e5:77:c5:dc:b2:34:10:f5:39:32:7e:69:ab:08:9e:
                    15:f0:21:b8:8d:9a:59:a2:2f:18:8c:80:23:02:2c:
                    32:10:17:22:06:11:c6:e3:de:24:24:0b:ce:45:0c:
                    85:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:DF:CE:DE:A4:53:C8:4F:54:F0:80:90:78:2A:08:84:71:9D:B8:0A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0fde3f46-596f-4491-876b-5ad1d84d3f8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:a7:3e:42:13:1a:13:2e:d4:79:fb:7b:34:f3:6c:8f:f7:9b:
         89:cc:a3:1b:f3:06:38:79:18:99:21:a9:bc:f8:8e:50:a6:5b:
         e7:a2:8b:55:3d:cd:25:59:f4:27:b4:ed:5f:b3:c1:19:4c:5a:
         2d:72:c7:95:b3:03:0e:20:7d:fb:28:48:3f:c7:18:b4:5d:e1:
         20:5d:b3:b2:19:8f:bb:29:bf:e8:5a:9b:7b:cc:fe:9f:a2:55:
         8a:18:63:b6:86:a7:b7:ac:28:3c:01:9f:c4:c0:f0:78:3d:bb:
         7b:6d:89:fa:24:f6:6c:0a:a2:7e:9e:57:b4:4a:b5:a5:ee:14:
         ab:75:c2:cd:9e:48:cb:d7:5e:5f:9c:49:ac:ee:da:e5:b2:55:
         c9:ef:50:cc:82:30:b8:f6:a2:6f:a2:ac:10:5e:16:d5:eb:e4:
         0f:07:28:56:04:8e:e1:93:dd:bc:32:21:a6:63:38:38:8c:fe:
         43:1e:c7:f1:85:91:78:ad:d6:e1:0e:84:c2:c1:2f:ac:57:5f:
         a7:73:af:6d:4a:65:12:5d:c8:b4:d5:86:53:68:ef:3d:54:f2:
         40:83:ef:d5:b3:92:b1:e7:f5:fd:af:f3:eb:19:87:b6:a8:19:
         df:06:67:da:75:cc:e6:eb:a0:69:d5:cd:3d:5b:df:e7:fa:c8:
         da:f7:66:31
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUesW2alsI47cw8Y+14q6ojN+iGeQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjE2MDc1MzIyWhcNMjUwMzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiM2ExNjE4MmQ0YTI3MTA3MWRkYjFlMDQ4Y2YwNjA4MWFj
NWYyOGZlNDUyNTA4NTFhYTBkNjg4ZDU4NDVmOWRkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMJfbFidYHHDKnJ3P0Wj8b/fY1UKjv17CKAjFDiAT1kx6r
4PNAAfNoCfXtudhhT6rUmqf35qQtTLglZ+9D+xn/ZwUhH3KjyvuES+H63hiHk389
DKqr/id8BcT5BmXU/hvpH54Yfno+mBzJ3qKlGjSq/qYSJPxLJQ69Lvd1+6kVZKWF
6xTBK1lCHPEGJ4gfSk/LW4kvTGXs8duEy62iTpcDsjghO3c+5x3V8OH10Iej3eOD
khuH1PSMWdkunoAV4slqG1ibu3NjTh3OnLViWKi4EuV3xdyyNBD1OTJ+aasInhXw
IbiNmlmiLxiMgCMCLDIQFyIGEcbj3iQkC85FDIW3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUW9/O3qRTyE9U8ICQeCoIhHGduAowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBmZGUzZjQ2LTU5NmYtNDQ5MS04NzZiLTVhZDFkODRkM2Y4Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKWnPkITGhMu1Hn7ezTzbI/3m4nM
oxvzBjh5GJkhqbz4jlCmW+eii1U9zSVZ9Ce07V+zwRlMWi1yx5WzAw4gffsoSD/H
GLRd4SBds7IZj7spv+ham3vM/p+iVYoYY7aGp7esKDwBn8TA8Hg9u3ttifok9mwK
on6eV7RKtaXuFKt1ws2eSMvXXl+cSazu2uWyVcnvUMyCMLj2om+irBBeFtXr5A8H
KFYEjuGT3bwyIaZjODiM/kMex/GFkXit1uEOhMLBL6xXX6dzr21KZRJdyLTVhlNo
7z1U8kCD79WzkrHn9f2v8+sZh7aoGd8GZ9p1zObroGnVzT1b3+f6yNr3ZjE=
-----END CERTIFICATE-----