Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7cbbd40e-4a6e-416f-84d0-f74951ae6eed.roa
File:                     7cbbd40e-4a6e-416f-84d0-f74951ae6eed.roa (raw, json)
Hash identifier:          3pkNOJFm90K8xLdXGkD4FX+R25AUsPd6oJfzG/dLd+E=
Subject key identifier:   CD:66:38:7C:0E:6D:76:5B:4C:95:6A:92:CD:36:2E:AF:E1:70:5D:EC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6084A691596AB5674B9A41AB040FAE6A5C30867E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7cbbd40e-4a6e-416f-84d0-f74951ae6eed.roa
Signing time:             Mon 24 Feb 2025 16:08:20 +0000
ROA not before:           Mon 24 Feb 2025 16:08:20 +0000
ROA not after:            Mon 31 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:84:a6:91:59:6a:b5:67:4b:9a:41:ab:04:0f:ae:6a:5c:30:86:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 24 16:08:20 2025 GMT
            Not After : Mar 31 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:33:9d:9c:e8:b8:ec:6e:a2:a9:fc:f3:76:95:
                    21:ce:cc:36:93:fb:9b:65:13:cc:dd:4c:9f:4f:4d:
                    c5:da:01:09:ee:1f:92:6d:85:fc:ef:0e:c7:3e:42:
                    e5:f2:87:6f:5f:ce:67:0a:f8:9c:46:fa:0d:3d:3a:
                    e5:7f:6f:28:b5:54:68:d5:f4:68:b1:56:99:9e:33:
                    f8:de:9b:89:12:0e:28:ed:75:19:25:58:0b:61:aa:
                    52:3f:1a:83:1e:ff:48:94:ba:14:dd:14:2b:7c:4d:
                    26:39:3b:a7:80:aa:af:a1:37:4f:7f:df:eb:24:88:
                    ae:12:4b:ed:29:04:74:0b:e1:8d:9d:59:b1:6c:ce:
                    93:05:af:47:f3:a2:e6:22:06:d4:63:5d:e6:ff:89:
                    01:13:9f:be:2f:0c:74:8a:04:6e:e2:42:be:83:96:
                    22:2e:95:57:c2:7f:1a:06:a5:4d:70:56:78:50:38:
                    dd:50:ed:f8:81:b7:cc:ae:cb:81:12:28:c3:41:fa:
                    a0:69:ce:ed:29:1d:fe:b9:05:1d:be:0b:e0:0d:2b:
                    75:d0:98:73:34:b9:aa:96:83:80:e4:a6:49:c8:4e:
                    93:2d:ae:5a:ae:10:40:96:b6:3a:60:0c:4f:04:d5:
                    e2:02:6b:66:4b:46:e6:e0:e6:a0:aa:7a:97:c4:28:
                    9c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:66:38:7C:0E:6D:76:5B:4C:95:6A:92:CD:36:2E:AF:E1:70:5D:EC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7cbbd40e-4a6e-416f-84d0-f74951ae6eed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:ad:25:f8:f0:b0:c1:02:32:a0:fd:e7:ac:22:46:dc:84:6c:
         9d:5f:32:1d:49:f0:53:43:44:fd:b7:7a:ae:4d:bb:30:58:91:
         95:51:53:92:cf:73:ab:5c:44:b9:c8:63:ab:22:23:6c:6e:52:
         c2:50:68:5d:3c:a2:82:5e:c4:42:9c:5d:57:75:60:ec:b0:b5:
         dc:ea:fb:b0:78:14:73:8f:a5:c2:8a:0b:b2:df:df:43:4e:e9:
         76:9c:79:c7:f5:7c:74:f0:64:9a:c1:5f:a1:51:ed:6c:6f:f3:
         0d:6d:7d:5f:23:10:53:af:3f:23:2b:e0:0a:ea:84:f1:02:a4:
         e1:b9:87:8e:19:9c:0d:5a:d5:bf:1f:4f:0e:ee:ef:48:f7:f8:
         26:ea:53:ec:85:43:ad:c9:2b:97:2c:68:2a:f2:50:2f:74:30:
         4a:44:38:16:bb:6c:e7:d7:de:28:21:7b:b4:79:76:65:a9:73:
         e3:d7:f6:2c:36:93:c5:f6:7c:c7:c7:ed:09:5f:75:31:c7:5f:
         29:fa:5e:81:fd:6c:05:82:7f:27:2b:03:50:f1:90:6c:6a:d3:
         c3:ae:99:2b:dd:63:cd:ce:96:1b:f2:76:d5:61:8f:e7:80:8f:
         c8:dc:4d:84:3c:52:b0:e6:81:c3:33:7a:a2:cd:70:44:5f:0a:
         8b:85:33:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYISmkVlqtWdLmkGrBA+ualwwhn4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjI0MTYwODIwWhcNMjUwMzMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NzdkZWM5ZDZmYzMxNTdkM2IwMWViNDk5Mzk1NzI2OTky
ZTY1ZDdkZThmYzcxM2FlY2VkNTRjZDYzZGFkZTI0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnM52c6LjsbqKp/PN2lSHOzDaT+5tlE8zdTJ9PTcXaAQnu
H5JthfzvDsc+QuXyh29fzmcK+JxG+g09OuV/byi1VGjV9GixVpmeM/jem4kSDijt
dRklWAthqlI/GoMe/0iUuhTdFCt8TSY5O6eAqq+hN09/3+skiK4SS+0pBHQL4Y2d
WbFszpMFr0fzouYiBtRjXeb/iQETn74vDHSKBG7iQr6DliIulVfCfxoGpU1wVnhQ
ON1Q7fiBt8yuy4ESKMNB+qBpzu0pHf65BR2+C+ANK3XQmHM0uaqWg4DkpknITpMt
rlquEECWtjpgDE8E1eICa2ZLRubg5qCqepfEKJzLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzWY4fA5tdltMlWqSzTYur+FwXewwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdjYmJkNDBlLTRhNmUtNDE2Zi04NGQwLWY3NDk1MWFlNmVlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJutJfjwsMECMqD956wiRtyEbJ1f
Mh1J8FNDRP23eq5NuzBYkZVRU5LPc6tcRLnIY6siI2xuUsJQaF08ooJexEKcXVd1
YOywtdzq+7B4FHOPpcKKC7Lf30NO6Xacecf1fHTwZJrBX6FR7Wxv8w1tfV8jEFOv
PyMr4ArqhPECpOG5h44ZnA1a1b8fTw7u70j3+CbqU+yFQ63JK5csaCryUC90MEpE
OBa7bOfX3ighe7R5dmWpc+PX9iw2k8X2fMfH7QlfdTHHXyn6XoH9bAWCfycrA1Dx
kGxq08OumSvdY83OlhvydtVhj+eAj8jcTYQ8UrDmgcMzeqLNcERfCouFM40=
-----END CERTIFICATE-----