Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/83b9ce82-42c7-44d6-8a21-d1f7477f3e3b.roa
File:                     83b9ce82-42c7-44d6-8a21-d1f7477f3e3b.roa (raw, json)
Hash identifier:          TgxalHIEshiCnxJvWWGgU+i8A9HWbld4INTJmtNXvNY=
Subject key identifier:   1E:AB:85:73:FC:DA:B6:C0:DB:54:CE:90:9C:2E:9E:CE:AE:E3:8A:36
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0901DF2FA8A824465910E443FA851A50140EB02D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/83b9ce82-42c7-44d6-8a21-d1f7477f3e3b.roa
Signing time:             Fri 07 Feb 2025 00:00:00 +0000
ROA not before:           Fri 07 Feb 2025 00:00:00 +0000
ROA not after:            Fri 14 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:01:df:2f:a8:a8:24:46:59:10:e4:43:fa:85:1a:50:14:0e:b0:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  7 00:00:00 2025 GMT
            Not After : Mar 14 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d5:4f:55:da:91:06:75:4c:f5:b0:21:90:a4:
                    89:11:81:81:1f:9e:22:c1:44:13:c3:e5:f4:8b:a0:
                    96:ee:fa:3d:d5:82:f4:d6:9d:15:43:38:61:92:a3:
                    92:10:a0:d5:8d:6e:bf:3a:d3:c5:d1:c3:60:d5:cb:
                    22:0a:7f:aa:47:e4:d8:4e:c6:93:5c:eb:02:24:76:
                    8e:db:2b:93:6c:10:96:bd:c7:37:20:1a:4f:6f:9c:
                    cd:2a:cf:bc:a7:b7:28:4a:2b:2e:ce:c1:3f:22:7e:
                    13:bb:d3:ed:8a:91:53:46:0f:33:07:00:e0:84:cd:
                    38:2a:34:59:0f:31:37:70:ff:59:30:63:71:13:e8:
                    48:2c:12:6b:b8:9d:42:61:3f:6d:41:df:7c:43:2c:
                    67:d8:5f:bb:ae:c2:6a:c2:f5:19:87:64:83:aa:45:
                    7e:b3:d0:b8:9a:4a:a5:47:e0:3d:07:2c:45:bb:81:
                    f3:4a:76:36:c6:a5:7a:56:e1:b1:0b:cd:14:36:b3:
                    6d:50:6e:46:86:ce:fc:b9:66:8d:3f:ed:5a:85:da:
                    c1:2f:56:0e:d2:bd:02:c8:6f:3e:75:9b:0b:20:09:
                    da:7d:8d:36:0f:7c:d1:fc:58:bb:9a:be:37:61:bc:
                    ae:7c:cb:66:6a:00:9b:53:95:d3:9a:63:e5:4e:a9:
                    12:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:AB:85:73:FC:DA:B6:C0:DB:54:CE:90:9C:2E:9E:CE:AE:E3:8A:36
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/83b9ce82-42c7-44d6-8a21-d1f7477f3e3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:04:28:3d:c8:a2:54:b8:16:73:97:01:fc:85:e3:96:09:59:
         4e:33:20:94:83:9a:31:07:1d:ec:3b:8d:82:4b:d1:88:7d:00:
         bc:ff:22:28:62:dd:20:db:3c:96:70:56:ac:2f:73:81:ec:5e:
         6b:c8:a9:bc:99:3a:48:a9:cd:a4:ef:cd:d2:60:59:4b:4a:c6:
         be:39:1e:d5:0c:ca:df:38:ab:7b:6e:61:b5:9f:e5:de:47:7e:
         67:96:da:5e:53:e7:74:06:9f:d6:df:49:3a:c2:0f:63:3b:ec:
         f4:c8:7b:5b:1e:37:66:78:75:3b:de:75:b8:47:31:19:a4:d7:
         2f:91:f1:f2:1c:d1:e1:99:75:ff:bf:56:d2:36:a3:10:ae:86:
         4c:12:9c:fe:17:62:7b:83:7e:32:b2:ae:2a:c0:e4:f3:06:ab:
         82:76:fd:c8:2c:c8:66:b3:c9:c8:6f:33:b6:f3:2f:34:1d:f7:
         66:09:7e:e8:79:c8:81:68:41:60:61:80:f0:28:d4:26:b8:93:
         5a:0d:f6:5e:31:ef:0f:5b:f2:5f:40:2a:9f:36:7d:3e:e7:23:
         d8:64:2c:3f:cc:f6:78:89:8c:90:96:6d:4e:e4:fa:de:37:f7:
         4f:68:c6:88:d3:36:17:f8:d5:4b:f2:76:e9:30:70:30:e9:a3:
         ce:f8:a6:8a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCQHfL6ioJEZZEORD+oUaUBQOsC0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjA3MDAwMDAwWhcNMjUwMzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDA5MDM3NmVhZGM3NzZmNmNjNDgwYzFkZWI5OGNiYjI4
NDFlYTk2YjgyYTRjODhhODU5ZGQ1YTJiZTI3YTViMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu1U9V2pEGdUz1sCGQpIkRgYEfniLBRBPD5fSLoJbu+j3V
gvTWnRVDOGGSo5IQoNWNbr8608XRw2DVyyIKf6pH5NhOxpNc6wIkdo7bK5NsEJa9
xzcgGk9vnM0qz7yntyhKKy7OwT8ifhO70+2KkVNGDzMHAOCEzTgqNFkPMTdw/1kw
Y3ET6EgsEmu4nUJhP21B33xDLGfYX7uuwmrC9RmHZIOqRX6z0LiaSqVH4D0HLEW7
gfNKdjbGpXpW4bELzRQ2s21QbkaGzvy5Zo0/7VqF2sEvVg7SvQLIbz51mwsgCdp9
jTYPfNH8WLuavjdhvK58y2ZqAJtTldOaY+VOqRJrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHquFc/zatsDbVM6QnC6ezq7jijYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgzYjljZTgyLTQyYzctNDRkNi04YTIxLWQxZjc0NzdmM2UzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABwEKD3IolS4FnOXAfyF45YJWU4z
IJSDmjEHHew7jYJL0Yh9ALz/Iihi3SDbPJZwVqwvc4HsXmvIqbyZOkipzaTvzdJg
WUtKxr45HtUMyt84q3tuYbWf5d5HfmeW2l5T53QGn9bfSTrCD2M77PTIe1seN2Z4
dTvedbhHMRmk1y+R8fIc0eGZdf+/VtI2oxCuhkwSnP4XYnuDfjKyrirA5PMGq4J2
/cgsyGazychvM7bzLzQd92YJfuh5yIFoQWBhgPAo1Ca4k1oN9l4x7w9b8l9AKp82
fT7nI9hkLD/M9niJjJCWbU7k+t43909oxojTNhf41UvydukwcDDpo874poo=
-----END CERTIFICATE-----