Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e0ef25bf-6ae9-4d0c-9d72-c6e7f1592865.roa
File:                     e0ef25bf-6ae9-4d0c-9d72-c6e7f1592865.roa (raw, json)
Hash identifier:          WGLysY93Ebke++vakp1iF6cOF7rACFU8pt0zyX0icMI=
Subject key identifier:   D2:17:52:75:56:69:33:FC:E0:9D:2C:56:51:70:D4:77:AE:2E:D1:20
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7D24D4A68425FC171513590BCB56FA88BDEAD552
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e0ef25bf-6ae9-4d0c-9d72-c6e7f1592865.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:24:d4:a6:84:25:fc:17:15:13:59:0b:cb:56:fa:88:bd:ea:d5:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:be:1e:7d:34:be:71:c2:87:07:68:d7:3d:55:
                    5f:e0:2c:d7:75:6b:1e:b2:c9:83:a8:49:38:1f:69:
                    aa:cb:ad:3e:06:d8:53:78:5b:f7:d7:6e:84:c6:f8:
                    7e:a5:67:0b:ad:4f:2b:26:ac:4b:59:60:a3:d3:53:
                    09:2f:50:b6:f2:32:2d:8e:81:00:76:68:90:ec:03:
                    f0:ee:d9:ee:5b:7a:04:b4:de:3e:18:db:99:a4:5f:
                    87:fe:49:8d:fb:d5:23:47:61:3a:83:14:fe:ef:a6:
                    a3:6d:1f:b7:44:33:ba:23:c2:78:c9:13:03:48:7f:
                    2d:0c:09:8b:27:0b:f6:41:97:78:37:9b:49:d8:74:
                    35:03:36:3c:d7:c4:04:c3:ab:8b:59:0e:aa:da:1e:
                    bf:44:16:2b:5b:c1:66:3e:cc:ac:ef:be:76:20:a3:
                    03:1a:6e:94:c3:5e:61:36:70:41:d6:f2:11:0c:90:
                    95:f2:ba:0f:6d:09:6a:e3:50:7c:e1:16:07:9c:70:
                    e8:88:2e:88:44:eb:72:c2:86:9f:4b:96:d8:dd:4d:
                    94:f8:bc:61:f5:8b:0f:db:63:73:eb:30:55:a1:fc:
                    ae:70:15:e1:7c:70:71:f3:dd:73:1a:61:66:fa:e0:
                    3a:c3:4f:b9:49:4b:8f:10:ad:6b:b9:a1:a1:d7:0d:
                    4e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:17:52:75:56:69:33:FC:E0:9D:2C:56:51:70:D4:77:AE:2E:D1:20
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e0ef25bf-6ae9-4d0c-9d72-c6e7f1592865.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:92:6a:3a:6f:1b:84:df:a5:09:5f:f2:36:84:3b:b7:63:50:
         3e:03:5a:9a:c2:11:24:e5:2c:c0:f2:55:d2:84:d7:49:fd:c5:
         8a:74:df:24:81:23:49:66:46:58:34:22:dd:2b:5a:5f:98:81:
         42:21:6b:ea:c1:5a:0a:ec:98:c8:da:48:e9:7c:eb:d6:12:36:
         4f:39:51:de:d7:86:b8:69:5f:51:c6:07:3f:12:4c:3b:52:a4:
         72:90:29:19:1f:59:b9:b6:fe:9c:03:a2:87:f7:a3:f2:02:96:
         40:e6:63:72:7d:bc:66:e6:26:da:21:c6:51:ba:a4:8c:64:33:
         17:cf:96:03:6d:7f:c1:de:b5:92:dc:94:df:aa:be:1a:06:2f:
         11:7f:5d:36:54:d1:69:85:f4:4d:5a:96:52:b1:c0:a4:c5:36:
         d1:f0:26:9f:f1:f4:d6:ff:f4:ed:a8:0b:25:ac:fb:43:a6:db:
         c7:31:7d:a6:c2:cf:12:6b:dd:79:f4:e2:b8:9f:8f:c0:4e:37:
         26:b9:45:b2:33:bc:4c:48:8a:f7:dd:73:5c:2a:04:2c:6e:47:
         8c:20:12:66:9f:9c:60:38:2c:c0:87:b8:ff:4b:bd:45:b0:85:
         ac:a5:a6:3d:58:62:98:5f:e7:be:58:84:87:85:18:78:1b:95:
         39:4f:c6:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfSTUpoQl/BcVE1kLy1b6iL3q1VIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwODA4NGRhN2Q0MmY1NDczZjQ5YzJmOTg3MGM2YjMzNTI0
NDQ5MDQ2ZmJjYjk1ZDkzOTg4OTE0NDgwZGIxZDI2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVvh59NL5xwocHaNc9VV/gLNd1ax6yyYOoSTgfaarLrT4G
2FN4W/fXboTG+H6lZwutTysmrEtZYKPTUwkvULbyMi2OgQB2aJDsA/Du2e5begS0
3j4Y25mkX4f+SY371SNHYTqDFP7vpqNtH7dEM7ojwnjJEwNIfy0MCYsnC/ZBl3g3
m0nYdDUDNjzXxATDq4tZDqraHr9EFitbwWY+zKzvvnYgowMabpTDXmE2cEHW8hEM
kJXyug9tCWrjUHzhFgeccOiILohE63LChp9LltjdTZT4vGH1iw/bY3PrMFWh/K5w
FeF8cHHz3XMaYWb64DrDT7lJS48QrWu5oaHXDU4dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0hdSdVZpM/zgnSxWUXDUd64u0SAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2UwZWYyNWJmLTZhZTktNGQwYy05ZDcyLWM2ZTdmMTU5Mjg2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALCSajpvG4TfpQlf8jaEO7djUD4D
WprCESTlLMDyVdKE10n9xYp03ySBI0lmRlg0It0rWl+YgUIha+rBWgrsmMjaSOl8
69YSNk85Ud7XhrhpX1HGBz8STDtSpHKQKRkfWbm2/pwDoof3o/IClkDmY3J9vGbm
JtohxlG6pIxkMxfPlgNtf8HetZLclN+qvhoGLxF/XTZU0WmF9E1allKxwKTFNtHw
Jp/x9Nb/9O2oCyWs+0Om28cxfabCzxJr3Xn04rifj8BONya5RbIzvExIivfdc1wq
BCxuR4wgEmafnGA4LMCHuP9LvUWwhaylpj1YYphf575YhIeFGHgblTlPxgA=
-----END CERTIFICATE-----