Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/06393e9e-c671-4fe1-99ca-c54b3d782479.roa
File:                     06393e9e-c671-4fe1-99ca-c54b3d782479.roa (raw, json)
Hash identifier:          Ytq0dvOAV6fSZthIGdzPGnCPlJpkzfaGiCHjaDG/S0o=
Subject key identifier:   FE:94:FE:49:5C:24:EC:41:91:FD:0D:53:74:8A:8D:74:32:BF:BD:F4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3DA9647DE8C0BC816DDA19431EFAF0B6E3B24B26
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/06393e9e-c671-4fe1-99ca-c54b3d782479.roa
Signing time:             Sun 07 Apr 2024 00:00:00 +0000
ROA not before:           Sun 07 Apr 2024 00:00:00 +0000
ROA not after:            Sun 12 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:a9:64:7d:e8:c0:bc:81:6d:da:19:43:1e:fa:f0:b6:e3:b2:4b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  7 00:00:00 2024 GMT
            Not After : May 12 23:59:59 2024 GMT
        Subject: serialNumber=a755627fa9c16a307175ed109eb25c7246ce8697b8535d859b66a613a8b71ab1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:45:f6:c5:e0:30:ea:2f:99:fe:4e:13:6c:da:
                    14:ef:44:e7:2b:84:eb:08:db:87:0e:5b:f4:03:44:
                    f9:b2:36:d2:4b:c6:4d:71:90:63:e9:d7:ce:a2:3b:
                    1e:a8:fb:d7:1c:2c:95:7a:fb:50:e0:c9:c6:3f:c3:
                    4e:06:a3:e2:9e:b4:d6:5d:e1:78:76:72:47:60:fe:
                    47:0d:8f:50:04:b2:70:cf:79:f9:e2:68:8a:6d:de:
                    12:89:e3:c3:79:84:e8:72:93:b3:0f:20:5f:58:7d:
                    e5:64:52:cf:33:da:ea:4a:17:1d:ce:e0:9c:f2:0e:
                    d4:ad:74:7b:c3:a5:f3:1b:ae:3f:8a:c3:da:01:38:
                    92:3e:d4:be:e9:66:b2:5e:04:b4:b8:eb:ff:40:14:
                    2d:db:27:a0:76:76:91:82:0d:4c:91:5a:18:ff:90:
                    a8:36:92:dc:db:b4:d3:53:66:3b:4a:68:35:0a:cd:
                    32:8b:91:de:99:0c:cb:b4:a0:be:7c:51:65:1d:36:
                    67:12:2a:5f:48:1a:90:a5:b6:02:82:76:0c:32:93:
                    3a:69:1e:64:96:f6:ba:1b:ec:40:9f:62:d4:be:cf:
                    f3:1c:e8:28:60:8b:ee:7e:d6:70:3e:1e:50:b4:62:
                    41:72:3f:e8:47:10:47:70:34:84:a9:75:ca:58:2f:
                    4f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:94:FE:49:5C:24:EC:41:91:FD:0D:53:74:8A:8D:74:32:BF:BD:F4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/06393e9e-c671-4fe1-99ca-c54b3d782479.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:2b:b9:8f:1a:11:a1:fd:97:a4:a9:51:ad:d0:ed:b5:42:30:
         6c:21:25:db:6a:4b:81:08:0f:42:62:53:71:cc:82:92:17:7e:
         3d:9b:a3:ea:ff:ee:fe:e5:fc:05:83:ce:93:f4:30:a4:7d:73:
         f8:d4:2b:d3:f9:83:c3:27:eb:da:2b:8b:b8:83:7b:50:99:17:
         2f:50:e8:62:3c:1e:37:0a:52:86:e4:9a:02:eb:e2:fa:7b:66:
         67:ff:16:bf:e4:03:ac:f5:da:64:8c:ea:26:71:64:d9:6b:16:
         66:41:8f:79:16:3b:dd:e7:07:a9:af:ab:1e:97:41:c9:08:9a:
         d7:7f:15:27:69:c8:80:ee:fa:fe:f0:b4:54:8b:b1:a1:00:4c:
         02:88:38:e5:8e:78:31:c6:61:5d:c0:0f:a9:9b:25:4e:3a:25:
         cb:0b:23:e7:c3:23:75:d8:53:a7:a3:74:1e:00:97:5e:34:1b:
         da:48:7e:b1:13:0e:4f:96:6b:b4:69:30:f9:89:71:a9:b2:16:
         25:2e:0a:ed:4e:c1:4a:e8:e4:dc:c1:ba:ee:5f:d8:3a:3b:4e:
         5e:f5:38:aa:33:9d:8f:8f:55:29:be:29:0a:d6:fb:8c:60:1e:
         5a:ba:6d:e8:b7:31:4c:0d:f8:9c:ad:41:c6:f8:8c:b5:11:08:
         35:93:83:cc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPalkfejAvIFt2hlDHvrwtuOySyYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDA3MDAwMDAwWhcNMjQwNTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzU1NjI3ZmE5YzE2YTMwNzE3NWVkMTA5ZWIyNWM3MjQ2
Y2U4Njk3Yjg1MzVkODU5YjY2YTYxM2E4YjcxYWIxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClRfbF4DDqL5n+ThNs2hTvROcrhOsI24cOW/QDRPmyNtJL
xk1xkGPp186iOx6o+9ccLJV6+1DgycY/w04Go+KetNZd4Xh2ckdg/kcNj1AEsnDP
efniaIpt3hKJ48N5hOhyk7MPIF9YfeVkUs8z2upKFx3O4JzyDtStdHvDpfMbrj+K
w9oBOJI+1L7pZrJeBLS46/9AFC3bJ6B2dpGCDUyRWhj/kKg2ktzbtNNTZjtKaDUK
zTKLkd6ZDMu0oL58UWUdNmcSKl9IGpCltgKCdgwykzppHmSW9rob7ECfYtS+z/Mc
6Chgi+5+1nA+HlC0YkFyP+hHEEdwNISpdcpYL08FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/pT+SVwk7EGR/Q1TdIqNdDK/vfQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzA2MzkzZTllLWM2NzEtNGZlMS05OWNhLWM1NGIzZDc4MjQ3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKQruY8aEaH9l6SpUa3Q7bVCMGwh
JdtqS4EID0JiU3HMgpIXfj2bo+r/7v7l/AWDzpP0MKR9c/jUK9P5g8Mn69ori7iD
e1CZFy9Q6GI8HjcKUobkmgLr4vp7Zmf/Fr/kA6z12mSM6iZxZNlrFmZBj3kWO93n
B6mvqx6XQckImtd/FSdpyIDu+v7wtFSLsaEATAKIOOWOeDHGYV3AD6mbJU46JcsL
I+fDI3XYU6ejdB4Al140G9pIfrETDk+Wa7RpMPmJcamyFiUuCu1OwUro5NzBuu5f
2Do7Tl71OKoznY+PVSm+KQrW+4xgHlq6bei3MUwN+JytQcb4jLURCDWTg8w=
-----END CERTIFICATE-----