Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0c1aa823-942b-4326-8c75-e4efc129f0c2.roa
File:                     0c1aa823-942b-4326-8c75-e4efc129f0c2.roa (raw, json)
Hash identifier:          aG5n5GBuas49cGjYEO5HW84XMDV4tt80XPPRjeoU2C0=
Subject key identifier:   B2:EA:36:DA:F7:91:30:48:8E:1C:2C:79:15:E0:C6:06:DD:FB:AB:05
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       617D03C56AF07EB29DCF869177181768F4B394D3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0c1aa823-942b-4326-8c75-e4efc129f0c2.roa
Signing time:             Mon 09 Sep 2024 00:00:00 +0000
ROA not before:           Mon 09 Sep 2024 00:00:00 +0000
ROA not after:            Mon 14 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:7d:03:c5:6a:f0:7e:b2:9d:cf:86:91:77:18:17:68:f4:b3:94:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  9 00:00:00 2024 GMT
            Not After : Oct 14 23:59:59 2024 GMT
        Subject: serialNumber=a55a550593096c64f2b7ac9ac2ff5845e6311392c227c0b280dbd8fa81d72e22, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f7:70:0e:1f:22:9c:5a:83:32:08:fe:aa:3a:
                    f1:63:2b:80:f0:07:2e:09:5d:50:52:4e:5b:6a:f8:
                    a6:8b:73:22:d8:c5:62:c2:a0:02:8d:fb:ef:13:fc:
                    a2:81:37:8c:50:5a:b9:0a:0b:c8:53:88:5a:86:12:
                    17:0b:b3:8c:f6:81:0c:96:1b:7c:be:3d:c3:00:71:
                    84:a8:ce:fd:4e:db:b1:6f:b5:7d:6f:e3:b5:dd:b1:
                    d9:cb:f6:6b:02:a4:50:14:10:64:5f:28:a3:de:a6:
                    40:54:76:f3:1d:a5:c6:03:a0:9d:6a:1e:43:10:a7:
                    71:3b:95:52:f4:cf:a6:76:95:b5:35:8e:73:24:01:
                    7a:8b:c6:7e:04:c7:a9:c6:a1:15:81:01:76:f1:7a:
                    a0:01:b5:b8:d2:c7:33:f5:21:1c:67:35:d7:b3:4d:
                    a9:a5:7c:dc:31:63:da:c2:95:7e:0a:01:1d:9f:5a:
                    77:d7:14:dc:34:d0:85:5d:9f:0e:1e:d3:4c:48:bd:
                    0f:82:63:89:5a:d4:7a:93:a1:d9:2f:27:67:24:ee:
                    87:dc:1d:c3:6a:09:01:fd:8f:df:8e:0e:36:53:bc:
                    a5:0f:0d:eb:07:e3:47:bf:9f:d6:9e:1e:1b:6d:bd:
                    19:c3:2d:b5:9e:e8:7a:14:1e:22:3a:59:78:f4:d4:
                    a1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:EA:36:DA:F7:91:30:48:8E:1C:2C:79:15:E0:C6:06:DD:FB:AB:05
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0c1aa823-942b-4326-8c75-e4efc129f0c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:65:62:ad:c6:20:b7:6a:94:25:c2:12:08:42:a0:3a:eb:ed:
         e9:e3:6c:3b:c2:bd:56:98:8c:95:87:64:07:bc:8e:ef:a8:b1:
         8f:b9:56:8b:b1:7c:e6:37:9f:93:1d:fc:90:92:54:86:f9:30:
         14:ff:53:bd:9b:a7:c9:5c:09:02:8e:f2:a5:35:37:51:e5:79:
         52:0e:e4:93:4b:95:5a:79:5c:43:55:b6:4b:7c:d4:03:19:b1:
         2d:28:e9:aa:b2:b3:7b:a0:bb:3f:54:ff:90:ea:b6:f3:2a:43:
         66:7a:9f:06:c4:d9:53:63:df:de:b4:70:e6:47:8f:b3:17:04:
         a1:ca:dd:cf:ce:50:f0:64:5f:a8:bb:e6:5b:e4:30:83:6d:d1:
         07:e4:8e:39:20:9c:45:b4:d4:53:ad:4f:92:62:af:9e:74:66:
         08:d7:1c:e0:52:43:e8:9c:8f:06:34:1c:36:5f:71:da:ef:72:
         9a:2e:e0:5d:e7:43:e7:fd:9d:38:69:38:89:62:6c:e9:61:5a:
         69:30:36:f8:68:68:b2:48:ce:e6:49:9f:31:0f:30:d6:b2:91:
         b0:98:16:2a:0b:b8:3c:f8:50:c7:31:f4:7c:19:8b:85:71:ae:
         93:8c:64:cf:c5:00:fc:d2:64:88:1f:eb:12:50:8e:84:6e:11:
         d4:47:f9:86
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYX0DxWrwfrKdz4aRdxgXaPSzlNMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwOTA5MDAwMDAwWhcNMjQxMDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNTVhNTUwNTkzMDk2YzY0ZjJiN2FjOWFjMmZmNTg0NWU2
MzExMzkyYzIyN2MwYjI4MGRiZDhmYTgxZDcyZTIyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu93AOHyKcWoMyCP6qOvFjK4DwBy4JXVBSTltq+KaLcyLY
xWLCoAKN++8T/KKBN4xQWrkKC8hTiFqGEhcLs4z2gQyWG3y+PcMAcYSozv1O27Fv
tX1v47XdsdnL9msCpFAUEGRfKKPepkBUdvMdpcYDoJ1qHkMQp3E7lVL0z6Z2lbU1
jnMkAXqLxn4Ex6nGoRWBAXbxeqABtbjSxzP1IRxnNdezTamlfNwxY9rClX4KAR2f
WnfXFNw00IVdnw4e00xIvQ+CY4la1HqTodkvJ2ck7ofcHcNqCQH9j9+ODjZTvKUP
DesH40e/n9aeHhttvRnDLbWe6HoUHiI6WXj01KFFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsuo22veRMEiOHCx5FeDGBt37qwUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBjMWFhODIzLTk0MmItNDMyNi04Yzc1LWU0ZWZjMTI5ZjBjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIFlYq3GILdqlCXCEghCoDrr7enj
bDvCvVaYjJWHZAe8ju+osY+5VouxfOY3n5Md/JCSVIb5MBT/U72bp8lcCQKO8qU1
N1HleVIO5JNLlVp5XENVtkt81AMZsS0o6aqys3uguz9U/5DqtvMqQ2Z6nwbE2VNj
3960cOZHj7MXBKHK3c/OUPBkX6i75lvkMINt0QfkjjkgnEW01FOtT5Jir550ZgjX
HOBSQ+icjwY0HDZfcdrvcpou4F3nQ+f9nThpOIlibOlhWmkwNvhoaLJIzuZJnzEP
MNaykbCYFioLuDz4UMcx9HwZi4VxrpOMZM/FAPzSZIgf6xJQjoRuEdRH+YY=
-----END CERTIFICATE-----