Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d482ca2-4433-4574-9d96-cd5df156dfd0.roa
File:                     0d482ca2-4433-4574-9d96-cd5df156dfd0.roa (raw, json)
Hash identifier:          CUo3ONQAeWkS/B4lC4S+qzfya2K7R+pt5DZr2mympwU=
Subject key identifier:   66:DB:29:EB:07:DE:17:2D:34:08:62:39:2D:03:CD:C1:82:F7:A7:19
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       58CCF36B644EDA9CBEB59EAB6D2E829D9D498F89
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d482ca2-4433-4574-9d96-cd5df156dfd0.roa
Signing time:             Wed 03 Jul 2024 00:00:00 +0000
ROA not before:           Wed 03 Jul 2024 00:00:00 +0000
ROA not after:            Wed 07 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:cc:f3:6b:64:4e:da:9c:be:b5:9e:ab:6d:2e:82:9d:9d:49:8f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  3 00:00:00 2024 GMT
            Not After : Aug  7 23:59:59 2024 GMT
        Subject: serialNumber=0c603c7b73cfaa7a2c20743800758b8427262c83c5e0cf461724c9783488a40c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:9a:f3:2e:c4:d1:2e:43:ea:6f:65:ff:9f:01:
                    a9:a3:7c:7f:ae:99:be:fe:ab:be:24:ff:d5:b4:c2:
                    98:51:c5:a1:b8:25:51:37:d2:ea:4a:60:a9:bc:9d:
                    33:59:0f:55:ba:00:80:00:56:0f:da:3f:5e:65:3a:
                    54:69:06:80:1e:29:ba:52:bb:95:3e:0e:87:c9:8c:
                    3e:0c:e8:0d:86:cb:b8:ca:34:b6:6f:b7:d2:ff:69:
                    bf:71:2c:f3:7d:dd:f0:8f:a4:95:6b:82:43:9e:22:
                    3a:90:07:f9:b7:22:a6:78:17:de:77:ed:af:c4:72:
                    c6:83:97:b6:de:41:d5:70:ae:25:ad:0c:f6:5c:82:
                    4b:88:80:bf:aa:e6:5a:86:45:c3:35:58:9f:1c:10:
                    3a:2a:ea:99:9f:6d:99:47:46:78:3e:60:53:a3:2b:
                    e0:cf:a3:e9:68:92:0e:ff:1c:8e:f8:a2:fa:77:c2:
                    73:25:a1:a7:8f:3e:73:f8:29:6a:a7:59:9f:5b:ab:
                    fd:ba:00:2c:8c:a5:f5:36:19:48:98:67:07:f7:e5:
                    a9:31:aa:33:06:c9:10:84:dc:db:b5:cc:f0:35:b2:
                    db:1e:e9:70:d1:bd:2f:22:a8:e0:e8:f6:1e:81:6a:
                    4f:84:09:87:10:0b:d9:ef:8e:d4:11:00:60:fb:d5:
                    6a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:DB:29:EB:07:DE:17:2D:34:08:62:39:2D:03:CD:C1:82:F7:A7:19
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0d482ca2-4433-4574-9d96-cd5df156dfd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:99:68:53:aa:ec:1d:ab:5d:4f:20:bc:3a:96:86:d5:dc:7c:
         c4:85:ed:07:a4:81:a9:84:e3:60:6e:ca:df:8c:0e:5a:ad:ac:
         1c:85:7b:c0:98:76:03:62:ed:b3:0e:da:15:55:b9:90:65:10:
         cf:cb:89:05:8e:a7:74:05:58:0a:d0:9a:8f:05:98:4d:a4:e0:
         ed:d8:1a:76:f0:63:15:58:77:6b:6d:c7:6e:ed:32:e0:f4:c3:
         c9:87:70:ee:13:a9:1d:11:1f:19:bb:e6:34:25:da:60:90:b3:
         5b:ec:9d:fa:37:00:4d:d5:0c:2e:87:39:e9:07:1e:25:c1:00:
         b1:5d:0b:b8:63:52:f1:50:8c:e1:88:92:35:59:0f:3f:75:09:
         c6:5b:6a:49:ea:d2:c8:a1:a6:2b:bd:11:b4:ae:c3:72:25:02:
         e7:d0:5f:0b:51:94:94:fa:c5:36:d9:32:fc:4d:1e:35:83:d1:
         db:ee:b7:91:68:59:21:b1:1f:13:11:19:9a:bb:f0:c1:a7:bb:
         f8:42:e7:c7:fa:c8:88:7d:89:45:20:d3:af:5c:6f:72:b0:15:
         de:f7:ac:70:84:12:7b:61:78:7d:46:3f:ae:ba:25:75:2c:55:
         c9:ca:cc:70:cf:36:68:49:68:a9:2b:1f:3b:6f:5c:bf:78:c6:
         88:e4:b4:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWMzza2RO2py+tZ6rbS6CnZ1Jj4kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzAzMDAwMDAwWhcNMjQwODA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzYwM2M3YjczY2ZhYTdhMmMyMDc0MzgwMDc1OGI4NDI3
MjYyYzgzYzVlMGNmNDYxNzI0Yzk3ODM0ODhhNDBjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCCmvMuxNEuQ+pvZf+fAamjfH+umb7+q74k/9W0wphRxaG4
JVE30upKYKm8nTNZD1W6AIAAVg/aP15lOlRpBoAeKbpSu5U+DofJjD4M6A2Gy7jK
NLZvt9L/ab9xLPN93fCPpJVrgkOeIjqQB/m3IqZ4F9537a/EcsaDl7beQdVwriWt
DPZcgkuIgL+q5lqGRcM1WJ8cEDoq6pmfbZlHRng+YFOjK+DPo+lokg7/HI74ovp3
wnMloaePPnP4KWqnWZ9bq/26ACyMpfU2GUiYZwf35akxqjMGyRCE3Nu1zPA1stse
6XDRvS8iqODo9h6Bak+ECYcQC9nvjtQRAGD71WqBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZtsp6wfeFy00CGI5LQPNwYL3pxkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBkNDgyY2EyLTQ0MzMtNDU3NC05ZDk2LWNkNWRmMTU2ZGZkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH6ZaFOq7B2rXU8gvDqWhtXcfMSF
7QekgamE42Buyt+MDlqtrByFe8CYdgNi7bMO2hVVuZBlEM/LiQWOp3QFWArQmo8F
mE2k4O3YGnbwYxVYd2ttx27tMuD0w8mHcO4TqR0RHxm75jQl2mCQs1vsnfo3AE3V
DC6HOekHHiXBALFdC7hjUvFQjOGIkjVZDz91CcZbaknq0sihpiu9EbSuw3IlAufQ
XwtRlJT6xTbZMvxNHjWD0dvut5FoWSGxHxMRGZq78MGnu/hC58f6yIh9iUUg069c
b3KwFd73rHCEEntheH1GP666JXUsVcnKzHDPNmhJaKkrHztvXL94xojktOA=
-----END CERTIFICATE-----