Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0f8bb50a-be89-4def-ba36-46b2ea3e2544.roa
File:                     0f8bb50a-be89-4def-ba36-46b2ea3e2544.roa (raw, json)
Hash identifier:          sKdFA+TmlnjpfmK4cFy6r5nwrH8zHXqNnn7CghgsjxI=
Subject key identifier:   30:3E:91:E1:99:35:44:48:3B:DF:E2:5B:A8:40:05:BE:F7:43:73:34
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5A4A504B2909881FAD1EFDFF123141D5F8A0C926
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0f8bb50a-be89-4def-ba36-46b2ea3e2544.roa
Signing time:             Tue 30 Apr 2024 00:00:00 +0000
ROA not before:           Tue 30 Apr 2024 00:00:00 +0000
ROA not after:            Tue 04 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:4a:50:4b:29:09:88:1f:ad:1e:fd:ff:12:31:41:d5:f8:a0:c9:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 30 00:00:00 2024 GMT
            Not After : Jun  4 23:59:59 2024 GMT
        Subject: serialNumber=377dca0ef789dcc4e7d8a211a6c9cefba0a30fd0a4b52d1a91b63ffa7379c152, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6a:f0:92:96:ab:74:70:3e:15:fb:73:81:f4:
                    88:4b:2a:82:0d:6f:0b:df:c8:ea:10:96:04:09:d0:
                    e7:64:77:1a:fb:6f:3f:62:de:f7:c3:c6:62:8d:d7:
                    ff:bc:32:c5:83:50:5b:06:67:12:67:3d:19:c4:96:
                    5b:02:4a:d5:ef:6e:c1:13:8a:94:83:25:1f:c4:7a:
                    4f:03:58:0a:cb:20:4c:10:d4:a2:cb:de:42:15:56:
                    82:b9:4b:d3:5e:64:77:fb:90:9e:5f:4d:43:f0:c5:
                    c0:d2:e1:14:49:7d:f7:90:23:54:19:72:9f:7d:81:
                    73:2d:4e:99:43:a6:dd:24:a0:2e:71:06:8e:21:12:
                    d4:5b:ed:96:31:16:b2:76:af:6c:3a:18:a6:94:6b:
                    92:4f:b8:68:00:f8:ae:b0:15:d7:97:1d:de:43:6a:
                    e2:29:63:82:22:ba:ad:bb:dc:71:6b:fb:6b:f4:ed:
                    46:7d:e0:f7:69:ec:cb:1a:f4:bb:b3:fb:b9:82:26:
                    cd:49:c8:4c:21:b5:13:ad:50:8b:46:df:04:5e:f3:
                    a3:4c:11:a0:47:0c:d1:0a:df:c9:e5:0e:38:65:b9:
                    0b:07:5c:be:f0:57:42:ba:e3:2b:89:27:a1:3d:31:
                    61:16:a0:ab:69:5e:44:42:88:fa:58:62:6b:11:5f:
                    75:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3E:91:E1:99:35:44:48:3B:DF:E2:5B:A8:40:05:BE:F7:43:73:34
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0f8bb50a-be89-4def-ba36-46b2ea3e2544.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:a3:54:f9:f7:bd:0c:df:7e:d8:a2:53:6b:c4:b4:2e:6b:64:
         e7:24:01:63:fd:12:f7:e8:a4:4b:79:65:21:bc:c1:c9:79:36:
         08:29:27:96:a4:4c:20:e3:1a:21:19:71:4c:6e:28:0b:1b:44:
         84:43:9f:38:13:8d:60:88:56:96:01:f2:df:54:05:25:6f:57:
         87:ef:c9:b7:6a:88:d0:a1:36:c9:8a:70:a7:16:6b:54:33:93:
         db:bb:c4:12:92:e1:2d:d4:64:28:df:cb:09:25:3a:74:48:62:
         91:8d:d6:81:c7:d2:f1:70:43:a9:54:60:42:b5:6b:59:ae:f4:
         d0:54:e1:b2:96:63:44:41:eb:6a:6e:c6:c8:da:9f:66:e8:32:
         dd:fd:99:03:aa:dc:31:bf:4a:c0:86:fe:f3:3b:93:5b:d4:b1:
         24:a0:c6:53:eb:1c:d9:75:9a:9b:c7:aa:b8:bc:54:ac:79:06:
         30:cd:07:4f:da:18:37:3d:0d:64:8c:39:7a:8b:0f:a9:c7:62:
         3c:b2:a8:3f:ed:16:f0:b1:c3:49:4f:4b:7f:59:80:53:f1:3b:
         39:cf:90:e0:0e:25:57:fb:91:a6:26:d1:29:a2:b3:2e:95:7f:
         30:93:bb:4f:5e:11:0d:9f:ee:b4:a7:be:d2:d7:3a:9e:03:d9:
         23:e2:90:ca
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWkpQSykJiB+tHv3/EjFB1figySYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDMwMDAwMDAwWhcNMjQwNjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzdkY2EwZWY3ODlkY2M0ZTdkOGEyMTFhNmM5Y2VmYmEw
YTMwZmQwYTRiNTJkMWE5MWI2M2ZmYTczNzljMTUyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4avCSlqt0cD4V+3OB9IhLKoINbwvfyOoQlgQJ0Odkdxr7
bz9i3vfDxmKN1/+8MsWDUFsGZxJnPRnEllsCStXvbsETipSDJR/Eek8DWArLIEwQ
1KLL3kIVVoK5S9NeZHf7kJ5fTUPwxcDS4RRJffeQI1QZcp99gXMtTplDpt0koC5x
Bo4hEtRb7ZYxFrJ2r2w6GKaUa5JPuGgA+K6wFdeXHd5DauIpY4Iiuq273HFr+2v0
7UZ94Pdp7Msa9Luz+7mCJs1JyEwhtROtUItG3wRe86NMEaBHDNEK38nlDjhluQsH
XL7wV0K64yuJJ6E9MWEWoKtpXkRCiPpYYmsRX3WLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMD6R4Zk1REg73+JbqEAFvvdDczQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBmOGJiNTBhLWJlODktNGRlZi1iYTM2LTQ2YjJlYTNlMjU0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF6jVPn3vQzfftiiU2vEtC5rZOck
AWP9EvfopEt5ZSG8wcl5NggpJ5akTCDjGiEZcUxuKAsbRIRDnzgTjWCIVpYB8t9U
BSVvV4fvybdqiNChNsmKcKcWa1Qzk9u7xBKS4S3UZCjfywklOnRIYpGN1oHH0vFw
Q6lUYEK1a1mu9NBU4bKWY0RB62puxsjan2boMt39mQOq3DG/SsCG/vM7k1vUsSSg
xlPrHNl1mpvHqri8VKx5BjDNB0/aGDc9DWSMOXqLD6nHYjyyqD/tFvCxw0lPS39Z
gFPxOznPkOAOJVf7kaYm0Smisy6VfzCTu09eEQ2f7rSnvtLXOp4D2SPikMo=
-----END CERTIFICATE-----