Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/106fb060-59be-486b-ae16-ec21f20af2d9.roa
File:                     106fb060-59be-486b-ae16-ec21f20af2d9.roa (raw, json)
Hash identifier:          T7Yi2nofloijYd05tni1hF1OULc3EWsxPqZyhL86h30=
Subject key identifier:   1D:C2:6D:17:D2:D8:EC:CB:CA:7F:8A:23:F6:B4:52:38:0B:FA:E5:56
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3CAB6482137EFA0543914EC9688EF35F75A766F6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/106fb060-59be-486b-ae16-ec21f20af2d9.roa
Signing time:             Mon 18 Nov 2024 00:00:00 +0000
ROA not before:           Mon 18 Nov 2024 00:00:00 +0000
ROA not after:            Mon 23 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:ab:64:82:13:7e:fa:05:43:91:4e:c9:68:8e:f3:5f:75:a7:66:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 18 00:00:00 2024 GMT
            Not After : Dec 23 23:59:59 2024 GMT
        Subject: serialNumber=8a46f23831a6c1e7ea14a81b2474f3dca806ab029aa7ec937a5204c0a8584a1d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d8:5c:a5:a7:4c:68:94:4d:02:66:87:e2:e5:
                    09:62:8a:42:a8:75:6b:8e:00:1c:83:9f:19:c3:b5:
                    4d:a2:f8:a0:64:54:a5:f2:1b:3e:5d:9d:39:fe:26:
                    58:91:ac:3b:82:3c:d8:32:d8:25:f2:37:7c:49:26:
                    8e:d1:38:32:70:a4:3b:66:0e:6d:1d:3a:4d:b4:49:
                    4a:b1:19:f7:3e:6a:bf:9e:10:38:58:93:f3:bc:78:
                    08:e0:18:6e:d3:7a:33:0a:25:1a:31:2d:e7:e7:5c:
                    43:56:61:1e:d4:6e:3f:3b:fe:03:87:64:46:7b:41:
                    75:41:b3:11:9a:04:ea:6c:bd:a6:9f:3c:ec:7b:b3:
                    0f:86:a8:e6:f0:9e:5a:dc:ed:6e:f5:2b:56:fd:19:
                    24:04:df:d5:d3:63:0f:fa:1e:24:9e:a6:b1:a1:ce:
                    b1:8a:c0:b7:77:cb:63:84:ad:94:b8:35:d1:6f:eb:
                    9e:fc:1e:4e:8a:07:ce:8f:f4:4c:3a:19:0e:aa:3f:
                    c3:18:7a:74:30:d5:86:8e:6e:dd:0b:4b:c3:0b:d5:
                    54:87:ae:bc:57:44:b3:e5:da:f3:ff:55:82:cc:84:
                    43:3d:c8:d9:14:f8:3c:1f:76:05:19:7d:36:61:6f:
                    08:a6:e1:d0:7d:09:d9:17:7c:be:86:f1:ab:b7:bb:
                    33:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:C2:6D:17:D2:D8:EC:CB:CA:7F:8A:23:F6:B4:52:38:0B:FA:E5:56
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/106fb060-59be-486b-ae16-ec21f20af2d9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:5d:db:87:dd:33:a5:5b:84:c8:9f:86:82:2c:79:61:3c:86:
         43:74:06:14:28:71:49:ca:2a:9a:09:7b:4f:f3:d9:cc:d3:18:
         6b:c2:46:38:f5:8c:31:89:64:fc:25:2b:84:95:c4:99:bb:3b:
         99:91:da:03:dd:61:3e:af:49:d9:96:64:f7:de:4b:03:6b:3a:
         1a:18:ab:a5:a8:cc:2e:52:15:37:f2:47:7d:d3:06:f2:f0:bb:
         14:56:68:36:9b:33:dc:c7:a2:77:26:6c:e9:ae:2b:64:f7:5a:
         8c:b3:1e:84:a8:9e:6e:32:e2:0f:2d:f7:e7:f3:25:88:c6:4b:
         e5:5b:a4:e6:c6:92:d3:14:95:42:b5:1c:4e:8a:8a:72:71:78:
         7f:9d:b9:63:ba:dc:6f:d4:a5:a2:9d:3b:0a:ec:3f:1c:ab:99:
         7e:e6:64:c1:e7:29:e4:25:40:2b:35:d7:23:d8:cc:6c:0c:bb:
         e0:1e:6d:bd:84:fa:bb:84:e4:f4:e8:2e:b5:e4:bc:33:fd:6f:
         7a:36:87:f2:7e:00:ad:9c:39:31:32:a1:4a:21:95:d4:5d:64:
         6c:36:78:f6:4c:c4:bb:2e:b9:93:9c:c7:31:ad:be:fd:32:8b:
         c2:05:d5:1d:a1:cf:7e:7d:2f:2d:b3:a5:90:13:a3:f2:2a:55:
         a8:4c:49:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPKtkghN++gVDkU7JaI7zX3WnZvYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTE4MDAwMDAwWhcNMjQxMjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YTQ2ZjIzODMxYTZjMWU3ZWExNGE4MWIyNDc0ZjNkY2E4
MDZhYjAyOWFhN2VjOTM3YTUyMDRjMGE4NTg0YTFkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCq2Fylp0xolE0CZofi5QliikKodWuOAByDnxnDtU2i+KBk
VKXyGz5dnTn+JliRrDuCPNgy2CXyN3xJJo7RODJwpDtmDm0dOk20SUqxGfc+ar+e
EDhYk/O8eAjgGG7TejMKJRoxLefnXENWYR7Ubj87/gOHZEZ7QXVBsxGaBOpsvaaf
POx7sw+GqObwnlrc7W71K1b9GSQE39XTYw/6HiSeprGhzrGKwLd3y2OErZS4NdFv
6578Hk6KB86P9Ew6GQ6qP8MYenQw1YaObt0LS8ML1VSHrrxXRLPl2vP/VYLMhEM9
yNkU+DwfdgUZfTZhbwim4dB9CdkXfL6G8au3uzNnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHcJtF9LY7MvKf4oj9rRSOAv65VYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEwNmZiMDYwLTU5YmUtNDg2Yi1hZTE2LWVjMjFmMjBhZjJkOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIld24fdM6VbhMifhoIseWE8hkN0
BhQocUnKKpoJe0/z2czTGGvCRjj1jDGJZPwlK4SVxJm7O5mR2gPdYT6vSdmWZPfe
SwNrOhoYq6WozC5SFTfyR33TBvLwuxRWaDabM9zHoncmbOmuK2T3WoyzHoSonm4y
4g8t9+fzJYjGS+VbpObGktMUlUK1HE6KinJxeH+duWO63G/UpaKdOwrsPxyrmX7m
ZMHnKeQlQCs11yPYzGwMu+Aebb2E+ruE5PToLrXkvDP9b3o2h/J+AK2cOTEyoUoh
ldRdZGw2ePZMxLsuuZOcxzGtvv0yi8IF1R2hz359Ly2zpZATo/IqVahMScA=
-----END CERTIFICATE-----