Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/11e9d040-0400-47d3-a98f-40f309cd8873.roa
File:                     11e9d040-0400-47d3-a98f-40f309cd8873.roa (raw, json)
Hash identifier:          k18BLGLCtKkoi8SZxDi/5jxpyioUAcvwduPDCjIOSgE=
Subject key identifier:   68:5A:4B:6C:38:BE:F3:2C:28:22:AA:5B:FD:34:86:35:2B:3B:55:02
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       71FB58ECC89E7B2344C9C01A6BF0C494E68E3931
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/11e9d040-0400-47d3-a98f-40f309cd8873.roa
Signing time:             Sun 15 Dec 2024 00:00:00 +0000
ROA not before:           Sun 15 Dec 2024 00:00:00 +0000
ROA not after:            Sun 19 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:fb:58:ec:c8:9e:7b:23:44:c9:c0:1a:6b:f0:c4:94:e6:8e:39:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 15 00:00:00 2024 GMT
            Not After : Jan 19 23:59:59 2025 GMT
        Subject: serialNumber=798c11f87441a633f1d6f3ec3f82e7a363334f53d19d4557efe94acce816940a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2c:d0:55:2c:cb:b7:50:8c:58:23:f0:90:06:
                    47:5c:8e:9e:4b:92:ea:ee:d0:4d:29:42:d2:c8:04:
                    30:61:a1:2f:5d:5d:46:bd:e0:d4:4b:93:8b:5f:f3:
                    30:f8:02:99:cb:96:e1:62:27:11:b9:6e:02:cb:fe:
                    0a:53:e0:84:5a:df:10:3c:31:de:2d:d9:f6:06:b7:
                    7a:4f:86:fb:01:03:6b:cb:8a:34:f8:1e:91:2b:c0:
                    15:f6:21:55:e6:ca:39:7c:f6:37:43:78:d7:99:e2:
                    fb:62:86:bb:5f:46:01:93:ee:62:d7:67:39:57:92:
                    37:81:30:c3:f8:04:2d:64:48:bf:4e:3f:cb:27:2e:
                    79:3c:fd:6a:b7:7e:9e:8a:4a:04:bb:df:5d:08:1b:
                    c5:7f:6a:42:59:2d:2c:d1:cf:b6:6e:81:25:7b:d8:
                    0a:ba:61:cc:51:a5:92:78:cb:42:e2:a9:4e:bb:b6:
                    4c:93:67:39:9d:1b:e2:ff:c8:ba:df:33:12:e4:bb:
                    96:55:73:d4:e3:9c:b5:e0:d4:1b:4a:ca:85:ab:78:
                    b7:f5:9d:c8:60:df:d0:34:a3:76:e7:88:61:9c:d1:
                    ee:db:cf:5c:e8:34:09:28:a8:29:e0:28:21:89:08:
                    47:cd:c8:76:f9:95:44:1d:ab:22:c6:9e:d8:97:2e:
                    d7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:5A:4B:6C:38:BE:F3:2C:28:22:AA:5B:FD:34:86:35:2B:3B:55:02
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/11e9d040-0400-47d3-a98f-40f309cd8873.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:5e:49:78:c8:97:8b:e0:f6:b0:89:f9:a2:0e:38:9c:60:ee:
         eb:ea:3c:76:57:66:73:19:e9:91:31:24:ac:da:6e:3d:9d:17:
         44:5a:07:a9:22:7e:18:22:40:97:ae:07:2c:ed:d7:78:32:e6:
         28:ab:fe:c5:ad:b4:4f:e5:15:2f:2d:3f:75:37:02:3b:d1:63:
         d0:ee:b5:0f:bd:59:86:54:2b:aa:20:f5:e5:75:a2:51:88:eb:
         c2:41:80:9e:52:d7:dd:d0:23:c4:bb:27:ce:6a:24:58:fb:1f:
         ec:39:f9:8c:8d:87:6e:49:de:00:00:9f:0f:17:d1:72:d8:b3:
         3b:9b:b0:66:96:48:34:9a:c0:36:6d:ef:13:b7:de:96:7d:7b:
         c8:d9:ba:91:07:29:5e:ca:8d:f8:61:ac:73:00:47:a2:b2:e7:
         81:75:3a:8e:c6:28:db:b2:28:4a:67:bc:6a:b2:c6:fd:a5:4e:
         a7:f7:c7:e6:3a:98:5f:d8:e0:ee:fd:ff:6d:97:5b:22:2b:74:
         aa:fd:7d:ac:cb:87:70:0f:c9:d3:a2:97:c1:b7:60:f6:4c:f0:
         30:d0:3f:9e:38:d5:a1:96:fd:f3:3e:00:2a:84:ff:03:b5:f9:
         1a:c1:88:64:d6:4a:d1:03:66:10:c5:df:0c:0a:58:2d:c7:b7:
         a1:68:c0:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcftY7MieeyNEycAaa/DElOaOOTEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjE1MDAwMDAwWhcNMjUwMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OThjMTFmODc0NDFhNjMzZjFkNmYzZWMzZjgyZTdhMzYz
MzM0ZjUzZDE5ZDQ1NTdlZmU5NGFjY2U4MTY5NDBhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnLNBVLMu3UIxYI/CQBkdcjp5Lkuru0E0pQtLIBDBhoS9d
XUa94NRLk4tf8zD4ApnLluFiJxG5bgLL/gpT4IRa3xA8Md4t2fYGt3pPhvsBA2vL
ijT4HpErwBX2IVXmyjl89jdDeNeZ4vtihrtfRgGT7mLXZzlXkjeBMMP4BC1kSL9O
P8snLnk8/Wq3fp6KSgS7310IG8V/akJZLSzRz7ZugSV72Aq6YcxRpZJ4y0LiqU67
tkyTZzmdG+L/yLrfMxLku5ZVc9TjnLXg1BtKyoWreLf1nchg39A0o3bniGGc0e7b
z1zoNAkoqCngKCGJCEfNyHb5lUQdqyLGntiXLtdLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaFpLbDi+8ywoIqpb/TSGNSs7VQIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzExZTlkMDQwLTA0MDAtNDdkMy1hOThmLTQwZjMwOWNkODg3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEpeSXjIl4vg9rCJ+aIOOJxg7uvq
PHZXZnMZ6ZExJKzabj2dF0RaB6kifhgiQJeuByzt13gy5iir/sWttE/lFS8tP3U3
AjvRY9DutQ+9WYZUK6og9eV1olGI68JBgJ5S193QI8S7J85qJFj7H+w5+YyNh25J
3gAAnw8X0XLYszubsGaWSDSawDZt7xO33pZ9e8jZupEHKV7KjfhhrHMAR6Ky54F1
Oo7GKNuyKEpnvGqyxv2lTqf3x+Y6mF/Y4O79/22XWyIrdKr9fazLh3APydOil8G3
YPZM8DDQP5441aGW/fM+ACqE/wO1+RrBiGTWStEDZhDF3wwKWC3Ht6FowD0=
-----END CERTIFICATE-----