Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/171a6236-44bc-405b-8b7c-089e8003b05e.roa
File:                     171a6236-44bc-405b-8b7c-089e8003b05e.roa (raw, json)
Hash identifier:          CsRJWLHltJTY46uP752O+R5hS2T3AltRTO2LboRQ2m8=
Subject key identifier:   15:CB:55:90:15:BE:98:6A:AC:2F:76:B0:9C:36:BD:AE:4A:9A:EB:11
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       07A71E2DD9DD75AC394DB2D1D84FE32F2FF78FCE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/171a6236-44bc-405b-8b7c-089e8003b05e.roa
Signing time:             Fri 28 Jun 2024 00:00:00 +0000
ROA not before:           Fri 28 Jun 2024 00:00:00 +0000
ROA not after:            Fri 02 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:a7:1e:2d:d9:dd:75:ac:39:4d:b2:d1:d8:4f:e3:2f:2f:f7:8f:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 28 00:00:00 2024 GMT
            Not After : Aug  2 23:59:59 2024 GMT
        Subject: serialNumber=4bbe3914d29b81eb775abfe6db93cd86fb5703f173f8a636f2937dd03170e761, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:49:6a:13:dd:3e:a9:cc:9a:fc:2c:32:b7:54:
                    9b:49:40:32:fa:3d:9c:5c:82:e1:e5:7f:73:63:ab:
                    54:61:db:e4:1a:f6:6f:e8:aa:6e:30:bc:1a:57:cb:
                    b0:04:06:50:28:fc:56:71:32:cb:3b:c0:e4:f2:bf:
                    be:4f:65:33:89:cd:8a:80:5a:3e:a4:ac:16:d3:b0:
                    27:b9:54:b7:29:28:fc:16:a8:87:9e:d8:80:7a:26:
                    b9:77:04:68:fa:30:92:57:99:d2:9a:74:6d:ea:b1:
                    b0:cb:3c:f2:bf:24:c1:1d:14:0f:04:b0:e8:7f:ec:
                    3c:26:d1:5c:47:28:2b:46:66:5c:12:b1:b8:c6:c5:
                    84:ed:79:76:7e:8b:92:0c:e8:d4:16:af:d9:fc:97:
                    3b:84:a8:d5:35:20:70:62:e9:5f:c3:7d:34:06:24:
                    37:af:ee:18:97:ea:8c:1d:4e:86:71:50:a3:bd:86:
                    ee:16:b1:a1:39:57:d5:cf:3d:df:f0:14:33:6d:5a:
                    2a:15:05:9b:8b:45:92:10:47:ff:42:1b:3d:95:62:
                    a6:c3:f0:ae:91:a8:38:b1:85:04:5a:ba:f0:b5:8a:
                    78:1c:f8:2f:c8:a5:6d:4f:5c:80:b5:6c:1d:44:ab:
                    27:c8:d9:1e:9b:0e:7e:d3:6c:7d:04:36:68:cc:ad:
                    e4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:CB:55:90:15:BE:98:6A:AC:2F:76:B0:9C:36:BD:AE:4A:9A:EB:11
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/171a6236-44bc-405b-8b7c-089e8003b05e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:9b:fc:56:d9:26:e0:be:69:4c:24:d5:28:bd:32:ac:3d:e5:
         a4:80:49:77:72:26:55:93:8a:66:d7:a4:07:ce:e6:f2:6d:c0:
         aa:4b:de:af:da:31:49:1b:a7:92:a7:4c:89:84:f6:a4:0e:66:
         56:c9:4a:47:d2:71:81:42:0c:9b:8a:f4:0b:78:02:57:bb:78:
         bd:f8:eb:64:07:42:ec:3b:53:64:b3:1c:6d:2d:4f:78:79:8d:
         e7:01:d9:12:a5:4d:ae:b9:8c:51:a3:c7:16:3a:8f:62:b2:38:
         d3:af:d3:81:da:5d:0a:7e:ad:ee:22:4a:f3:d8:f0:f0:8e:d2:
         03:e5:cc:17:e4:da:cd:d2:fc:99:0e:6d:32:69:be:08:85:82:
         52:5e:7b:81:b0:7f:04:c3:8a:b1:67:d5:db:07:c1:6d:94:c0:
         85:aa:f9:58:df:71:ea:0b:2d:36:af:ae:86:7a:74:a1:8a:91:
         cd:7c:cc:1e:f8:5f:2b:0b:74:74:02:c7:25:18:ce:c5:f1:13:
         b7:e8:42:d1:4a:67:fb:55:b4:4c:9a:ad:1b:27:a5:46:22:94:
         ed:a3:d6:c7:48:76:f5:1f:f1:e7:16:56:c9:76:8d:be:14:e8:
         06:71:6d:9a:c2:a5:93:e5:b4:1d:19:e0:05:5d:a2:0d:fb:af:
         d4:35:e7:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUB6ceLdnddaw5TbLR2E/jLy/3j84wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNjI4MDAwMDAwWhcNMjQwODAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YmJlMzkxNGQyOWI4MWViNzc1YWJmZTZkYjkzY2Q4NmZi
NTcwM2YxNzNmOGE2MzZmMjkzN2RkMDMxNzBlNzYxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCBSWoT3T6pzJr8LDK3VJtJQDL6PZxcguHlf3Njq1Rh2+Qa
9m/oqm4wvBpXy7AEBlAo/FZxMss7wOTyv75PZTOJzYqAWj6krBbTsCe5VLcpKPwW
qIee2IB6Jrl3BGj6MJJXmdKadG3qsbDLPPK/JMEdFA8EsOh/7Dwm0VxHKCtGZlwS
sbjGxYTteXZ+i5IM6NQWr9n8lzuEqNU1IHBi6V/DfTQGJDev7hiX6owdToZxUKO9
hu4WsaE5V9XPPd/wFDNtWioVBZuLRZIQR/9CGz2VYqbD8K6RqDixhQRauvC1ingc
+C/IpW1PXIC1bB1EqyfI2R6bDn7TbH0ENmjMreRTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFctVkBW+mGqsL3awnDa9rkqa6xEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE3MWE2MjM2LTQ0YmMtNDA1Yi04YjdjLTA4OWU4MDAzYjA1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALCb/FbZJuC+aUwk1Si9Mqw95aSA
SXdyJlWTimbXpAfO5vJtwKpL3q/aMUkbp5KnTImE9qQOZlbJSkfScYFCDJuK9At4
Ale7eL3462QHQuw7U2SzHG0tT3h5jecB2RKlTa65jFGjxxY6j2KyONOv04HaXQp+
re4iSvPY8PCO0gPlzBfk2s3S/JkObTJpvgiFglJee4GwfwTDirFn1dsHwW2UwIWq
+VjfceoLLTavroZ6dKGKkc18zB74XysLdHQCxyUYzsXxE7foQtFKZ/tVtEyarRsn
pUYilO2j1sdIdvUf8ecWVsl2jb4U6AZxbZrCpZPltB0Z4AVdog37r9Q15/8=
-----END CERTIFICATE-----