Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1997f236-47cf-4200-a50d-72a596eb4ca8.roa
File:                     1997f236-47cf-4200-a50d-72a596eb4ca8.roa (raw, json)
Hash identifier:          BAE1jQ83Tk620OMBSaJe2nSby/Ev6HNR2+9T3gaNsUE=
Subject key identifier:   0B:15:15:9A:2F:8F:DB:B4:05:B8:C8:A4:89:86:84:B3:48:DE:77:BC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       32F8E7A5F0AA71B3EC5EEBAF3011296BC4A986D4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1997f236-47cf-4200-a50d-72a596eb4ca8.roa
Signing time:             Sat 28 Sep 2024 00:00:00 +0000
ROA not before:           Sat 28 Sep 2024 00:00:00 +0000
ROA not after:            Sat 02 Nov 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:f8:e7:a5:f0:aa:71:b3:ec:5e:eb:af:30:11:29:6b:c4:a9:86:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 28 00:00:00 2024 GMT
            Not After : Nov  2 23:59:59 2024 GMT
        Subject: serialNumber=b17034b53885878741790bc14443db1f2a66a8ad5145ae5a6ebef27f28994d0e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9d:38:d4:2e:3c:0f:53:18:c8:bd:31:c4:3f:
                    a9:54:8c:6b:10:4c:40:cd:27:49:39:60:a0:ef:dd:
                    45:4d:42:a1:6f:d0:bf:93:c0:c0:43:8d:a9:3f:ab:
                    8e:b9:87:bf:f6:cf:3e:f4:c4:91:60:20:4e:53:8a:
                    de:75:6d:fb:44:fd:8f:d1:66:4f:bd:74:89:49:78:
                    5c:37:ca:85:20:0f:73:85:9c:9a:01:2d:2c:78:a9:
                    b9:ed:4e:6f:14:a0:38:a5:90:de:60:f9:a2:ab:f7:
                    54:c3:d4:4f:c6:05:3e:15:f8:88:33:8f:83:be:65:
                    18:ea:de:98:11:a3:b1:ac:bc:53:6a:32:b6:f5:dc:
                    eb:61:f2:a2:f0:5e:f1:39:4c:9f:e6:66:a5:17:97:
                    c5:af:92:d7:ae:41:05:30:50:cc:65:8f:06:b3:8e:
                    11:a3:77:8c:3d:0b:36:c5:a9:de:ff:b2:55:00:f9:
                    ac:f5:e1:3a:ea:60:12:8c:74:c9:e8:bd:a1:f5:19:
                    6b:0f:0c:af:44:91:af:78:1b:16:2b:1d:8c:42:83:
                    29:5a:af:82:d2:68:76:55:b4:10:4c:fe:90:62:22:
                    68:ec:b1:42:13:5a:e4:58:24:eb:de:bd:ee:1d:85:
                    ab:09:44:76:37:32:3a:4c:b5:bf:20:b4:f1:f2:ec:
                    26:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:15:15:9A:2F:8F:DB:B4:05:B8:C8:A4:89:86:84:B3:48:DE:77:BC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1997f236-47cf-4200-a50d-72a596eb4ca8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:2f:1e:91:94:34:95:a7:1d:ae:3a:55:ff:14:e9:c8:be:6d:
         58:7c:7c:3d:ff:1e:72:14:d0:f1:54:55:01:83:00:18:30:9a:
         b1:a1:a1:8e:df:07:58:b1:0e:c2:96:03:6b:e9:ed:54:bb:ae:
         64:95:05:0b:7e:91:6f:ee:7e:f9:1e:70:30:21:68:27:3b:34:
         36:b2:dc:2f:57:00:0d:f2:b5:a2:31:f7:9b:cf:3a:57:d9:6c:
         08:3c:b0:a6:d8:b8:a7:01:70:05:0d:97:52:73:23:59:d5:81:
         fc:63:cf:b2:04:ae:13:82:cc:8d:fd:10:7a:36:c3:3e:b4:28:
         27:d9:22:62:fb:cc:a5:6f:b8:40:8b:8f:9e:b8:ef:55:ee:3e:
         9f:78:8c:70:71:45:58:90:26:5a:7b:a7:2e:39:02:a0:f6:6e:
         7c:8a:53:64:f0:80:7a:b7:6b:9b:65:08:4d:29:4d:b1:65:1c:
         be:41:58:3c:59:a9:a7:42:e1:4f:2b:7b:3c:73:b4:9b:52:1e:
         e0:b0:8d:7f:4a:eb:24:ef:4a:16:e4:83:b8:5b:bf:73:41:b5:
         e0:0d:81:10:dd:13:8c:ef:93:8d:d8:f9:36:17:c5:fb:51:02:
         18:99:d6:36:05:2a:d7:7e:cd:e4:af:c0:28:36:a5:05:a1:8a:
         f7:4b:28:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMvjnpfCqcbPsXuuvMBEpa8SphtQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwOTI4MDAwMDAwWhcNMjQxMTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTcwMzRiNTM4ODU4Nzg3NDE3OTBiYzE0NDQzZGIxZjJh
NjZhOGFkNTE0NWFlNWE2ZWJlZjI3ZjI4OTk0ZDBlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCunTjULjwPUxjIvTHEP6lUjGsQTEDNJ0k5YKDv3UVNQqFv
0L+TwMBDjak/q465h7/2zz70xJFgIE5Tit51bftE/Y/RZk+9dIlJeFw3yoUgD3OF
nJoBLSx4qbntTm8UoDilkN5g+aKr91TD1E/GBT4V+Igzj4O+ZRjq3pgRo7GsvFNq
Mrb13Oth8qLwXvE5TJ/mZqUXl8WvkteuQQUwUMxljwazjhGjd4w9CzbFqd7/slUA
+az14TrqYBKMdMnovaH1GWsPDK9Eka94GxYrHYxCgylar4LSaHZVtBBM/pBiImjs
sUITWuRYJOveve4dhasJRHY3MjpMtb8gtPHy7CaJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCxUVmi+P27QFuMikiYaEs0jed7wwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE5OTdmMjM2LTQ3Y2YtNDIwMC1hNTBkLTcyYTU5NmViNGNhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALIvHpGUNJWnHa46Vf8U6ci+bVh8
fD3/HnIU0PFUVQGDABgwmrGhoY7fB1ixDsKWA2vp7VS7rmSVBQt+kW/ufvkecDAh
aCc7NDay3C9XAA3ytaIx95vPOlfZbAg8sKbYuKcBcAUNl1JzI1nVgfxjz7IErhOC
zI39EHo2wz60KCfZImL7zKVvuECLj56471XuPp94jHBxRViQJlp7py45AqD2bnyK
U2TwgHq3a5tlCE0pTbFlHL5BWDxZqadC4U8rezxztJtSHuCwjX9K6yTvShbkg7hb
v3NBteANgRDdE4zvk43Y+TYXxftRAhiZ1jYFKtd+zeSvwCg2pQWhivdLKBU=
-----END CERTIFICATE-----