Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1a6ceddd-8e7b-44df-9487-0bcb709dc354.roa
File:                     1a6ceddd-8e7b-44df-9487-0bcb709dc354.roa (raw, json)
Hash identifier:          rV1dzqxCqsI1PI28SSaYi9y9oL2se9xlEHL5qFW4pDE=
Subject key identifier:   2B:04:CB:3D:91:5F:50:49:CA:69:ED:96:1F:78:22:86:8B:53:84:2D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6C129746E2FC38A3A0F6BBC6B7746267D97D9BDC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1a6ceddd-8e7b-44df-9487-0bcb709dc354.roa
Signing time:             Sun 11 Feb 2024 00:00:00 +0000
ROA not before:           Sun 11 Feb 2024 00:00:00 +0000
ROA not after:            Sun 17 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:12:97:46:e2:fc:38:a3:a0:f6:bb:c6:b7:74:62:67:d9:7d:9b:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 11 00:00:00 2024 GMT
            Not After : Mar 17 23:59:59 2024 GMT
        Subject: serialNumber=678cc4dfd4e35b2dfdebd0a5e3bcb65db9f7f7fb4f64ac5d0a957a4f3b7345fc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:66:21:df:48:8c:d2:b5:a9:0e:c6:ef:19:6f:
                    47:87:52:06:8f:d9:48:92:da:89:29:40:4b:fc:b0:
                    dc:25:af:90:61:34:25:87:c4:60:2e:d5:8e:07:12:
                    8d:d3:27:92:c5:30:a0:a1:24:63:56:d3:54:a0:31:
                    e4:aa:6d:94:b3:04:77:3a:59:97:aa:5e:03:7a:44:
                    27:46:d0:51:87:ad:8c:b9:c1:8f:b4:c0:db:f6:44:
                    24:f5:af:d5:56:52:56:8d:a0:ab:32:9f:9a:80:5b:
                    4b:8e:2d:0c:31:b6:ba:a5:7a:53:94:93:04:3c:6a:
                    be:58:cc:ca:79:68:45:3a:4b:40:66:4c:0f:54:b6:
                    dc:f6:8d:7a:12:c8:90:0a:9e:42:a3:d9:4c:37:24:
                    c3:52:5e:cb:83:70:2b:f5:34:6e:42:41:85:ba:0c:
                    7d:32:1c:c8:53:fc:2f:79:7e:ce:e0:94:8c:22:67:
                    6f:e7:a4:a4:d7:b1:81:1c:74:ff:ab:42:11:e1:3e:
                    f6:2c:fc:01:f7:2f:f8:34:da:af:4b:16:38:5d:03:
                    5b:7a:4e:6d:2b:6f:b1:99:a9:71:28:0f:ad:87:89:
                    da:a4:d9:2d:7c:30:ff:90:82:09:8d:c1:56:c4:24:
                    4b:a7:cc:f5:dd:28:19:58:66:f0:63:cf:23:cf:25:
                    4c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:04:CB:3D:91:5F:50:49:CA:69:ED:96:1F:78:22:86:8B:53:84:2D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1a6ceddd-8e7b-44df-9487-0bcb709dc354.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:d6:f0:b6:f7:0b:eb:ad:b7:88:a0:02:9f:a0:d4:72:1b:2f:
         29:c4:07:e6:5e:e7:40:d9:8f:7d:98:f6:cd:77:14:23:cf:1a:
         8b:b8:fc:fc:0c:25:6f:27:56:f5:06:f5:1d:b4:17:46:5f:4f:
         0b:aa:ef:d3:2b:cc:b9:73:80:83:55:81:93:1b:dd:d0:f5:51:
         12:1a:88:da:18:55:70:c9:18:f4:b5:2d:8b:fa:a1:3f:08:74:
         a2:0c:02:5e:19:ae:cd:71:4a:07:1a:9c:9f:b2:c1:fb:ff:59:
         52:68:fd:cb:52:fd:11:0e:b2:97:88:f7:19:42:00:7e:eb:de:
         af:83:d1:4b:a2:df:ce:26:ae:fb:9c:70:c5:a9:9a:e7:d0:e9:
         50:e0:69:14:4e:d3:13:fb:bb:d1:fe:99:78:77:40:c1:6f:69:
         bc:7d:1e:c1:fa:e2:f8:6c:7b:6b:14:3a:08:d0:74:30:48:40:
         5e:36:55:13:c5:47:23:98:1b:e2:96:41:7b:ff:6e:18:4f:cb:
         cf:02:89:8d:cd:74:3e:14:5a:85:97:33:6f:4a:08:63:6b:28:
         05:71:6a:f7:a3:67:c6:11:81:8c:1f:56:82:6b:ec:7e:9d:74:
         29:94:0a:1f:48:ac:72:fe:1f:de:cf:1d:0e:27:d8:c4:eb:5a:
         fa:af:98:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbBKXRuL8OKOg9rvGt3RiZ9l9m9wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjExMDAwMDAwWhcNMjQwMzE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NzhjYzRkZmQ0ZTM1YjJkZmRlYmQwYTVlM2JjYjY1ZGI5
ZjdmN2ZiNGY2NGFjNWQwYTk1N2E0ZjNiNzM0NWZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzZiHfSIzStakOxu8Zb0eHUgaP2UiS2okpQEv8sNwlr5Bh
NCWHxGAu1Y4HEo3TJ5LFMKChJGNW01SgMeSqbZSzBHc6WZeqXgN6RCdG0FGHrYy5
wY+0wNv2RCT1r9VWUlaNoKsyn5qAW0uOLQwxtrqlelOUkwQ8ar5YzMp5aEU6S0Bm
TA9Uttz2jXoSyJAKnkKj2Uw3JMNSXsuDcCv1NG5CQYW6DH0yHMhT/C95fs7glIwi
Z2/npKTXsYEcdP+rQhHhPvYs/AH3L/g02q9LFjhdA1t6Tm0rb7GZqXEoD62Hidqk
2S18MP+QggmNwVbEJEunzPXdKBlYZvBjzyPPJUyBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKwTLPZFfUEnKae2WH3gihotThC0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFhNmNlZGRkLThlN2ItNDRkZi05NDg3LTBiY2I3MDlkYzM1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACvW8Lb3C+utt4igAp+g1HIbLynE
B+Ze50DZj32Y9s13FCPPGou4/PwMJW8nVvUG9R20F0ZfTwuq79MrzLlzgINVgZMb
3dD1URIaiNoYVXDJGPS1LYv6oT8IdKIMAl4Zrs1xSgcanJ+ywfv/WVJo/ctS/REO
speI9xlCAH7r3q+D0Uui384mrvuccMWpmufQ6VDgaRRO0xP7u9H+mXh3QMFvabx9
HsH64vhse2sUOgjQdDBIQF42VRPFRyOYG+KWQXv/bhhPy88CiY3NdD4UWoWXM29K
CGNrKAVxavejZ8YRgYwfVoJr7H6ddCmUCh9IrHL+H97PHQ4n2MTrWvqvmBU=
-----END CERTIFICATE-----