Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/20107536-6471-46e9-9d1d-3f119e234ccb.roa
File:                     20107536-6471-46e9-9d1d-3f119e234ccb.roa (raw, json)
Hash identifier:          t9iWmHXorinL7XzWxhpzTnnR3Ky0x3CFb0Yx/33eJc8=
Subject key identifier:   22:EF:AB:3E:10:CE:63:6E:BD:B1:0A:1C:AC:EE:C1:2B:14:2C:67:51
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       67995BE3560486DEB8631DD02695B6875C40BEA5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/20107536-6471-46e9-9d1d-3f119e234ccb.roa
Signing time:             Fri 06 Dec 2024 00:00:00 +0000
ROA not before:           Fri 06 Dec 2024 00:00:00 +0000
ROA not after:            Fri 10 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:99:5b:e3:56:04:86:de:b8:63:1d:d0:26:95:b6:87:5c:40:be:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  6 00:00:00 2024 GMT
            Not After : Jan 10 23:59:59 2025 GMT
        Subject: serialNumber=8b0f43449772c4db068c056844231bfc1d4089b7dfe340ef87129e57302e4c63, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ce:d0:7e:27:3b:5a:49:09:ed:26:57:7d:77:
                    49:19:5a:bf:1d:98:d5:9e:49:ad:7d:43:5a:6d:ef:
                    a6:f7:2a:f3:69:b3:0d:5a:8c:c6:33:7c:12:d4:9d:
                    8c:10:fb:da:f7:bc:96:7e:7b:c6:96:94:60:54:65:
                    e5:7f:ae:79:21:d4:56:bc:12:2a:97:e2:96:86:39:
                    b6:eb:14:c6:b2:3a:2e:16:4a:a1:3b:c3:5c:6e:56:
                    37:f1:ce:dd:b5:3d:a8:49:8c:65:6e:26:93:70:54:
                    5c:dd:38:22:27:ac:94:90:da:21:38:c3:aa:29:8d:
                    73:53:bc:9c:9d:78:63:f9:1d:1a:78:1f:3b:75:db:
                    37:5b:43:e8:f1:eb:96:e2:35:91:0b:4e:a8:84:73:
                    5c:5f:1f:fd:3f:c5:21:f9:bd:07:c9:99:37:e4:75:
                    4b:70:b0:7e:0e:d0:36:0c:3f:8e:a1:20:cf:d6:0f:
                    e0:f4:fb:a7:bf:89:0d:7d:ff:b5:e6:6d:e3:b8:d5:
                    fa:f9:23:ac:3c:03:38:e4:04:1b:37:3c:ec:70:8d:
                    e3:c8:8a:06:d3:f5:32:e7:2f:da:01:c1:c7:17:80:
                    a1:65:13:b8:c9:9d:b6:85:50:f1:29:5e:cb:f8:b1:
                    24:68:d8:e4:a3:80:50:f0:d3:65:9f:62:00:dc:bd:
                    5c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:EF:AB:3E:10:CE:63:6E:BD:B1:0A:1C:AC:EE:C1:2B:14:2C:67:51
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/20107536-6471-46e9-9d1d-3f119e234ccb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:39:cb:31:5f:a1:10:81:9c:64:1b:42:73:18:3b:d3:be:b0:
         07:ee:ba:85:0e:ad:24:28:da:04:c9:24:c4:0e:8c:39:b1:67:
         21:2a:7b:94:52:a3:4e:2b:7c:a5:64:b4:42:63:3b:05:b4:72:
         0d:50:d5:da:11:04:f6:9e:c9:2b:31:10:98:29:4b:5c:59:0e:
         b6:1b:de:97:15:e0:bc:27:12:9b:c1:f9:e6:f5:55:e7:df:47:
         d6:6f:d7:e0:7f:a8:a0:31:97:6e:ef:c8:0b:55:0b:a5:d3:ff:
         a7:6a:5a:59:34:00:0c:71:16:22:79:74:3d:27:e7:02:dc:55:
         32:be:29:6c:05:d0:43:17:72:b4:de:f1:70:fd:a3:4e:b2:e6:
         cf:63:77:0c:19:44:67:ab:ca:0d:10:86:65:2b:47:e9:66:f8:
         c1:e7:16:5b:84:ed:34:5c:46:dd:e7:4b:6e:ef:7e:57:c0:d8:
         e2:6a:bb:46:9b:46:a7:0e:11:31:bb:81:8a:bc:fa:e8:35:99:
         93:e3:7b:f2:92:30:9a:dc:e6:05:32:b8:4f:b6:3d:6e:bb:80:
         a6:47:75:89:7c:32:38:8f:8a:76:47:17:4f:52:0f:30:20:7f:
         49:79:8f:b2:c8:bd:b5:d7:f5:2b:be:e4:3e:06:30:8d:d5:0b:
         fc:5f:ee:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ5lb41YEht64Yx3QJpW2h1xAvqUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjA2MDAwMDAwWhcNMjUwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjBmNDM0NDk3NzJjNGRiMDY4YzA1Njg0NDIzMWJmYzFk
NDA4OWI3ZGZlMzQwZWY4NzEyOWU1NzMwMmU0YzYzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2ztB+JztaSQntJld9d0kZWr8dmNWeSa19Q1pt76b3KvNp
sw1ajMYzfBLUnYwQ+9r3vJZ+e8aWlGBUZeV/rnkh1Fa8EiqX4paGObbrFMayOi4W
SqE7w1xuVjfxzt21PahJjGVuJpNwVFzdOCInrJSQ2iE4w6opjXNTvJydeGP5HRp4
Hzt12zdbQ+jx65biNZELTqiEc1xfH/0/xSH5vQfJmTfkdUtwsH4O0DYMP46hIM/W
D+D0+6e/iQ19/7XmbeO41fr5I6w8AzjkBBs3POxwjePIigbT9TLnL9oBwccXgKFl
E7jJnbaFUPEpXsv4sSRo2OSjgFDw02WfYgDcvVw3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIu+rPhDOY269sQocrO7BKxQsZ1EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIwMTA3NTM2LTY0NzEtNDZlOS05ZDFkLTNmMTE5ZTIzNGNjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABQ5yzFfoRCBnGQbQnMYO9O+sAfu
uoUOrSQo2gTJJMQOjDmxZyEqe5RSo04rfKVktEJjOwW0cg1Q1doRBPaeySsxEJgp
S1xZDrYb3pcV4LwnEpvB+eb1VeffR9Zv1+B/qKAxl27vyAtVC6XT/6dqWlk0AAxx
FiJ5dD0n5wLcVTK+KWwF0EMXcrTe8XD9o06y5s9jdwwZRGeryg0QhmUrR+lm+MHn
FluE7TRcRt3nS27vflfA2OJqu0abRqcOETG7gYq8+ug1mZPje/KSMJrc5gUyuE+2
PW67gKZHdYl8MjiPinZHF09SDzAgf0l5j7LIvbXX9Su+5D4GMI3VC/xf7t0=
-----END CERTIFICATE-----