Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/215d0664-650d-4a35-ad80-6af0765448c7.roa
File:                     215d0664-650d-4a35-ad80-6af0765448c7.roa (raw, json)
Hash identifier:          zPkgyBDARB5GVPaWGc9Q8VtMcKc/xRBufNIF/OjFGYA=
Subject key identifier:   15:A5:96:D4:1F:97:9C:1C:8B:46:13:88:39:48:6B:5D:9A:CF:73:51
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4BE36C3AC95B36030B7699517C4472FD21985AE2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/215d0664-650d-4a35-ad80-6af0765448c7.roa
Signing time:             Fri 16 Feb 2024 00:00:00 +0000
ROA not before:           Fri 16 Feb 2024 00:00:00 +0000
ROA not after:            Fri 22 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:e3:6c:3a:c9:5b:36:03:0b:76:99:51:7c:44:72:fd:21:98:5a:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 16 00:00:00 2024 GMT
            Not After : Mar 22 23:59:59 2024 GMT
        Subject: serialNumber=796c6462ac154aee0b61c5087b269ac599cef43aed90b1ff1ee3e140bc0eed4f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:60:24:92:85:a8:06:db:09:98:06:d2:ff:0d:
                    1e:b5:64:00:72:b5:08:85:78:bd:68:63:38:da:47:
                    27:48:44:8b:c4:82:6f:d6:61:4d:e6:16:4f:cf:bc:
                    a4:f1:62:70:69:82:45:1a:69:2a:eb:24:4e:7f:30:
                    cb:58:5e:82:53:62:d7:07:3f:45:bc:23:96:1c:1f:
                    a8:e4:d2:d7:e0:7f:16:5d:f4:d0:c0:5b:93:58:13:
                    6e:03:03:dc:0a:58:e3:c4:24:84:03:07:7e:0a:9d:
                    c1:f0:db:ec:68:71:a8:f9:37:96:30:32:40:4a:8f:
                    9e:f9:99:d7:43:33:19:71:27:83:0e:88:a6:06:98:
                    6a:af:62:49:21:c0:1b:8e:66:ee:37:7e:b5:5c:46:
                    db:5d:79:3a:ee:1c:79:7a:ba:d6:08:6b:bf:79:45:
                    65:ea:cc:96:68:12:50:82:a0:8e:cd:ac:9f:1e:dc:
                    86:db:af:bf:1f:88:e5:96:0c:a9:b8:a4:e8:3c:0c:
                    6c:72:e5:17:1f:27:69:95:ff:7a:49:2f:f4:f6:02:
                    da:cb:94:d3:72:33:cd:37:10:82:08:11:22:c1:90:
                    f7:2e:f4:78:5d:0a:77:b0:a7:ec:e6:07:28:1a:76:
                    9c:2e:7c:0d:a7:43:ef:6a:72:cd:da:06:74:aa:24:
                    f5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A5:96:D4:1F:97:9C:1C:8B:46:13:88:39:48:6B:5D:9A:CF:73:51
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/215d0664-650d-4a35-ad80-6af0765448c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:4f:84:d3:c8:17:b4:17:f4:61:b7:f5:37:db:6f:b9:1e:5d:
         0f:0c:61:68:d7:01:44:c6:b2:44:55:f2:d4:3a:7b:cf:04:6c:
         4a:2f:d4:1f:01:fa:62:d6:84:25:20:27:d6:75:45:17:39:cb:
         8b:c1:7f:83:40:89:76:dc:57:ac:fa:df:91:97:87:6c:66:ad:
         bc:3a:e9:d4:29:92:2e:55:e7:ef:7e:98:b1:69:1c:3f:5c:b1:
         89:09:5e:74:f8:ac:8c:22:47:29:f5:b2:1e:12:a8:ca:58:71:
         68:90:26:d3:1d:e1:62:ef:b2:7a:1e:77:27:03:0a:3c:f0:b5:
         7a:42:c6:91:43:a6:7d:1b:14:c4:8c:b5:82:34:37:dc:63:f9:
         bc:8e:56:de:26:7c:c3:38:e7:e0:64:af:69:c9:ce:c3:86:a6:
         b9:8c:9d:11:a6:c4:cd:ca:c1:b5:63:2c:b8:f7:1b:a2:3c:89:
         f6:65:b1:ac:d6:83:f8:e0:c6:45:14:96:75:f0:25:68:c0:9f:
         50:fa:37:13:6f:32:e0:9b:d7:01:9e:b1:78:0d:1e:73:3e:de:
         71:dc:8c:5f:c7:bb:b9:f8:78:e9:69:d0:3b:f9:4a:c9:7a:4f:
         d9:30:5f:22:48:9b:12:a3:64:4c:86:a6:63:53:f2:e4:11:de:
         d5:97:64:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUS+NsOslbNgMLdplRfERy/SGYWuIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjE2MDAwMDAwWhcNMjQwMzIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3OTZjNjQ2MmFjMTU0YWVlMGI2MWM1MDg3YjI2OWFjNTk5
Y2VmNDNhZWQ5MGIxZmYxZWUzZTE0MGJjMGVlZDRmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrYCSShagG2wmYBtL/DR61ZABytQiFeL1oYzjaRydIRIvE
gm/WYU3mFk/PvKTxYnBpgkUaaSrrJE5/MMtYXoJTYtcHP0W8I5YcH6jk0tfgfxZd
9NDAW5NYE24DA9wKWOPEJIQDB34KncHw2+xocaj5N5YwMkBKj575mddDMxlxJ4MO
iKYGmGqvYkkhwBuOZu43frVcRttdeTruHHl6utYIa795RWXqzJZoElCCoI7NrJ8e
3Ibbr78fiOWWDKm4pOg8DGxy5RcfJ2mV/3pJL/T2AtrLlNNyM803EIIIESLBkPcu
9HhdCnewp+zmBygadpwufA2nQ+9qcs3aBnSqJPXbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFaWW1B+XnByLRhOIOUhrXZrPc1EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIxNWQwNjY0LTY1MGQtNGEzNS1hZDgwLTZhZjA3NjU0NDhjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK1PhNPIF7QX9GG39Tfbb7keXQ8M
YWjXAUTGskRV8tQ6e88EbEov1B8B+mLWhCUgJ9Z1RRc5y4vBf4NAiXbcV6z635GX
h2xmrbw66dQpki5V5+9+mLFpHD9csYkJXnT4rIwiRyn1sh4SqMpYcWiQJtMd4WLv
snoedycDCjzwtXpCxpFDpn0bFMSMtYI0N9xj+byOVt4mfMM45+Bkr2nJzsOGprmM
nRGmxM3KwbVjLLj3G6I8ifZlsazWg/jgxkUUlnXwJWjAn1D6NxNvMuCb1wGesXgN
HnM+3nHcjF/Hu7n4eOlp0Dv5Ssl6T9kwXyJImxKjZEyGpmNT8uQR3tWXZEo=
-----END CERTIFICATE-----