Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2195ac11-c285-405a-a9e5-fec61a77a5b1.roa
File:                     2195ac11-c285-405a-a9e5-fec61a77a5b1.roa (raw, json)
Hash identifier:          AIFardmJfi1/nJbIOl6TOh2eYXFjDRPauLYML53mZUo=
Subject key identifier:   AD:A1:58:84:BD:0E:9F:D3:B0:76:CF:9B:48:4C:D3:47:F4:BB:E9:62
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       53800937C8B6F77B8536399302A65B07F7543576
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2195ac11-c285-405a-a9e5-fec61a77a5b1.roa
Signing time:             Fri 12 Apr 2024 00:00:00 +0000
ROA not before:           Fri 12 Apr 2024 00:00:00 +0000
ROA not after:            Fri 17 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:80:09:37:c8:b6:f7:7b:85:36:39:93:02:a6:5b:07:f7:54:35:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 12 00:00:00 2024 GMT
            Not After : May 17 23:59:59 2024 GMT
        Subject: serialNumber=fdd16a8395b042da21e279aa568a8e15dfdbdb92241599b518fb0f50c2388741, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7a:fa:12:5e:12:b5:49:c2:e4:57:5d:2b:d5:
                    2d:1a:43:02:8f:68:9f:13:ed:19:ad:78:49:e8:68:
                    ab:89:a0:0a:e9:57:f2:03:25:e9:37:b2:b8:14:b0:
                    a0:5a:db:db:d1:57:61:3e:34:f2:d3:5a:b2:02:0e:
                    ea:c3:31:38:2a:10:d5:d7:61:ab:80:61:80:14:11:
                    97:d2:44:41:d1:1f:63:1f:75:6c:68:47:77:7f:cf:
                    ff:a0:c7:27:65:9b:92:d1:97:34:9b:97:2c:73:00:
                    be:3f:66:b5:8b:b8:a6:1b:30:07:6d:4c:f5:87:46:
                    c6:53:b4:a9:2b:77:a8:d0:4f:9c:56:a6:18:ae:91:
                    f5:d1:d9:eb:1b:f8:c4:0d:a8:b2:ea:32:35:d6:64:
                    48:f1:98:40:9c:95:d3:a2:29:d8:06:18:fa:60:e0:
                    f1:0b:2c:b4:38:08:49:b3:45:ba:1f:5b:12:2b:62:
                    ef:10:33:a0:3b:d8:82:f7:df:7c:f8:6b:c0:75:31:
                    1a:a3:6d:be:79:b0:43:ed:e8:76:71:34:e8:28:d4:
                    f1:69:4a:0d:09:ee:69:ac:07:d7:f3:51:fd:35:d5:
                    59:3a:8b:95:ee:f2:e6:fb:9b:c7:da:73:7d:b0:8c:
                    5d:67:1d:dd:69:4f:43:18:85:4c:2f:70:80:53:8a:
                    a0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:A1:58:84:BD:0E:9F:D3:B0:76:CF:9B:48:4C:D3:47:F4:BB:E9:62
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2195ac11-c285-405a-a9e5-fec61a77a5b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:96:d4:90:26:53:cd:8b:73:c7:7d:5a:15:47:11:6e:7b:c4:
         cc:90:90:9e:d2:4c:25:cc:67:57:65:de:78:ee:84:3d:5e:8f:
         32:40:26:d8:65:04:ef:57:4d:af:71:6a:79:53:31:9b:c9:88:
         a6:3b:30:ee:db:7f:c2:9b:95:74:74:92:c2:1d:fa:eb:53:5d:
         ce:0e:53:b3:f0:1e:a6:cc:b1:62:50:0a:53:25:db:04:ba:33:
         ab:9b:9a:7e:b1:01:9d:c2:4a:4d:99:27:49:26:18:86:41:c7:
         aa:82:21:a1:be:d8:36:02:46:b6:7b:83:da:15:b7:a7:9f:b4:
         0c:80:98:3a:3b:8e:6e:52:e5:66:db:71:47:cd:79:c2:b0:db:
         d3:15:ee:61:44:ed:dd:04:58:1b:e3:cc:4d:80:3f:73:22:50:
         8e:df:7d:bc:59:e4:a1:7a:6d:54:82:58:c6:95:14:98:cb:f5:
         99:3e:d3:4e:14:cf:94:bd:4a:2b:4d:42:c6:df:3e:f0:76:30:
         e9:3a:6c:31:1c:f5:f2:df:49:63:40:f1:bc:88:20:53:44:02:
         0c:f5:da:c4:25:29:54:91:2e:f5:7b:cc:91:87:59:5e:84:52:
         53:9b:fe:b7:4a:ae:b1:3a:a3:44:1a:93:25:83:33:e1:94:31:
         0e:d4:f7:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU4AJN8i293uFNjmTAqZbB/dUNXYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDEyMDAwMDAwWhcNMjQwNTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZGQxNmE4Mzk1YjA0MmRhMjFlMjc5YWE1NjhhOGUxNWRm
ZGJkYjkyMjQxNTk5YjUxOGZiMGY1MGMyMzg4NzQxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqevoSXhK1ScLkV10r1S0aQwKPaJ8T7RmteEnoaKuJoArp
V/IDJek3srgUsKBa29vRV2E+NPLTWrICDurDMTgqENXXYauAYYAUEZfSREHRH2Mf
dWxoR3d/z/+gxydlm5LRlzSblyxzAL4/ZrWLuKYbMAdtTPWHRsZTtKkrd6jQT5xW
phiukfXR2esb+MQNqLLqMjXWZEjxmECcldOiKdgGGPpg4PELLLQ4CEmzRbofWxIr
Yu8QM6A72IL333z4a8B1MRqjbb55sEPt6HZxNOgo1PFpSg0J7mmsB9fzUf011Vk6
i5Xu8ub7m8fac32wjF1nHd1pT0MYhUwvcIBTiqAfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUraFYhL0On9Owds+bSEzTR/S76WIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIxOTVhYzExLWMyODUtNDA1YS1hOWU1LWZlYzYxYTc3YTViMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGGW1JAmU82Lc8d9WhVHEW57xMyQ
kJ7STCXMZ1dl3njuhD1ejzJAJthlBO9XTa9xanlTMZvJiKY7MO7bf8KblXR0ksId
+utTXc4OU7PwHqbMsWJQClMl2wS6M6ubmn6xAZ3CSk2ZJ0kmGIZBx6qCIaG+2DYC
RrZ7g9oVt6eftAyAmDo7jm5S5WbbcUfNecKw29MV7mFE7d0EWBvjzE2AP3MiUI7f
fbxZ5KF6bVSCWMaVFJjL9Zk+004Uz5S9SitNQsbfPvB2MOk6bDEc9fLfSWNA8byI
IFNEAgz12sQlKVSRLvV7zJGHWV6EUlOb/rdKrrE6o0QakyWDM+GUMQ7U92E=
-----END CERTIFICATE-----