Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22d1f9a8-91e3-4394-b51d-f65375a0ca19.roa
File:                     22d1f9a8-91e3-4394-b51d-f65375a0ca19.roa (raw, json)
Hash identifier:          UPOwS43L3Ovo98UoEr6RqutnT5Dxu+xDNoXEUTE9pVg=
Subject key identifier:   C3:CB:34:E0:8D:42:D2:4D:73:E0:17:03:9E:97:F8:7A:74:29:98:7F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       246EDDA36B64EAB01140875692DDF03BA0858B8D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22d1f9a8-91e3-4394-b51d-f65375a0ca19.roa
Signing time:             Thu 01 Feb 2024 00:00:00 +0000
ROA not before:           Thu 01 Feb 2024 00:00:00 +0000
ROA not after:            Thu 07 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:6e:dd:a3:6b:64:ea:b0:11:40:87:56:92:dd:f0:3b:a0:85:8b:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  1 00:00:00 2024 GMT
            Not After : Mar  7 23:59:59 2024 GMT
        Subject: serialNumber=02904c54ee18ea6de34cb2af6aae1e0e308a55ccac6027b7ceb604bf451e749f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7e:da:2c:aa:70:5e:3d:fd:35:c8:5a:84:64:
                    37:56:c4:f5:9a:52:ea:d8:1b:ac:5b:5b:16:b4:ff:
                    f9:2b:68:2b:e6:c7:6e:a5:ce:cd:08:b8:8d:14:57:
                    e1:fd:14:a0:7b:38:b1:23:89:d9:54:75:47:73:bd:
                    b9:cc:e5:e1:c5:8a:bd:e4:97:9a:49:cf:2f:fe:bf:
                    d3:fd:15:35:96:ec:61:66:7a:80:f2:b9:d8:93:67:
                    39:f5:3e:6a:ac:59:60:a3:6c:87:3b:43:06:34:be:
                    b5:28:0a:47:9c:6d:2e:3c:3e:9a:b7:d3:e1:ee:4f:
                    3c:2c:a8:86:cc:d5:01:7d:26:34:b6:e2:67:b1:f1:
                    dc:8a:fc:50:56:66:9f:e1:4d:20:78:13:74:17:c2:
                    6f:95:8f:f7:1e:7d:61:fa:22:f5:58:f1:0e:ea:4f:
                    0c:89:ee:1e:23:7a:1f:14:ca:d0:cd:08:b2:1c:d8:
                    d5:fe:6f:78:4a:88:e3:37:20:d3:39:7c:fe:75:dc:
                    e2:83:b0:4f:ba:42:70:5f:2c:37:2b:fe:fe:d9:60:
                    2a:dc:1e:df:da:e5:16:c9:a1:b3:52:4c:ad:b6:ab:
                    47:5f:ce:4f:de:4a:67:b4:06:40:79:94:59:4e:3b:
                    24:09:b3:d4:d4:bc:20:c1:67:00:9d:8d:2b:eb:14:
                    fd:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:CB:34:E0:8D:42:D2:4D:73:E0:17:03:9E:97:F8:7A:74:29:98:7F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22d1f9a8-91e3-4394-b51d-f65375a0ca19.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:06:92:4f:41:e5:da:b3:53:51:a5:0d:a4:74:4d:4b:6f:25:
         09:f7:12:5d:ee:c6:fa:c9:23:ce:10:37:0d:82:92:4e:95:ec:
         b3:db:69:ec:16:34:33:7c:6d:96:3c:28:97:c7:c0:98:63:83:
         79:d5:e5:6c:40:93:21:e3:f8:00:b5:d6:28:b1:14:08:ec:4e:
         3d:c5:d5:c0:b6:df:d7:4a:41:b8:14:94:44:3f:df:d5:95:6f:
         dc:a3:c6:8d:53:5d:22:ae:80:94:d3:b9:a1:32:54:c7:c6:18:
         fb:c9:5c:1b:2e:4c:b6:ac:92:4f:51:01:05:43:88:1b:c3:3d:
         76:9f:52:2d:0d:b3:39:b5:95:4a:9b:15:f7:e9:a5:38:d0:45:
         17:8d:ab:5e:af:8f:1d:f0:02:d9:5a:dc:1a:77:a7:46:4e:df:
         be:ad:8e:5c:7d:da:f6:2e:e1:c6:0a:e1:ca:45:3a:af:0f:62:
         3b:be:c4:06:9d:30:90:28:04:f0:1a:21:ff:49:7f:7d:a9:a7:
         46:4b:fb:16:92:d5:97:c4:43:1c:1f:5f:16:cb:06:77:c9:90:
         d2:be:27:90:a8:cc:30:d5:12:c4:79:51:99:47:16:48:e9:c0:
         a9:90:df:51:ed:91:42:ff:f5:de:82:74:b9:94:b3:f2:0d:38:
         37:a6:ef:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJG7do2tk6rARQIdWkt3wO6CFi40wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjAxMDAwMDAwWhcNMjQwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjkwNGM1NGVlMThlYTZkZTM0Y2IyYWY2YWFlMWUwZTMw
OGE1NWNjYWM2MDI3YjdjZWI2MDRiZjQ1MWU3NDlmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyftosqnBePf01yFqEZDdWxPWaUurYG6xbWxa0//kraCvm
x26lzs0IuI0UV+H9FKB7OLEjidlUdUdzvbnM5eHFir3kl5pJzy/+v9P9FTWW7GFm
eoDyudiTZzn1PmqsWWCjbIc7QwY0vrUoCkecbS48Ppq30+HuTzwsqIbM1QF9JjS2
4mex8dyK/FBWZp/hTSB4E3QXwm+Vj/cefWH6IvVY8Q7qTwyJ7h4jeh8UytDNCLIc
2NX+b3hKiOM3INM5fP513OKDsE+6QnBfLDcr/v7ZYCrcHt/a5RbJobNSTK22q0df
zk/eSme0BkB5lFlOOyQJs9TUvCDBZwCdjSvrFP1pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUw8s04I1C0k1z4BcDnpf4enQpmH8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIyZDFmOWE4LTkxZTMtNDM5NC1iNTFkLWY2NTM3NWEwY2ExOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKoGkk9B5dqzU1GlDaR0TUtvJQn3
El3uxvrJI84QNw2Ckk6V7LPbaewWNDN8bZY8KJfHwJhjg3nV5WxAkyHj+AC11iix
FAjsTj3F1cC239dKQbgUlEQ/39WVb9yjxo1TXSKugJTTuaEyVMfGGPvJXBsuTLas
kk9RAQVDiBvDPXafUi0Nszm1lUqbFffppTjQRReNq16vjx3wAtla3Bp3p0ZO376t
jlx92vYu4cYK4cpFOq8PYju+xAadMJAoBPAaIf9Jf32pp0ZL+xaS1ZfEQxwfXxbL
BnfJkNK+J5CozDDVEsR5UZlHFkjpwKmQ31HtkUL/9d6CdLmUs/INODem78I=
-----END CERTIFICATE-----