Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2464b8c1-aaea-4b4b-89b3-904ef6ee71d4.roa
File:                     2464b8c1-aaea-4b4b-89b3-904ef6ee71d4.roa (raw, json)
Hash identifier:          PgmlPjt4DZCLhQxG6gXhDPeGKsc7b4Ba5WLkpTLNLbg=
Subject key identifier:   D9:43:A2:73:9F:73:68:75:14:CE:54:51:EB:18:5A:FD:2D:FE:8F:F0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       570D245ECC3C65E8FC978236C6873CCE115480E1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2464b8c1-aaea-4b4b-89b3-904ef6ee71d4.roa
Signing time:             Wed 17 Jul 2024 00:00:00 +0000
ROA not before:           Wed 17 Jul 2024 00:00:00 +0000
ROA not after:            Wed 21 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:0d:24:5e:cc:3c:65:e8:fc:97:82:36:c6:87:3c:ce:11:54:80:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 17 00:00:00 2024 GMT
            Not After : Aug 21 23:59:59 2024 GMT
        Subject: serialNumber=af71595ff036dcebf5b27fd0e6bce5ef16831b89d854837f369bf1cdeda46bb8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b6:1b:33:d3:bc:4b:2e:d3:86:d0:ff:91:91:
                    eb:ac:09:01:75:aa:95:34:06:93:72:b3:07:6b:af:
                    5f:e3:54:e6:9e:24:a8:18:f6:da:1f:c8:02:ad:6e:
                    67:17:f6:83:0c:cf:84:5b:97:1d:c2:66:4a:2d:4f:
                    53:a2:b9:77:2e:f9:3b:f3:c6:ef:8d:7b:90:b4:f2:
                    69:16:87:4e:d9:9b:23:fa:e1:15:df:60:60:13:a1:
                    59:e8:ca:40:d5:54:5f:ef:2c:69:6b:93:8d:05:4c:
                    d4:b0:13:bb:ea:12:c4:3f:f4:36:69:8d:42:7d:a3:
                    86:d7:1d:84:fe:20:10:b2:1c:65:eb:61:57:7d:79:
                    2b:93:67:3b:c0:27:22:f3:80:df:a2:19:9a:ba:54:
                    16:d2:9b:aa:1b:de:43:6a:9c:b9:6b:e0:21:4a:16:
                    f1:23:c4:1a:b4:22:7a:10:18:5e:f6:ac:bc:b2:5a:
                    19:4f:82:c6:40:85:5e:89:40:54:b4:a3:76:1b:9a:
                    90:49:2c:95:9f:30:79:a0:2c:23:c5:a1:ce:e7:ff:
                    b3:51:21:50:93:33:f1:89:c5:c8:29:67:f1:41:62:
                    52:17:1a:1e:0b:06:26:41:f8:61:11:2a:52:f9:94:
                    1b:ba:92:8c:60:42:6e:5b:82:eb:35:80:a4:de:6a:
                    d7:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:43:A2:73:9F:73:68:75:14:CE:54:51:EB:18:5A:FD:2D:FE:8F:F0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2464b8c1-aaea-4b4b-89b3-904ef6ee71d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:03:47:79:c7:86:58:35:41:dd:ca:ab:31:8f:03:18:7d:77:
         86:3a:38:ba:02:59:96:56:1a:3c:75:8e:f9:0b:99:5d:72:de:
         71:59:31:85:62:27:5c:7c:3e:98:d1:ee:97:3f:1a:99:43:91:
         97:64:f1:35:41:8f:c8:42:65:1f:97:52:e5:41:48:fb:91:21:
         3c:f7:b2:26:e6:fe:7f:c5:e9:43:a6:8a:49:b8:ca:fb:c1:bf:
         66:1a:cb:3c:49:d6:9e:fc:c9:fc:1f:bc:76:3e:f2:52:35:34:
         7b:b8:7a:94:d6:d7:6b:d1:4a:0f:bf:d6:6d:c1:54:4d:ec:37:
         3c:37:eb:18:35:87:09:67:0a:ad:96:8d:d2:bb:c4:aa:93:82:
         38:b5:4d:b2:2f:45:b2:a2:42:15:7e:a7:ca:74:c8:5c:98:0b:
         bd:2f:86:ee:5a:a5:64:e8:14:43:3e:1d:45:8f:b7:3f:3a:cb:
         4f:18:05:6b:8d:9a:4f:18:24:0f:1d:41:c3:30:96:db:75:0f:
         b4:13:ba:39:bf:7b:d8:e5:3f:13:d1:82:69:bf:23:52:3a:d6:
         e7:0a:1e:9b:ed:e7:1d:6b:4e:91:01:0b:94:34:d4:94:46:c6:
         da:b5:35:65:18:68:68:53:1b:66:ff:07:5e:d6:59:ac:20:24:
         79:dc:b9:3c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVw0kXsw8Zej8l4I2xoc8zhFUgOEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE3MDAwMDAwWhcNMjQwODIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZjcxNTk1ZmYwMzZkY2ViZjViMjdmZDBlNmJjZTVlZjE2
ODMxYjg5ZDg1NDgzN2YzNjliZjFjZGVkYTQ2YmI4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDthsz07xLLtOG0P+RkeusCQF1qpU0BpNyswdrr1/jVOae
JKgY9tofyAKtbmcX9oMMz4Rblx3CZkotT1OiuXcu+Tvzxu+Ne5C08mkWh07ZmyP6
4RXfYGAToVnoykDVVF/vLGlrk40FTNSwE7vqEsQ/9DZpjUJ9o4bXHYT+IBCyHGXr
YVd9eSuTZzvAJyLzgN+iGZq6VBbSm6ob3kNqnLlr4CFKFvEjxBq0InoQGF72rLyy
WhlPgsZAhV6JQFS0o3YbmpBJLJWfMHmgLCPFoc7n/7NRIVCTM/GJxcgpZ/FBYlIX
Gh4LBiZB+GERKlL5lBu6koxgQm5bgus1gKTeatdBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2UOic59zaHUUzlRR6xha/S3+j/AwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI0NjRiOGMxLWFhZWEtNGI0Yi04OWIzLTkwNGVmNmVlNzFkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACkDR3nHhlg1Qd3KqzGPAxh9d4Y6
OLoCWZZWGjx1jvkLmV1y3nFZMYViJ1x8PpjR7pc/GplDkZdk8TVBj8hCZR+XUuVB
SPuRITz3sibm/n/F6UOmikm4yvvBv2YayzxJ1p78yfwfvHY+8lI1NHu4epTW12vR
Sg+/1m3BVE3sNzw36xg1hwlnCq2WjdK7xKqTgji1TbIvRbKiQhV+p8p0yFyYC70v
hu5apWToFEM+HUWPtz86y08YBWuNmk8YJA8dQcMwltt1D7QTujm/e9jlPxPRgmm/
I1I61ucKHpvt5x1rTpEBC5Q01JRGxtq1NWUYaGhTG2b/B17WWawgJHncuTw=
-----END CERTIFICATE-----