Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/28a51617-5cd6-40a6-884d-6fe97540f34f.roa
File:                     28a51617-5cd6-40a6-884d-6fe97540f34f.roa (raw, json)
Hash identifier:          i7mOsVKXZMZNSj3ibLjnWNGtpBU9ccuGF/wBKflEapY=
Subject key identifier:   45:BF:B8:B5:58:16:8E:22:0C:5E:29:CA:B6:DB:12:3C:05:6D:F1:2A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       27FDFF86C7D9A179E2AFD5647EDC78B64F33CE0C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/28a51617-5cd6-40a6-884d-6fe97540f34f.roa
Signing time:             Fri 29 Nov 2024 00:00:00 +0000
ROA not before:           Fri 29 Nov 2024 00:00:00 +0000
ROA not after:            Fri 03 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:fd:ff:86:c7:d9:a1:79:e2:af:d5:64:7e:dc:78:b6:4f:33:ce:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 29 00:00:00 2024 GMT
            Not After : Jan  3 23:59:59 2025 GMT
        Subject: serialNumber=d20ca28dc2bd03aabfa7b467272cc546fd10b935c7e5dea92016119c4153b8f8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ce:84:02:c1:b8:19:9b:d3:27:c9:01:4c:a0:
                    d4:b7:75:c4:e2:ec:fa:e4:5b:76:79:5f:86:0c:df:
                    2c:01:b1:90:b4:b6:66:2b:2f:63:c0:bb:17:c4:46:
                    b2:30:1b:c0:bc:8b:ae:0f:11:64:a4:cf:a3:46:f9:
                    68:38:22:cc:d4:b5:c5:d9:ee:d2:6f:06:89:f9:1f:
                    4d:d2:67:a1:38:eb:6c:aa:fe:4f:a0:d7:c0:ac:c8:
                    94:7b:1b:85:63:4e:8c:56:2b:f6:c3:d6:7f:da:d2:
                    8f:a1:9f:76:a0:a0:b4:1b:b3:d6:73:51:9b:eb:55:
                    3e:5e:42:ed:54:b7:22:1d:2d:19:4a:03:c7:d0:4e:
                    22:f9:fe:5e:40:b6:d3:c6:dc:92:45:c8:1f:94:14:
                    42:91:d4:ad:78:52:4f:04:ea:0a:99:3d:3a:7c:1b:
                    fb:11:80:90:9e:b8:17:33:fd:cd:ba:b0:6f:3b:be:
                    7b:4f:60:37:7b:aa:d5:fc:3d:9f:01:8b:a4:6b:97:
                    0a:c6:21:ad:d3:52:2d:9a:71:be:74:3c:20:35:5d:
                    f5:59:40:5b:31:2b:a5:2e:3a:0b:f9:b2:27:d3:c5:
                    c3:22:03:13:2b:a3:ad:2e:e9:28:c4:a4:dd:66:c1:
                    f8:c6:04:22:35:fe:cb:6e:03:04:40:20:5d:e0:a4:
                    8c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:BF:B8:B5:58:16:8E:22:0C:5E:29:CA:B6:DB:12:3C:05:6D:F1:2A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/28a51617-5cd6-40a6-884d-6fe97540f34f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:b3:c4:24:f7:47:17:f3:bf:88:a1:5f:ac:a4:f4:25:2d:a6:
         4e:a0:1f:1e:56:92:ec:e2:89:b0:c9:fa:83:4f:f3:2a:a9:2f:
         ef:f1:3d:59:13:70:10:42:b1:90:f5:34:ad:0e:a0:82:5f:cb:
         7f:01:78:f2:a4:a6:98:4c:1b:2c:7e:2b:25:96:5e:13:10:ef:
         09:c0:ee:19:2c:59:7d:b1:ad:bc:5d:53:0b:75:e4:f0:3c:c3:
         1d:0b:cb:f4:82:a6:1f:89:f1:45:21:38:0e:95:c0:89:35:72:
         a4:94:45:1a:0b:ee:c7:5e:89:a5:b0:ed:b3:2c:0e:e6:41:ca:
         5e:9f:f8:28:04:2a:d7:a4:37:23:2a:71:17:0d:d0:0f:b2:e8:
         86:a9:2f:db:4e:0a:c3:55:98:47:dd:26:87:a2:9d:91:ab:52:
         69:cd:c4:06:a1:f7:a2:36:e0:5e:69:97:1c:2f:c4:91:9e:aa:
         fa:60:50:b8:bb:0d:45:ef:5b:3e:c3:da:15:4f:4f:f9:96:0e:
         61:f3:ac:b2:35:70:53:b8:1a:a5:f2:b5:04:57:ff:68:96:d3:
         31:2b:41:77:78:ee:57:63:02:95:c2:fa:2e:d4:bb:56:d1:f7:
         2e:c0:87:8d:b9:51:3c:a1:48:f0:11:97:9e:77:7f:fb:65:79:
         53:ee:0d:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJ/3/hsfZoXnir9Vkftx4tk8zzgwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTI5MDAwMDAwWhcNMjUwMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMjBjYTI4ZGMyYmQwM2FhYmZhN2I0NjcyNzJjYzU0NmZk
MTBiOTM1YzdlNWRlYTkyMDE2MTE5YzQxNTNiOGY4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdzoQCwbgZm9MnyQFMoNS3dcTi7PrkW3Z5X4YM3ywBsZC0
tmYrL2PAuxfERrIwG8C8i64PEWSkz6NG+Wg4IszUtcXZ7tJvBon5H03SZ6E462yq
/k+g18CsyJR7G4VjToxWK/bD1n/a0o+hn3agoLQbs9ZzUZvrVT5eQu1UtyIdLRlK
A8fQTiL5/l5AttPG3JJFyB+UFEKR1K14Uk8E6gqZPTp8G/sRgJCeuBcz/c26sG87
vntPYDd7qtX8PZ8Bi6RrlwrGIa3TUi2acb50PCA1XfVZQFsxK6UuOgv5sifTxcMi
AxMro60u6SjEpN1mwfjGBCI1/stuAwRAIF3gpIyPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURb+4tVgWjiIMXinKttsSPAVt8SowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI4YTUxNjE3LTVjZDYtNDBhNi04ODRkLTZmZTk3NTQwZjM0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALezxCT3Rxfzv4ihX6yk9CUtpk6g
Hx5WkuziibDJ+oNP8yqpL+/xPVkTcBBCsZD1NK0OoIJfy38BePKkpphMGyx+KyWW
XhMQ7wnA7hksWX2xrbxdUwt15PA8wx0Ly/SCph+J8UUhOA6VwIk1cqSURRoL7sde
iaWw7bMsDuZByl6f+CgEKtekNyMqcRcN0A+y6IapL9tOCsNVmEfdJoeinZGrUmnN
xAah96I24F5plxwvxJGeqvpgULi7DUXvWz7D2hVPT/mWDmHzrLI1cFO4GqXytQRX
/2iW0zErQXd47ldjApXC+i7Uu1bR9y7Ah425UTyhSPARl553f/tleVPuDa4=
-----END CERTIFICATE-----