Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2ab62e17-956a-4003-9048-a2fbbfea513f.roa
File:                     2ab62e17-956a-4003-9048-a2fbbfea513f.roa (raw, json)
Hash identifier:          Hm3/aCPfCk2Ju0HEWl894tO9RT3uw2HUT6vRGAeB2Dw=
Subject key identifier:   06:7C:39:E7:07:02:27:AC:FF:27:59:C0:C5:E0:5B:43:BD:1C:1B:86
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       79FE68E67F0FEE6C0FEC166F1A46C1239A6AEAD6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2ab62e17-956a-4003-9048-a2fbbfea513f.roa
Signing time:             Mon 15 Jul 2024 00:00:00 +0000
ROA not before:           Mon 15 Jul 2024 00:00:00 +0000
ROA not after:            Mon 19 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:fe:68:e6:7f:0f:ee:6c:0f:ec:16:6f:1a:46:c1:23:9a:6a:ea:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 15 00:00:00 2024 GMT
            Not After : Aug 19 23:59:59 2024 GMT
        Subject: serialNumber=ce99c2177578cbc17bc8e85a96a4bf59b542c0e568952d948e3534b5be552fcc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:64:21:58:dd:24:36:53:8b:7b:36:79:37:81:
                    63:5c:1c:ca:28:17:34:bf:2d:1a:a3:a6:59:89:30:
                    c6:6e:fb:5a:e5:5a:cb:bd:85:d3:b5:ba:5d:26:27:
                    c3:01:7b:3a:bd:ef:a2:97:e3:8b:cb:6c:5b:bb:13:
                    12:64:ec:97:88:71:13:8a:33:fd:4f:da:be:c0:63:
                    4a:f3:7e:1e:35:7a:fd:e4:82:d7:fc:00:ac:e3:12:
                    9f:a1:b2:17:4a:27:8c:1d:47:49:38:be:3e:8f:97:
                    33:d3:b1:16:b9:70:4c:1c:b3:21:39:bd:16:f3:24:
                    a1:d3:12:c7:b5:ad:64:20:1d:2f:d2:fc:93:ae:56:
                    b8:00:4c:bd:09:c4:f7:7f:27:23:73:8f:47:f7:40:
                    31:2e:f0:d4:f1:30:be:a4:a7:d5:23:c7:ab:bf:1e:
                    b4:ce:d9:d0:6d:bb:c8:82:43:b9:f8:ee:83:b7:2f:
                    16:74:48:6a:17:11:eb:6c:ac:be:84:30:65:61:48:
                    72:4b:dd:2b:d7:94:79:fa:44:cd:a4:0d:60:5e:77:
                    fd:de:6a:f4:e8:b1:74:8a:65:5f:9b:b0:a3:71:02:
                    12:8a:98:ed:2b:ca:9b:75:9b:95:2b:e1:63:dd:0a:
                    22:c0:67:ee:b5:7a:97:d0:37:81:e0:a9:ce:12:c2:
                    2a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:7C:39:E7:07:02:27:AC:FF:27:59:C0:C5:E0:5B:43:BD:1C:1B:86
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2ab62e17-956a-4003-9048-a2fbbfea513f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:a5:a7:f1:8b:04:72:a2:86:c2:33:b7:3f:83:d9:41:5d:ef:
         f1:31:75:7c:b4:99:7d:c8:bf:ef:fa:2e:a8:eb:42:65:3d:91:
         34:4f:2d:68:c8:fe:97:c7:e5:d5:33:1a:e5:fc:a2:1e:0c:39:
         38:60:e5:ee:ed:6e:4f:fa:b4:7d:1a:92:50:af:ee:34:57:7e:
         d7:13:44:70:6f:ae:9b:af:40:dd:c5:24:3a:f7:18:7e:eb:6a:
         53:20:68:87:4c:6c:cf:87:cd:1e:81:9b:a9:73:b9:bd:e0:a5:
         3c:70:d4:0a:f1:a0:a8:cc:0c:4b:19:64:1a:32:8e:c5:e4:3d:
         56:0b:bb:6a:52:1b:4e:56:ce:8b:d9:5a:5c:78:e6:f4:41:ad:
         03:fb:69:85:c9:44:a1:6c:5e:59:89:38:94:09:c5:81:f4:71:
         88:2e:ba:de:ee:58:a9:0f:35:8e:08:f7:71:88:6c:45:12:3b:
         d4:2f:bd:6b:f2:6a:13:b4:47:58:86:4e:b4:94:24:59:57:02:
         20:60:45:df:f0:17:63:01:47:c4:d3:e1:84:9d:a5:54:1e:b3:
         d4:ea:65:6f:3c:73:64:27:9c:8b:5e:21:a8:79:67:fa:ce:1e:
         7a:40:17:7a:02:d8:78:a6:02:46:82:71:68:0c:99:e2:0f:ac:
         63:b5:16:e2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUef5o5n8P7mwP7BZvGkbBI5pq6tYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE1MDAwMDAwWhcNMjQwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTk5YzIxNzc1NzhjYmMxN2JjOGU4NWE5NmE0YmY1OWI1
NDJjMGU1Njg5NTJkOTQ4ZTM1MzRiNWJlNTUyZmNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIZCFY3SQ2U4t7Nnk3gWNcHMooFzS/LRqjplmJMMZu+1rl
Wsu9hdO1ul0mJ8MBezq976KX44vLbFu7ExJk7JeIcROKM/1P2r7AY0rzfh41ev3k
gtf8AKzjEp+hshdKJ4wdR0k4vj6PlzPTsRa5cEwcsyE5vRbzJKHTEse1rWQgHS/S
/JOuVrgATL0JxPd/JyNzj0f3QDEu8NTxML6kp9Ujx6u/HrTO2dBtu8iCQ7n47oO3
LxZ0SGoXEetsrL6EMGVhSHJL3SvXlHn6RM2kDWBed/3eavTosXSKZV+bsKNxAhKK
mO0rypt1m5Ur4WPdCiLAZ+61epfQN4Hgqc4SwipbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBnw55wcCJ6z/J1nAxeBbQ70cG4YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJhYjYyZTE3LTk1NmEtNDAwMy05MDQ4LWEyZmJiZmVhNTEzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGulp/GLBHKihsIztz+D2UFd7/Ex
dXy0mX3Iv+/6LqjrQmU9kTRPLWjI/pfH5dUzGuX8oh4MOThg5e7tbk/6tH0aklCv
7jRXftcTRHBvrpuvQN3FJDr3GH7ralMgaIdMbM+HzR6Bm6lzub3gpTxw1ArxoKjM
DEsZZBoyjsXkPVYLu2pSG05WzovZWlx45vRBrQP7aYXJRKFsXlmJOJQJxYH0cYgu
ut7uWKkPNY4I93GIbEUSO9QvvWvyahO0R1iGTrSUJFlXAiBgRd/wF2MBR8TT4YSd
pVQes9TqZW88c2QnnIteIah5Z/rOHnpAF3oC2HimAkaCcWgMmeIPrGO1FuI=
-----END CERTIFICATE-----