Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2d7272c7-ece4-42e6-8cc9-950f90f2c1f2.roa
File:                     2d7272c7-ece4-42e6-8cc9-950f90f2c1f2.roa (raw, json)
Hash identifier:          QRwJCiNyp+rHwcwMxZrwrMuFhtog1aYyetabpM8WaUk=
Subject key identifier:   32:79:5F:2F:53:C1:9D:92:7E:46:9B:0B:0B:3D:AC:0E:6B:26:6D:52
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1917335545A433E63CF97C34DFCEBED7D9F4CBA3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2d7272c7-ece4-42e6-8cc9-950f90f2c1f2.roa
Signing time:             Tue 16 Apr 2024 00:00:00 +0000
ROA not before:           Tue 16 Apr 2024 00:00:00 +0000
ROA not after:            Tue 21 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:17:33:55:45:a4:33:e6:3c:f9:7c:34:df:ce:be:d7:d9:f4:cb:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 16 00:00:00 2024 GMT
            Not After : May 21 23:59:59 2024 GMT
        Subject: serialNumber=ff94f513b0b8b4c83847f151b35ee82550a22e2b2cdb6c99f368ca66ddbe6d93, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:cf:bc:68:7f:51:a6:91:f2:c8:6c:b3:07:b7:
                    f7:4a:6b:68:e3:8b:aa:eb:1e:7d:36:e0:b4:ff:0b:
                    7a:42:2b:a3:54:4a:33:fa:ef:b3:db:c8:a2:bd:b3:
                    c0:cf:8a:c4:7f:d2:66:18:28:58:85:c0:51:7d:a2:
                    a6:09:83:b6:15:c0:3b:54:ac:bb:7f:fe:f0:f2:bd:
                    c4:2d:7f:e9:fb:17:09:67:98:99:d0:69:6a:aa:2f:
                    be:a7:9a:94:57:fa:07:2c:c0:52:f1:9d:5b:13:88:
                    4f:8d:dd:76:ae:a2:b6:21:44:a8:17:d9:1d:e2:a7:
                    82:fe:7d:a1:0d:46:35:84:c4:39:84:c5:a9:ce:ef:
                    60:06:da:31:64:c8:5f:42:eb:5b:5f:9d:ee:be:32:
                    22:c6:ae:53:47:53:3b:81:92:bd:b8:21:fe:3a:b1:
                    29:1b:ff:5e:36:f4:2e:e5:8a:bc:79:ea:e8:17:ad:
                    40:cd:cd:25:6e:13:4d:38:5b:e4:fe:bb:58:ba:b2:
                    74:d2:4e:03:9b:53:c9:50:e5:1f:9f:05:fd:31:98:
                    d8:99:8d:e5:b4:5a:1c:71:68:2b:4c:d3:aa:1f:2a:
                    a7:47:b8:11:37:2d:a2:5d:01:e7:64:3e:02:16:f3:
                    1a:88:23:a4:96:de:19:50:a5:82:54:b9:4c:45:ef:
                    e9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:79:5F:2F:53:C1:9D:92:7E:46:9B:0B:0B:3D:AC:0E:6B:26:6D:52
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2d7272c7-ece4-42e6-8cc9-950f90f2c1f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:04:37:0a:2a:f2:d0:59:17:0b:83:2f:fc:ba:99:ff:c9:18:
         26:e5:55:a9:72:b1:c4:29:1a:fe:2b:52:86:b6:ec:cf:a6:94:
         10:95:4b:ed:0b:60:75:49:65:06:46:d9:52:98:bd:e3:80:23:
         4c:fc:b7:bf:ce:a3:c0:0a:ff:b4:16:62:99:e7:a4:a0:bc:a1:
         9d:06:1e:54:37:a9:32:6e:16:e7:54:fb:a3:73:40:72:f2:cb:
         c1:5d:a6:65:5c:ea:4e:fc:6c:82:55:12:56:df:80:52:a4:ee:
         f3:22:fb:52:31:a3:77:92:0a:30:01:1d:91:f5:bd:fe:dc:82:
         8f:4b:b5:4c:a1:1c:40:52:e5:0b:f0:c9:2b:76:12:14:ca:95:
         b4:f8:e7:03:75:bc:11:ee:27:4d:34:0a:7b:7c:0d:3d:c4:4b:
         27:1d:9e:8e:92:d2:ce:57:5d:95:7d:28:e5:96:94:6a:bd:ca:
         90:d7:3b:f9:cd:c4:ad:eb:21:97:4a:7d:48:87:1b:34:df:e0:
         18:4d:3b:e5:c5:d7:35:5c:98:f7:5f:98:1f:a6:9f:97:62:47:
         e1:4c:e4:3c:8e:96:57:69:d6:51:81:f3:98:20:0a:2b:a7:dc:
         0c:54:28:ee:65:68:76:2c:f6:ad:c2:32:63:65:1e:2f:14:6a:
         85:b7:49:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGRczVUWkM+Y8+Xw0386+19n0y6MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDE2MDAwMDAwWhcNMjQwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjk0ZjUxM2IwYjhiNGM4Mzg0N2YxNTFiMzVlZTgyNTUw
YTIyZTJiMmNkYjZjOTlmMzY4Y2E2NmRkYmU2ZDkzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNz7xof1GmkfLIbLMHt/dKa2jji6rrHn024LT/C3pCK6NU
SjP677PbyKK9s8DPisR/0mYYKFiFwFF9oqYJg7YVwDtUrLt//vDyvcQtf+n7Fwln
mJnQaWqqL76nmpRX+gcswFLxnVsTiE+N3XauorYhRKgX2R3ip4L+faENRjWExDmE
xanO72AG2jFkyF9C61tfne6+MiLGrlNHUzuBkr24If46sSkb/1429C7lirx56ugX
rUDNzSVuE004W+T+u1i6snTSTgObU8lQ5R+fBf0xmNiZjeW0WhxxaCtM06ofKqdH
uBE3LaJdAedkPgIW8xqII6SW3hlQpYJUuUxF7+nfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMnlfL1PBnZJ+RpsLCz2sDmsmbVIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJkNzI3MmM3LWVjZTQtNDJlNi04Y2M5LTk1MGY5MGYyYzFmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALAENwoq8tBZFwuDL/y6mf/JGCbl
ValyscQpGv4rUoa27M+mlBCVS+0LYHVJZQZG2VKYveOAI0z8t7/Oo8AK/7QWYpnn
pKC8oZ0GHlQ3qTJuFudU+6NzQHLyy8FdpmVc6k78bIJVElbfgFKk7vMi+1Ixo3eS
CjABHZH1vf7cgo9LtUyhHEBS5QvwySt2EhTKlbT45wN1vBHuJ000Cnt8DT3ESycd
no6S0s5XXZV9KOWWlGq9ypDXO/nNxK3rIZdKfUiHGzTf4BhNO+XF1zVcmPdfmB+m
n5diR+FM5DyOlldp1lGB85ggCiun3AxUKO5laHYs9q3CMmNlHi8UaoW3Sb0=
-----END CERTIFICATE-----