Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2da9843e-9b29-4ea6-83b3-b1e8fb8ffb9c.roa
File:                     2da9843e-9b29-4ea6-83b3-b1e8fb8ffb9c.roa (raw, json)
Hash identifier:          ktZ4nkiTUITWSBnMe/n4qCChXAdr9L5So+dbi1zkg6k=
Subject key identifier:   BA:92:03:55:35:80:B2:CA:D1:C9:55:41:48:F1:82:60:69:7C:52:A2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4497B923F1560B7D9B9B96F700CF131D6434FE98
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2da9843e-9b29-4ea6-83b3-b1e8fb8ffb9c.roa
Signing time:             Wed 17 Apr 2024 00:00:00 +0000
ROA not before:           Wed 17 Apr 2024 00:00:00 +0000
ROA not after:            Wed 22 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:97:b9:23:f1:56:0b:7d:9b:9b:96:f7:00:cf:13:1d:64:34:fe:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 17 00:00:00 2024 GMT
            Not After : May 22 23:59:59 2024 GMT
        Subject: serialNumber=d5a9af6cb840e2c8c1e3936ec404192e2d51afbf41cf07a30d68b011c633c06e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:14:e3:44:7e:c2:ee:50:49:3e:fe:29:5e:95:
                    57:85:43:3d:07:59:b9:0c:a0:0c:2c:a1:61:b1:1e:
                    4d:d4:63:48:56:41:3c:b8:b5:b5:df:05:53:cc:37:
                    be:b9:e1:2e:c5:e8:70:a5:d5:f4:d0:04:d2:5f:e7:
                    a3:93:c0:ac:50:a2:7c:08:7f:18:3f:c3:d5:e2:b6:
                    f9:2e:d5:e8:06:f2:01:66:8d:cf:7a:c1:0c:a3:66:
                    4b:e6:cf:c8:fc:f1:96:a6:af:32:37:69:6b:3f:99:
                    1b:c9:65:2e:49:e8:c8:d9:7f:bd:23:e7:a9:8c:c8:
                    bc:8b:dd:13:de:dc:27:15:fc:78:61:9e:83:50:1f:
                    c1:78:10:10:c8:51:41:44:ff:57:d9:1c:83:14:8c:
                    21:c5:3b:4d:e1:7a:ff:42:93:e7:f8:93:05:79:7b:
                    bc:c9:0a:56:c6:ad:cb:db:e2:e1:77:92:e6:7c:08:
                    d0:99:94:30:c5:d5:61:7b:b0:80:e1:b1:bc:22:2e:
                    f4:08:b7:f6:46:af:0d:31:a8:67:0d:fe:68:89:4f:
                    cb:49:3d:77:d8:be:13:b2:be:fb:97:fe:8f:61:65:
                    0b:1e:5b:c4:a7:7e:3b:f5:35:eb:22:19:c8:f4:8e:
                    59:e4:f1:00:d5:ee:6b:2c:a6:24:25:dc:33:56:49:
                    0b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:92:03:55:35:80:B2:CA:D1:C9:55:41:48:F1:82:60:69:7C:52:A2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2da9843e-9b29-4ea6-83b3-b1e8fb8ffb9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:ff:25:e5:7c:57:9e:6c:3e:7b:64:00:29:dc:43:f1:df:c1:
         2f:5f:54:d3:1a:d2:43:8e:67:f8:b3:ac:d6:a6:ab:bf:9b:60:
         a9:0a:d1:35:7a:95:23:f1:37:c6:6e:23:d1:26:c5:2b:61:ef:
         f5:ae:8e:66:4a:96:40:f2:ef:e7:eb:3f:fb:65:7e:42:a8:17:
         32:f7:6d:51:03:7b:6d:77:13:19:42:15:9c:c4:0c:7e:ca:7f:
         4e:a2:65:6a:f6:11:8d:36:35:10:f9:9f:3b:d1:f8:3c:a8:da:
         87:00:f4:52:55:45:a4:a3:f6:f2:fc:90:b0:c3:44:08:f8:a2:
         72:fe:5c:9a:ff:3f:f4:21:87:3f:f6:2d:20:21:bc:ac:3c:17:
         a3:07:da:c7:d0:63:e9:29:d8:74:e0:4f:17:75:44:12:3c:f9:
         12:d1:92:35:71:38:3c:48:b8:b5:fe:46:2a:16:79:b0:90:d5:
         6a:fc:64:e7:b8:f6:8f:9e:80:bf:00:2f:f6:21:ae:85:0b:b4:
         f4:cf:5d:5a:4c:2a:2b:d2:10:58:4d:25:10:c0:bd:cd:fe:11:
         6b:53:84:8d:32:38:6d:3e:1c:c4:dd:74:db:6f:93:24:2f:56:
         93:c3:c8:4c:4c:68:62:76:bd:42:7e:5a:01:9c:1c:15:e8:64:
         f2:1c:32:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURJe5I/FWC32bm5b3AM8THWQ0/pgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDE3MDAwMDAwWhcNMjQwNTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNWE5YWY2Y2I4NDBlMmM4YzFlMzkzNmVjNDA0MTkyZTJk
NTFhZmJmNDFjZjA3YTMwZDY4YjAxMWM2MzNjMDZlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7FONEfsLuUEk+/ilelVeFQz0HWbkMoAwsoWGxHk3UY0hW
QTy4tbXfBVPMN7654S7F6HCl1fTQBNJf56OTwKxQonwIfxg/w9Xitvku1egG8gFm
jc96wQyjZkvmz8j88ZamrzI3aWs/mRvJZS5J6MjZf70j56mMyLyL3RPe3CcV/Hhh
noNQH8F4EBDIUUFE/1fZHIMUjCHFO03hev9Ck+f4kwV5e7zJClbGrcvb4uF3kuZ8
CNCZlDDF1WF7sIDhsbwiLvQIt/ZGrw0xqGcN/miJT8tJPXfYvhOyvvuX/o9hZQse
W8Snfjv1NesiGcj0jlnk8QDV7msspiQl3DNWSQvrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUupIDVTWAssrRyVVBSPGCYGl8UqIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJkYTk4NDNlLTliMjktNGVhNi04M2IzLWIxZThmYjhmZmI5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKb/JeV8V55sPntkACncQ/HfwS9f
VNMa0kOOZ/izrNamq7+bYKkK0TV6lSPxN8ZuI9EmxSth7/WujmZKlkDy7+frP/tl
fkKoFzL3bVEDe213ExlCFZzEDH7Kf06iZWr2EY02NRD5nzvR+Dyo2ocA9FJVRaSj
9vL8kLDDRAj4onL+XJr/P/Qhhz/2LSAhvKw8F6MH2sfQY+kp2HTgTxd1RBI8+RLR
kjVxODxIuLX+RioWebCQ1Wr8ZOe49o+egL8AL/YhroULtPTPXVpMKivSEFhNJRDA
vc3+EWtThI0yOG0+HMTddNtvkyQvVpPDyExMaGJ2vUJ+WgGcHBXoZPIcMh4=
-----END CERTIFICATE-----