Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2deddbef-9586-4e2a-a600-5c5c97888221.roa
File:                     2deddbef-9586-4e2a-a600-5c5c97888221.roa (raw, json)
Hash identifier:          ce7Uihy2i3tw6628HIHCiQEwMbpFyOULU0OHhodWgUg=
Subject key identifier:   BF:E5:E7:DE:0A:00:8D:AB:A0:96:1B:7A:7F:59:2D:23:AA:15:F7:71
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       589D1F28569969DD85A008463C463C19B92F608F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2deddbef-9586-4e2a-a600-5c5c97888221.roa
Signing time:             Fri 02 Feb 2024 00:00:00 +0000
ROA not before:           Fri 02 Feb 2024 00:00:00 +0000
ROA not after:            Fri 08 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:9d:1f:28:56:99:69:dd:85:a0:08:46:3c:46:3c:19:b9:2f:60:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  2 00:00:00 2024 GMT
            Not After : Mar  8 23:59:59 2024 GMT
        Subject: serialNumber=c77ff754ff51b497d11af607b755e00733f0cb3d6d97d191e217f2be780effd2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c5:ec:50:d3:7f:77:05:32:ac:ed:f8:43:16:
                    44:cb:24:0b:54:22:3b:c2:29:6a:ba:5e:68:37:be:
                    db:4c:29:85:a0:22:df:a8:b2:46:73:71:c4:48:86:
                    85:4d:10:2a:62:08:16:0d:6a:58:ec:b2:c9:ad:80:
                    99:68:3c:a1:5c:31:45:02:fa:47:a2:0c:6e:0d:b0:
                    fd:49:a1:57:59:29:50:11:fa:c4:a4:dc:ba:5a:99:
                    58:bc:67:51:61:77:08:72:7d:72:1b:82:ee:3e:d0:
                    ee:de:63:29:53:95:d0:ec:0f:d9:99:df:4e:20:af:
                    0b:35:6a:5a:d3:6e:3b:84:4a:5b:b4:d2:ba:62:b0:
                    e2:ed:50:6a:b1:59:e6:cc:68:11:91:f0:84:2e:a2:
                    e5:e2:70:96:a6:3c:dd:a6:d7:c5:23:40:aa:a0:1a:
                    24:ae:06:cc:8d:42:43:fe:c6:7d:80:1e:db:68:35:
                    da:43:7f:3a:0d:f8:4e:8e:98:c2:72:c7:7d:a1:ed:
                    d3:6a:77:bf:34:77:6d:74:5a:37:ca:b7:0f:68:5d:
                    d2:05:e4:83:20:71:60:5c:e1:42:08:89:56:92:b9:
                    89:43:dc:27:6a:65:12:a4:f0:12:86:c5:22:e8:61:
                    cf:7e:55:64:78:87:88:13:d0:eb:d3:d5:4c:c9:3d:
                    08:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:E5:E7:DE:0A:00:8D:AB:A0:96:1B:7A:7F:59:2D:23:AA:15:F7:71
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2deddbef-9586-4e2a-a600-5c5c97888221.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:f3:63:e4:66:bc:a8:e5:a5:f8:53:64:5f:30:37:1b:12:ca:
         d3:83:0a:6c:44:b4:bd:1b:e1:af:c7:6f:3d:41:5d:b1:29:61:
         49:05:b0:ed:76:57:97:f5:f7:3f:80:60:29:fb:74:b0:f6:1d:
         83:00:c9:40:95:19:45:fa:75:e7:44:0d:c4:a4:49:ec:b4:98:
         f7:2b:9e:ef:ae:9a:31:31:6b:ee:89:ba:77:99:4e:58:91:4d:
         a3:7b:bf:ab:eb:31:3f:b9:8a:e1:db:3b:27:45:68:8b:0f:96:
         25:2d:37:ce:4c:d8:92:48:1e:50:6a:f7:84:c0:cf:30:0e:45:
         30:67:4a:e9:d8:c8:b6:f6:61:a0:8b:54:04:2b:da:b4:80:92:
         3a:be:5d:c2:f6:86:ba:e5:69:6d:d6:66:b4:de:f7:45:11:ab:
         7e:9e:ce:14:44:f1:f3:c8:5f:78:94:34:82:46:89:8d:d3:2f:
         9e:e9:d1:93:94:bf:80:2f:c0:65:da:b4:58:44:a4:d6:d3:b3:
         7f:51:5a:58:9c:7b:17:00:8d:97:95:86:42:87:31:2e:2f:89:
         95:c9:44:ec:a5:4c:77:99:dc:1e:34:6a:5f:92:84:15:c3:08:
         f3:f1:0c:0b:97:44:d0:a0:01:2c:36:f6:e0:84:e5:cc:6e:f8:
         6a:c9:9c:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWJ0fKFaZad2FoAhGPEY8GbkvYI8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjAyMDAwMDAwWhcNMjQwMzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNzdmZjc1NGZmNTFiNDk3ZDExYWY2MDdiNzU1ZTAwNzMz
ZjBjYjNkNmQ5N2QxOTFlMjE3ZjJiZTc4MGVmZmQyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtxexQ0393BTKs7fhDFkTLJAtUIjvCKWq6Xmg3vttMKYWg
It+oskZzccRIhoVNECpiCBYNaljsssmtgJloPKFcMUUC+keiDG4NsP1JoVdZKVAR
+sSk3LpamVi8Z1FhdwhyfXIbgu4+0O7eYylTldDsD9mZ304grws1alrTbjuESlu0
0rpisOLtUGqxWebMaBGR8IQuouXicJamPN2m18UjQKqgGiSuBsyNQkP+xn2AHtto
NdpDfzoN+E6OmMJyx32h7dNqd780d210WjfKtw9oXdIF5IMgcWBc4UIIiVaSuYlD
3CdqZRKk8BKGxSLoYc9+VWR4h4gT0OvT1UzJPQjnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUv+Xn3goAjauglht6f1ktI6oV93EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJkZWRkYmVmLTk1ODYtNGUyYS1hNjAwLTVjNWM5Nzg4ODIyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB/zY+RmvKjlpfhTZF8wNxsSytOD
CmxEtL0b4a/Hbz1BXbEpYUkFsO12V5f19z+AYCn7dLD2HYMAyUCVGUX6dedEDcSk
Sey0mPcrnu+umjExa+6JuneZTliRTaN7v6vrMT+5iuHbOydFaIsPliUtN85M2JJI
HlBq94TAzzAORTBnSunYyLb2YaCLVAQr2rSAkjq+XcL2hrrlaW3WZrTe90URq36e
zhRE8fPIX3iUNIJGiY3TL57p0ZOUv4AvwGXatFhEpNbTs39RWlicexcAjZeVhkKH
MS4viZXJROylTHeZ3B40al+ShBXDCPPxDAuXRNCgASw29uCE5cxu+GrJnNM=
-----END CERTIFICATE-----