Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/30fe21ca-0177-42c0-9462-b992d1e81f09.roa
File:                     30fe21ca-0177-42c0-9462-b992d1e81f09.roa (raw, json)
Hash identifier:          uZfB5QN5dKD0Y74OxUfylugQuvH+VOXsYd+Sj2VAxRY=
Subject key identifier:   55:C0:51:8F:88:71:50:4F:E8:B7:C6:03:D0:AC:30:A9:93:CF:61:E0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4BD42E08C7C39E1273B8587DE374C8B0101733D6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/30fe21ca-0177-42c0-9462-b992d1e81f09.roa
Signing time:             Wed 06 Mar 2024 00:00:00 +0000
ROA not before:           Wed 06 Mar 2024 00:00:00 +0000
ROA not after:            Wed 10 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:d4:2e:08:c7:c3:9e:12:73:b8:58:7d:e3:74:c8:b0:10:17:33:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  6 00:00:00 2024 GMT
            Not After : Apr 10 23:59:59 2024 GMT
        Subject: serialNumber=3a46f98b2a5a581bb27a5f67a1624b2e80f98a2c14fc99cfb840e5dae8f3695a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:09:ec:1a:a5:62:43:17:fa:1b:47:66:bb:2c:
                    51:ea:a5:05:93:7d:0d:b1:3d:41:a3:a7:b0:f9:d4:
                    26:c1:bc:7d:db:cc:56:c8:6b:63:b0:3c:b2:ab:4b:
                    12:af:9e:44:2f:6f:70:9a:eb:b8:af:b9:01:b0:5b:
                    f8:5b:75:f4:60:5b:88:12:c6:98:be:6b:a9:dd:45:
                    a8:c4:43:af:da:e1:b1:56:4a:b0:d2:0a:1b:46:a0:
                    86:05:fa:0d:d8:0a:cb:2e:8d:09:00:87:51:53:61:
                    b7:c1:49:e4:4a:c9:0a:ea:01:ba:4d:72:d3:40:62:
                    a3:83:ba:54:2b:ca:51:98:8f:e5:54:7b:ea:c8:b8:
                    68:b9:b1:f8:fe:c3:a2:57:e3:6f:3e:64:5e:23:20:
                    19:1f:4b:2d:e8:69:d9:a7:17:7e:04:a7:f1:c0:60:
                    16:95:fe:7b:04:7d:35:5a:7f:c2:1e:e9:dd:82:5b:
                    e4:92:cd:da:94:0e:41:8d:cf:ab:17:a3:ea:da:f9:
                    bb:ae:18:e1:5a:91:0b:87:a5:49:72:0d:f8:d8:8b:
                    ae:02:00:c4:87:e5:a0:0c:3b:77:f6:24:1f:84:0e:
                    96:87:99:ca:f3:c6:3e:93:5e:55:0d:ca:a9:99:13:
                    69:27:8d:fc:60:ef:aa:97:fd:97:4d:ee:41:10:6e:
                    49:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:C0:51:8F:88:71:50:4F:E8:B7:C6:03:D0:AC:30:A9:93:CF:61:E0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/30fe21ca-0177-42c0-9462-b992d1e81f09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:c6:f5:5e:cf:66:cc:65:13:3a:42:45:9d:31:5d:41:e0:63:
         29:27:e4:cd:67:58:c6:ba:9e:ca:af:69:be:80:1d:0d:0c:72:
         7b:11:70:15:fe:bb:24:74:c1:6f:1e:c0:a7:e2:08:8c:63:5d:
         22:a8:fd:f5:31:3a:75:65:ff:bd:39:61:fa:f3:79:1e:c2:5a:
         6d:bc:b8:01:09:5e:2f:cc:67:3e:6c:42:48:ef:23:b1:52:d0:
         4c:da:0b:58:d1:32:d0:77:8a:0a:fa:63:51:99:54:fc:78:d2:
         11:db:14:3e:4f:3d:0e:fc:6d:59:87:36:8e:93:97:36:0c:95:
         80:52:e2:fb:b3:c9:57:6a:f3:b6:be:38:33:76:31:a2:a9:ea:
         1a:d1:38:27:fb:91:c1:2e:9e:53:dc:4e:dc:39:75:b3:b3:73:
         e0:d7:d4:7e:cd:db:e6:49:ea:7b:21:e8:79:96:fb:9d:3a:6c:
         02:36:e7:2c:83:9f:ed:d5:07:cf:36:7b:1f:fc:37:bc:61:0b:
         ed:8e:4d:f5:0a:cd:43:1f:cf:e5:6b:ce:04:12:22:d7:90:62:
         fd:09:7d:ad:4f:05:ab:4c:da:38:95:5e:d8:ec:d3:42:a5:71:
         16:c7:4d:ab:9a:24:06:21:cb:24:07:9f:a5:0d:22:e5:7e:05:
         ce:f5:30:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUS9QuCMfDnhJzuFh943TIsBAXM9YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzA2MDAwMDAwWhcNMjQwNDEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTQ2Zjk4YjJhNWE1ODFiYjI3YTVmNjdhMTYyNGIyZTgw
Zjk4YTJjMTRmYzk5Y2ZiODQwZTVkYWU4ZjM2OTVhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8CewapWJDF/obR2a7LFHqpQWTfQ2xPUGjp7D51CbBvH3b
zFbIa2OwPLKrSxKvnkQvb3Ca67ivuQGwW/hbdfRgW4gSxpi+a6ndRajEQ6/a4bFW
SrDSChtGoIYF+g3YCssujQkAh1FTYbfBSeRKyQrqAbpNctNAYqODulQrylGYj+VU
e+rIuGi5sfj+w6JX428+ZF4jIBkfSy3oadmnF34Ep/HAYBaV/nsEfTVaf8Ie6d2C
W+SSzdqUDkGNz6sXo+ra+buuGOFakQuHpUlyDfjYi64CAMSH5aAMO3f2JB+EDpaH
mcrzxj6TXlUNyqmZE2knjfxg76qX/ZdN7kEQbkkPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVcBRj4hxUE/ot8YD0KwwqZPPYeAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMwZmUyMWNhLTAxNzctNDJjMC05NDYyLWI5OTJkMWU4MWYwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAATG9V7PZsxlEzpCRZ0xXUHgYykn
5M1nWMa6nsqvab6AHQ0McnsRcBX+uyR0wW8ewKfiCIxjXSKo/fUxOnVl/705Yfrz
eR7CWm28uAEJXi/MZz5sQkjvI7FS0EzaC1jRMtB3igr6Y1GZVPx40hHbFD5PPQ78
bVmHNo6TlzYMlYBS4vuzyVdq87a+ODN2MaKp6hrROCf7kcEunlPcTtw5dbOzc+DX
1H7N2+ZJ6nsh6HmW+506bAI25yyDn+3VB882ex/8N7xhC+2OTfUKzUMfz+VrzgQS
IteQYv0Jfa1PBatM2jiVXtjs00KlcRbHTauaJAYhyyQHn6UNIuV+Bc71MAI=
-----END CERTIFICATE-----