Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/344d8a36-d368-4b92-a086-662d168f842a.roa
File:                     344d8a36-d368-4b92-a086-662d168f842a.roa (raw, json)
Hash identifier:          DgAEdvtpybiHJUOv/meRY11idICEbFwAKtIuq9BbX6o=
Subject key identifier:   41:F4:C1:15:B0:1F:AA:1E:E9:AC:BF:03:40:5B:07:42:0A:CC:BC:35
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1354A23DB2DF6D891CAC5A7190020F5739655017
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/344d8a36-d368-4b92-a086-662d168f842a.roa
Signing time:             Fri 17 May 2024 00:00:00 +0000
ROA not before:           Fri 17 May 2024 00:00:00 +0000
ROA not after:            Fri 21 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:54:a2:3d:b2:df:6d:89:1c:ac:5a:71:90:02:0f:57:39:65:50:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 17 00:00:00 2024 GMT
            Not After : Jun 21 23:59:59 2024 GMT
        Subject: serialNumber=97ad7ccabfdd95cdb889724e49fdbec8ce05eb3e0dc5c3e13e74f59fe8742984, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e1:43:e8:84:47:40:15:b4:66:d2:71:79:7b:
                    91:3a:d9:4d:f8:ae:27:53:d4:b2:db:2f:4e:db:1b:
                    0a:54:49:b6:d7:ea:62:6f:84:8e:29:94:9e:22:8d:
                    48:83:7c:3f:77:53:c7:51:ef:5d:91:26:3b:55:68:
                    1b:16:0b:3f:87:0d:b8:ef:09:c6:40:7d:77:73:9c:
                    10:f9:d0:9a:31:80:c6:53:1d:c4:06:02:2f:dd:36:
                    28:fd:8b:3d:e0:65:ed:69:6b:d5:17:c3:29:ec:bb:
                    c7:f7:22:32:b7:36:19:a7:1a:38:36:42:cc:04:45:
                    61:11:f2:ef:36:75:70:e7:11:7f:83:e8:22:4d:da:
                    07:b9:ea:ad:20:08:da:03:98:4c:f9:70:c4:f5:d2:
                    63:3f:61:e4:83:93:76:b5:c6:40:21:d0:04:46:9f:
                    23:6f:35:9b:51:c6:be:11:77:09:f1:37:e8:6e:56:
                    ad:ce:84:95:fa:fb:3d:b0:3d:35:7b:97:2a:6f:2a:
                    fe:92:80:96:aa:bd:80:96:2a:4a:f7:cd:7f:b7:e5:
                    97:6d:f6:1d:ef:d9:28:3a:65:81:f4:69:00:65:19:
                    6f:e6:71:d8:ad:19:c8:a7:44:38:92:c0:b4:7e:40:
                    ab:8f:60:e6:49:4a:82:5e:f9:f4:dd:ea:18:52:c0:
                    0b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F4:C1:15:B0:1F:AA:1E:E9:AC:BF:03:40:5B:07:42:0A:CC:BC:35
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/344d8a36-d368-4b92-a086-662d168f842a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:3d:49:a1:09:09:f1:b3:08:94:c9:53:70:98:fc:2b:56:85:
         bd:33:81:ab:e0:9c:2b:6b:45:c5:83:7a:9a:13:2e:c2:1d:9a:
         82:67:45:0b:5d:e2:bc:97:05:04:93:95:3f:5c:86:9f:46:d3:
         0f:75:1e:85:56:f5:6e:25:6a:51:74:1b:80:90:da:6f:4b:0b:
         9d:1e:02:3f:8f:96:1a:e6:89:fd:59:14:c1:be:d2:a5:6f:24:
         92:6b:9a:de:9d:0e:fd:38:b7:72:ce:19:47:02:3b:81:6b:4a:
         58:fb:2e:15:b2:3b:ed:2b:6f:64:6c:36:30:74:ea:55:03:d5:
         e0:ea:bb:8a:7e:e6:aa:6e:d4:f2:a2:b8:46:db:4a:d9:1f:60:
         4c:30:86:38:ad:ff:ac:c1:15:87:29:eb:6e:4a:69:2f:2a:08:
         f9:80:51:10:09:59:f7:b3:30:5c:44:f1:4d:83:45:85:e7:54:
         31:37:e7:b4:13:0b:88:36:27:6f:0d:35:dc:bc:36:58:97:ce:
         df:99:c5:a1:1d:dd:f7:af:e7:3b:12:06:c3:c1:a6:70:e8:b7:
         e2:1c:9b:a3:db:83:19:e9:ce:09:27:e5:f8:c3:64:44:c4:a8:
         a0:76:d4:c0:76:6c:4b:31:33:f2:8a:f7:a4:a0:8e:6a:74:c9:
         30:e1:24:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE1SiPbLfbYkcrFpxkAIPVzllUBcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTE3MDAwMDAwWhcNMjQwNjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5N2FkN2NjYWJmZGQ5NWNkYjg4OTcyNGU0OWZkYmVjOGNl
MDVlYjNlMGRjNWMzZTEzZTc0ZjU5ZmU4NzQyOTg0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDg4UPohEdAFbRm0nF5e5E62U34ridT1LLbL07bGwpUSbbX
6mJvhI4plJ4ijUiDfD93U8dR712RJjtVaBsWCz+HDbjvCcZAfXdznBD50JoxgMZT
HcQGAi/dNij9iz3gZe1pa9UXwynsu8f3IjK3NhmnGjg2QswERWER8u82dXDnEX+D
6CJN2ge56q0gCNoDmEz5cMT10mM/YeSDk3a1xkAh0ARGnyNvNZtRxr4RdwnxN+hu
Vq3OhJX6+z2wPTV7lypvKv6SgJaqvYCWKkr3zX+35Zdt9h3v2Sg6ZYH0aQBlGW/m
cditGcinRDiSwLR+QKuPYOZJSoJe+fTd6hhSwAtJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQfTBFbAfqh7prL8DQFsHQgrMvDUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM0NGQ4YTM2LWQzNjgtNGI5Mi1hMDg2LTY2MmQxNjhmODQyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACM9SaEJCfGzCJTJU3CY/CtWhb0z
gavgnCtrRcWDepoTLsIdmoJnRQtd4ryXBQSTlT9chp9G0w91HoVW9W4lalF0G4CQ
2m9LC50eAj+Plhrmif1ZFMG+0qVvJJJrmt6dDv04t3LOGUcCO4FrSlj7LhWyO+0r
b2RsNjB06lUD1eDqu4p+5qpu1PKiuEbbStkfYEwwhjit/6zBFYcp625KaS8qCPmA
URAJWfezMFxE8U2DRYXnVDE357QTC4g2J28NNdy8NliXzt+ZxaEd3fev5zsSBsPB
pnDot+Icm6Pbgxnpzgkn5fjDZETEqKB21MB2bEsxM/KK96Sgjmp0yTDhJHQ=
-----END CERTIFICATE-----