Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3970ca8e-5dc8-4a15-9b53-a747660c6784.roa
File:                     3970ca8e-5dc8-4a15-9b53-a747660c6784.roa (raw, json)
Hash identifier:          AoFIN0Ij4z7xg3NDsjz1XpHcMxq9hbYk/U1XyUEdIoE=
Subject key identifier:   76:1E:E5:5B:27:A0:BB:F2:C8:43:2E:0E:7D:CD:AB:A1:7C:76:36:B7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       027FB94361858B4A8A824DD0A2ACEAD146F5EE25
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3970ca8e-5dc8-4a15-9b53-a747660c6784.roa
Signing time:             Tue 02 Jul 2024 00:00:00 +0000
ROA not before:           Tue 02 Jul 2024 00:00:00 +0000
ROA not after:            Tue 06 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:7f:b9:43:61:85:8b:4a:8a:82:4d:d0:a2:ac:ea:d1:46:f5:ee:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  2 00:00:00 2024 GMT
            Not After : Aug  6 23:59:59 2024 GMT
        Subject: serialNumber=90dd60f4a6416b438073e308a33636fcb7fdf5a98a6943efa85bdd112ff44ee5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:0a:8c:4d:0d:5a:29:81:72:82:55:cf:ea:62:
                    ea:e6:8a:cc:9e:35:e9:3f:d1:85:a5:13:14:96:83:
                    45:a2:3e:84:03:cc:03:20:42:8f:22:b0:78:3f:92:
                    63:39:ac:47:e1:d9:fc:8e:4f:4d:6e:1b:e9:d9:95:
                    2c:b9:1a:21:d4:6c:de:ca:44:f8:e8:ff:88:d0:fa:
                    82:dc:f6:8f:64:5b:7c:4d:94:65:67:28:14:e0:22:
                    a8:d4:02:72:b5:93:3e:be:05:fb:8f:8d:05:8c:2c:
                    06:ad:07:d2:4e:7f:f3:e0:f3:db:5b:6d:23:d5:11:
                    99:21:8c:41:a3:24:0a:5a:06:99:bb:64:24:0c:ac:
                    c0:41:f8:de:28:44:fa:0a:a5:e3:f2:30:85:67:9b:
                    72:1b:e8:23:4b:94:41:55:63:2d:43:88:cf:c8:10:
                    3c:89:0e:34:ae:9d:13:c9:02:81:5b:f4:e1:4a:54:
                    4f:a3:2e:c8:29:dc:1d:b2:95:4b:e6:cf:63:db:99:
                    d3:ef:cb:52:86:9f:5e:b4:1f:b9:f7:e2:7e:66:26:
                    77:8c:7a:55:12:35:46:bb:37:cb:0f:d0:89:2b:0f:
                    50:49:70:91:8b:16:19:5c:94:d9:7d:60:c9:8c:7e:
                    f8:4b:c6:59:29:b1:98:e0:01:0a:34:f3:8e:72:9e:
                    41:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1E:E5:5B:27:A0:BB:F2:C8:43:2E:0E:7D:CD:AB:A1:7C:76:36:B7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3970ca8e-5dc8-4a15-9b53-a747660c6784.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:82:8b:03:07:93:41:cf:3b:91:4b:05:a2:23:6f:4b:a8:f6:
         78:51:77:f9:fe:c4:1f:70:0c:dc:65:13:a1:87:52:c0:c1:e9:
         d1:fb:5a:27:52:97:70:a4:25:26:cf:2e:98:76:bb:4f:ec:1b:
         e1:a0:87:22:3d:04:23:91:a4:9b:8e:6c:9e:31:b2:9c:ab:2f:
         3e:b0:b0:42:5e:ea:87:43:8e:0c:eb:25:24:eb:cd:18:1e:18:
         48:fb:0f:80:94:b5:c6:7e:e1:79:42:66:11:ef:29:69:7a:c5:
         a3:e1:83:72:5d:19:bf:c0:4c:de:8a:b3:0c:3e:a6:44:a5:89:
         3d:86:6d:ce:e3:87:db:e5:89:77:3a:8b:61:5c:ab:c6:6e:3f:
         c8:46:08:21:d9:9b:b6:ac:0e:24:25:3e:fe:bc:c0:c2:7f:98:
         0c:c7:d9:6e:08:38:67:cb:71:e4:91:7b:a6:5c:aa:09:ca:1e:
         bd:b8:4b:9f:9a:f8:ac:d1:85:83:af:14:2a:2f:97:12:0d:7f:
         ce:37:96:28:4c:ff:5a:3c:07:af:bb:80:55:d7:54:3e:80:a9:
         e2:29:27:a4:03:8f:c4:91:4c:76:24:3b:cf:40:3b:46:9b:5f:
         1a:ec:32:be:ca:83:fe:82:cf:21:1b:a3:6c:70:40:d8:b9:8d:
         f6:b7:81:85
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAn+5Q2GFi0qKgk3Qoqzq0Ub17iUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzAyMDAwMDAwWhcNMjQwODA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MGRkNjBmNGE2NDE2YjQzODA3M2UzMDhhMzM2MzZmY2I3
ZmRmNWE5OGE2OTQzZWZhODViZGQxMTJmZjQ0ZWU1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcCoxNDVopgXKCVc/qYurmisyeNek/0YWlExSWg0WiPoQD
zAMgQo8isHg/kmM5rEfh2fyOT01uG+nZlSy5GiHUbN7KRPjo/4jQ+oLc9o9kW3xN
lGVnKBTgIqjUAnK1kz6+BfuPjQWMLAatB9JOf/Pg89tbbSPVEZkhjEGjJApaBpm7
ZCQMrMBB+N4oRPoKpePyMIVnm3Ib6CNLlEFVYy1DiM/IEDyJDjSunRPJAoFb9OFK
VE+jLsgp3B2ylUvmz2PbmdPvy1KGn160H7n34n5mJneMelUSNUa7N8sP0IkrD1BJ
cJGLFhlclNl9YMmMfvhLxlkpsZjgAQo0845ynkGzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdh7lWyegu/LIQy4Ofc2roXx2NrcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM5NzBjYThlLTVkYzgtNGExNS05YjUzLWE3NDc2NjBjNjc4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH2CiwMHk0HPO5FLBaIjb0uo9nhR
d/n+xB9wDNxlE6GHUsDB6dH7WidSl3CkJSbPLph2u0/sG+GghyI9BCORpJuObJ4x
spyrLz6wsEJe6odDjgzrJSTrzRgeGEj7D4CUtcZ+4XlCZhHvKWl6xaPhg3JdGb/A
TN6Ksww+pkSliT2Gbc7jh9vliXc6i2Fcq8ZuP8hGCCHZm7asDiQlPv68wMJ/mAzH
2W4IOGfLceSRe6ZcqgnKHr24S5+a+KzRhYOvFCovlxINf843lihM/1o8B6+7gFXX
VD6AqeIpJ6QDj8SRTHYkO89AO0abXxrsMr7Kg/6CzyEbo2xwQNi5jfa3gYU=
-----END CERTIFICATE-----