Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3a8cc9be-763e-465e-b49c-f87c1f153541.roa
File:                     3a8cc9be-763e-465e-b49c-f87c1f153541.roa (raw, json)
Hash identifier:          Mw9kiueHTu8UoyYZ/PjmOAvnYSzpOQe794KLQtAeGck=
Subject key identifier:   20:DB:B9:8D:50:0C:A5:C9:56:61:E7:14:99:B9:31:4F:53:8C:C7:6E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       604CDD3400D9B0E799932DEF13A0473BCC777852
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3a8cc9be-763e-465e-b49c-f87c1f153541.roa
Signing time:             Wed 13 Mar 2024 00:00:00 +0000
ROA not before:           Wed 13 Mar 2024 00:00:00 +0000
ROA not after:            Wed 17 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:4c:dd:34:00:d9:b0:e7:99:93:2d:ef:13:a0:47:3b:cc:77:78:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 13 00:00:00 2024 GMT
            Not After : Apr 17 23:59:59 2024 GMT
        Subject: serialNumber=b7b20bf7d335a03ef4074d1dce0b33d27798f025539f9fd50f7aba6d1572b502, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:52:f1:52:70:40:bf:a6:a9:18:b5:7e:ee:1f:
                    39:1f:25:33:67:2e:ac:f6:0d:98:39:e4:89:54:59:
                    d3:76:e7:83:62:8b:34:2d:63:35:5c:fc:2e:54:97:
                    6c:11:55:11:dd:4d:e1:29:d9:0a:1e:a8:4d:ef:3c:
                    35:70:28:c5:a5:4a:db:1e:87:a2:ff:4a:ab:22:61:
                    60:3a:b0:33:16:5a:36:f6:e2:fe:a2:fa:ae:6e:04:
                    04:6b:a7:fa:97:1e:d7:c9:8d:21:ff:b0:0e:28:b4:
                    c3:c1:08:f0:b2:80:c4:5d:4f:df:54:3a:c9:52:5d:
                    14:5c:5d:85:3e:c4:04:18:6c:74:8c:f2:18:a9:bd:
                    f7:78:2d:77:6b:c2:6e:16:04:fa:d8:54:17:30:c3:
                    0d:80:fb:d5:ea:6f:d1:77:6f:99:c2:1a:6c:1d:f3:
                    0b:09:a2:80:21:60:51:80:ac:3b:4b:4d:b0:cd:60:
                    9c:85:29:f2:78:b2:88:64:9a:d1:c5:5d:40:ad:a6:
                    ba:a0:69:ac:4d:b6:9c:55:a5:aa:95:00:b4:01:ae:
                    e1:38:11:13:36:9a:4e:0b:d8:e4:e9:b8:be:85:6c:
                    b5:22:1d:2b:98:4f:33:30:fb:c5:84:6e:7b:7d:5e:
                    6d:a4:4b:0c:7a:7f:cc:ec:b1:f9:89:81:a0:d4:85:
                    63:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:DB:B9:8D:50:0C:A5:C9:56:61:E7:14:99:B9:31:4F:53:8C:C7:6E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3a8cc9be-763e-465e-b49c-f87c1f153541.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:0a:6e:94:85:0b:ef:ee:97:c3:66:6d:f9:0b:6f:44:ee:40:
         ea:33:30:51:71:c3:4d:de:f7:e2:84:a5:51:1c:ac:2b:40:12:
         6d:7b:76:ed:cf:cf:05:66:7b:4f:99:be:e2:59:41:6c:b2:d2:
         14:94:4c:f8:64:2a:73:89:e6:02:31:b4:53:d4:89:85:ac:30:
         d8:6f:15:61:56:33:bf:50:1e:43:f9:b6:1a:9f:75:e0:51:c0:
         8a:ae:3d:8b:ac:a7:81:07:06:a4:e6:5f:fe:96:4f:01:df:ed:
         69:19:71:02:3b:be:ac:fa:98:c0:94:58:f6:de:7b:0b:6a:f3:
         e5:22:8a:2b:8c:6e:78:c3:bb:1b:4a:a5:f5:52:27:04:1f:d6:
         d6:87:bb:a2:73:e0:8c:64:53:d2:d8:f0:dc:0b:35:b0:c4:9e:
         1a:66:fa:7c:77:d4:d4:ff:46:0a:b5:4c:f8:8e:43:5b:6a:7e:
         f9:69:6e:55:cd:5c:ea:90:03:64:54:fa:c7:01:fa:6f:30:3d:
         c6:3c:9e:d1:0b:4c:29:ef:dc:4c:c2:6b:97:1e:bc:4e:79:a8:
         07:af:30:ac:f0:32:81:99:5c:0d:97:26:b2:b1:89:36:f6:58:
         1b:ec:d8:f3:6c:5b:ff:c7:f5:75:75:3c:4e:3d:b9:a6:86:b8:
         c4:0a:ce:c5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYEzdNADZsOeZky3vE6BHO8x3eFIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzEzMDAwMDAwWhcNMjQwNDE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiN2IyMGJmN2QzMzVhMDNlZjQwNzRkMWRjZTBiMzNkMjc3
OThmMDI1NTM5ZjlmZDUwZjdhYmE2ZDE1NzJiNTAyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD2UvFScEC/pqkYtX7uHzkfJTNnLqz2DZg55IlUWdN254Ni
izQtYzVc/C5Ul2wRVRHdTeEp2QoeqE3vPDVwKMWlStseh6L/SqsiYWA6sDMWWjb2
4v6i+q5uBARrp/qXHtfJjSH/sA4otMPBCPCygMRdT99UOslSXRRcXYU+xAQYbHSM
8hipvfd4LXdrwm4WBPrYVBcwww2A+9Xqb9F3b5nCGmwd8wsJooAhYFGArDtLTbDN
YJyFKfJ4sohkmtHFXUCtprqgaaxNtpxVpaqVALQBruE4ERM2mk4L2OTpuL6FbLUi
HSuYTzMw+8WEbnt9Xm2kSwx6f8zssfmJgaDUhWO7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUINu5jVAMpclWYecUmbkxT1OMx24wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNhOGNjOWJlLTc2M2UtNDY1ZS1iNDljLWY4N2MxZjE1MzU0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKMKbpSFC+/ul8NmbfkLb0TuQOoz
MFFxw03e9+KEpVEcrCtAEm17du3PzwVme0+ZvuJZQWyy0hSUTPhkKnOJ5gIxtFPU
iYWsMNhvFWFWM79QHkP5thqfdeBRwIquPYusp4EHBqTmX/6WTwHf7WkZcQI7vqz6
mMCUWPbeewtq8+UiiiuMbnjDuxtKpfVSJwQf1taHu6Jz4IxkU9LY8NwLNbDEnhpm
+nx31NT/Rgq1TPiOQ1tqfvlpblXNXOqQA2RU+scB+m8wPcY8ntELTCnv3EzCa5ce
vE55qAevMKzwMoGZXA2XJrKxiTb2WBvs2PNsW//H9XV1PE49uaaGuMQKzsU=
-----END CERTIFICATE-----