Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3b6b06fe-0ee4-40f4-a807-1972bfb92823.roa
File:                     3b6b06fe-0ee4-40f4-a807-1972bfb92823.roa (raw, json)
Hash identifier:          TITytKI8S7FoXid/aVS1KzrEEM1yXQ3aE7K1KwieAfY=
Subject key identifier:   A8:B4:C0:0B:80:FF:6C:96:E8:AC:17:8B:F8:2E:85:A2:7B:08:80:9A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       619963E807EC88F6711D95DA7EF421669306401D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3b6b06fe-0ee4-40f4-a807-1972bfb92823.roa
Signing time:             Tue 28 May 2024 00:00:00 +0000
ROA not before:           Tue 28 May 2024 00:00:00 +0000
ROA not after:            Tue 02 Jul 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:99:63:e8:07:ec:88:f6:71:1d:95:da:7e:f4:21:66:93:06:40:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 28 00:00:00 2024 GMT
            Not After : Jul  2 23:59:59 2024 GMT
        Subject: serialNumber=aa301fd1779102b48588d7719ed9c7b025a0323b496108a42ee871d32d1897b9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:32:08:b4:43:cb:ce:d5:76:f4:a7:6f:6c:db:
                    15:77:7e:9b:79:a3:f2:db:99:c5:2e:29:d5:82:75:
                    7c:2e:b6:7f:31:33:fe:70:b9:c8:17:a8:1b:9c:e5:
                    a8:ea:74:92:61:85:c5:74:e9:00:aa:35:6d:60:ac:
                    f3:30:5e:ad:75:2c:9c:7a:97:ee:16:7f:af:00:bb:
                    00:0a:7c:b9:17:7d:52:01:54:75:96:a2:e8:cf:50:
                    c4:0a:64:f0:bd:18:fe:8d:8b:c8:c0:31:30:eb:10:
                    31:ae:dd:00:24:9c:16:9a:ee:37:9e:9a:7c:85:94:
                    58:2f:ea:c4:e9:f3:a6:6a:2c:91:49:3a:56:a6:5e:
                    ac:71:ba:1e:ce:b7:5f:42:e3:7d:4f:ed:b6:76:fd:
                    28:27:b0:5e:61:17:5f:2f:21:93:ae:d3:bb:30:d3:
                    59:51:14:49:78:46:f4:f5:56:ea:a5:98:69:c7:78:
                    bb:44:ff:38:bb:69:5f:17:73:65:bd:de:37:b0:20:
                    50:ab:07:c8:b7:40:19:10:de:98:8a:a8:48:07:6e:
                    94:2e:98:cf:b6:d2:fe:03:fe:ca:ea:ec:d8:a6:da:
                    62:47:15:70:82:3b:c9:e2:4d:7e:3a:c4:0c:45:d3:
                    09:c4:c4:64:ab:c0:f3:9c:76:8c:80:d0:38:81:7e:
                    de:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B4:C0:0B:80:FF:6C:96:E8:AC:17:8B:F8:2E:85:A2:7B:08:80:9A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3b6b06fe-0ee4-40f4-a807-1972bfb92823.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:5e:f9:84:fd:19:d0:82:81:99:ae:92:51:2c:3e:82:0c:0b:
         d6:f0:1f:36:63:95:73:31:54:3a:65:b7:5b:9d:e3:6d:57:9b:
         63:aa:42:4d:3e:7d:a3:17:5c:27:da:a8:e6:f8:bb:e3:f9:bb:
         79:04:83:d3:d4:75:c0:28:fc:dd:d7:8e:ca:e6:45:4b:52:2f:
         ed:88:3d:48:24:f1:74:df:81:59:19:dc:1b:71:ec:f1:bc:a6:
         9d:7b:bb:2d:c1:89:1e:1e:e4:4b:3b:c0:71:5f:15:53:7c:75:
         1b:18:91:e3:4b:7f:e4:53:e6:97:27:19:a5:95:22:cd:f0:bb:
         a0:44:5b:8e:e8:aa:21:a8:4f:2e:fa:c9:a6:1b:68:5e:6b:66:
         9b:af:00:99:b9:aa:1b:25:1e:ba:ee:d7:90:d5:6a:f4:23:25:
         86:cc:a0:50:a4:93:3c:da:5d:c2:3d:2a:96:ad:86:8d:e0:8e:
         47:ba:36:84:eb:a2:b3:99:d7:fb:37:f5:9f:b7:19:fc:37:09:
         65:b3:1e:e6:f8:ec:7c:86:ce:ac:f3:6f:98:fb:cc:ea:b8:bb:
         18:22:4f:79:d4:dd:a0:c5:77:79:e9:0f:99:ce:66:dc:4d:f8:
         a2:a7:0d:22:4e:0a:04:9f:c5:8f:85:71:ad:ee:4e:9b:f1:47:
         aa:f2:eb:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYZlj6AfsiPZxHZXafvQhZpMGQB0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTI4MDAwMDAwWhcNMjQwNzAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTMwMWZkMTc3OTEwMmI0ODU4OGQ3NzE5ZWQ5YzdiMDI1
YTAzMjNiNDk2MTA4YTQyZWU4NzFkMzJkMTg5N2I5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjMgi0Q8vO1Xb0p29s2xV3fpt5o/LbmcUuKdWCdXwutn8x
M/5wucgXqBuc5ajqdJJhhcV06QCqNW1grPMwXq11LJx6l+4Wf68AuwAKfLkXfVIB
VHWWoujPUMQKZPC9GP6Ni8jAMTDrEDGu3QAknBaa7jeemnyFlFgv6sTp86ZqLJFJ
OlamXqxxuh7Ot19C431P7bZ2/SgnsF5hF18vIZOu07sw01lRFEl4RvT1VuqlmGnH
eLtE/zi7aV8Xc2W93jewIFCrB8i3QBkQ3piKqEgHbpQumM+20v4D/srq7Nim2mJH
FXCCO8niTX46xAxF0wnExGSrwPOcdoyA0DiBft4jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqLTAC4D/bJborBeL+C6FonsIgJowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNiNmIwNmZlLTBlZTQtNDBmNC1hODA3LTE5NzJiZmI5MjgyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB9e+YT9GdCCgZmuklEsPoIMC9bw
HzZjlXMxVDplt1ud421Xm2OqQk0+faMXXCfaqOb4u+P5u3kEg9PUdcAo/N3Xjsrm
RUtSL+2IPUgk8XTfgVkZ3Btx7PG8pp17uy3BiR4e5Es7wHFfFVN8dRsYkeNLf+RT
5pcnGaWVIs3wu6BEW47oqiGoTy76yaYbaF5rZpuvAJm5qhslHrru15DVavQjJYbM
oFCkkzzaXcI9Kpatho3gjke6NoTrorOZ1/s39Z+3Gfw3CWWzHub47HyGzqzzb5j7
zOq4uxgiT3nU3aDFd3npD5nOZtxN+KKnDSJOCgSfxY+Fca3uTpvxR6ry6+8=
-----END CERTIFICATE-----