Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/40d8b3a8-4fe6-42cb-b507-cd72ccfe6719.roa
File:                     40d8b3a8-4fe6-42cb-b507-cd72ccfe6719.roa (raw, json)
Hash identifier:          SJO7e9VWyfU/5B4/iYfGSiLi/rkDUneuU7CnsIt+/g4=
Subject key identifier:   90:68:B6:6E:D7:B3:3B:C8:06:5E:DC:89:79:3A:FF:74:A9:66:7C:DE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4FF9D4A23C7875626857AAC9649BC94D3235B468
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/40d8b3a8-4fe6-42cb-b507-cd72ccfe6719.roa
Signing time:             Thu 24 Oct 2024 00:00:00 +0000
ROA not before:           Thu 24 Oct 2024 00:00:00 +0000
ROA not after:            Thu 28 Nov 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:f9:d4:a2:3c:78:75:62:68:57:aa:c9:64:9b:c9:4d:32:35:b4:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 24 00:00:00 2024 GMT
            Not After : Nov 28 23:59:59 2024 GMT
        Subject: serialNumber=48369de4eb8de29f219f19283c2a5ae458d1fbbcdb0d95b309a35558feeacf23, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:50:b6:59:49:57:2a:dc:4f:ee:06:4e:fb:57:
                    28:c8:05:fb:71:0b:72:40:fa:62:31:ce:dd:dc:e1:
                    73:37:84:ef:fa:33:2b:1a:2f:e1:eb:75:75:55:fd:
                    df:28:d8:47:65:d1:a8:33:db:7f:eb:a4:70:41:07:
                    3c:f3:d3:29:0a:01:c8:83:4e:9c:78:a0:11:32:1f:
                    f1:11:82:07:6c:a6:ea:68:13:7b:e9:a8:30:d4:03:
                    04:b5:01:6f:51:3c:ec:d0:cf:6b:90:9d:d1:02:cf:
                    c8:31:c2:e4:e6:a6:1c:2a:80:b0:c5:70:00:33:cc:
                    f0:01:62:c9:d2:2b:a4:5d:ad:fe:1d:68:7c:39:9e:
                    bc:09:ac:f7:e1:2b:3a:9c:7e:97:2b:33:b5:32:0f:
                    98:6c:21:e6:7c:f1:e6:c8:ed:f2:2c:6e:1c:42:7d:
                    19:83:81:ca:16:5c:36:13:6c:d9:bf:57:25:8c:4c:
                    05:8f:d0:7b:6a:87:24:fa:4c:95:50:51:61:5f:2f:
                    d3:91:35:fc:2d:e7:10:b2:56:e0:b3:06:2f:76:31:
                    42:9b:c6:b0:eb:2f:c1:e3:59:2d:de:a4:0a:0e:dc:
                    a8:44:1e:44:e8:c7:4c:7b:d4:24:1e:5a:c1:b5:a8:
                    1c:f3:8a:33:71:19:7f:01:92:6b:06:8a:ae:74:3e:
                    29:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:68:B6:6E:D7:B3:3B:C8:06:5E:DC:89:79:3A:FF:74:A9:66:7C:DE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/40d8b3a8-4fe6-42cb-b507-cd72ccfe6719.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:92:47:cf:ef:e3:44:a4:d2:4e:39:5f:af:dd:fb:3b:24:e2:
         0b:50:f3:91:81:dd:b2:16:3b:54:e5:9b:04:c5:21:f4:4d:de:
         52:ba:53:66:b5:24:50:fa:cf:18:1c:51:2f:3f:92:97:c0:78:
         24:c1:b5:37:fe:fa:9d:e2:dd:dd:5d:45:8f:6d:ea:fe:51:bf:
         6f:5a:c6:70:35:73:fc:d7:ee:7b:d6:b9:ff:b1:60:74:fd:f4:
         b1:50:21:d6:b4:c0:b1:b1:3f:6a:fa:ec:07:f2:77:c4:fe:99:
         56:e2:90:bb:62:7b:5a:8c:52:d0:ea:4c:80:dd:7e:cb:ea:16:
         7e:4b:44:c4:f2:c0:04:2b:8b:5e:3f:da:f9:53:e5:4c:ea:58:
         05:be:28:d9:8e:9f:4c:16:f8:69:cd:6d:c1:fa:26:ee:7c:c4:
         40:8a:58:56:f1:3a:80:0d:30:b5:cb:61:a4:2e:88:6f:0d:12:
         a5:6c:af:87:b6:c1:29:97:e0:91:bf:c0:4e:02:f6:7e:c9:04:
         36:41:dc:ef:88:b8:85:32:0f:dd:83:8b:5f:55:bc:34:3a:8f:
         18:19:a4:ad:97:8c:17:b9:24:19:52:e7:39:c4:2a:f7:09:48:
         9a:7c:77:7e:c9:8b:56:db:b5:41:62:6b:bc:cd:89:bb:96:7a:
         9c:76:cb:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT/nUojx4dWJoV6rJZJvJTTI1tGgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDI0MDAwMDAwWhcNMjQxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODM2OWRlNGViOGRlMjlmMjE5ZjE5MjgzYzJhNWFlNDU4
ZDFmYmJjZGIwZDk1YjMwOWEzNTU1OGZlZWFjZjIzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnULZZSVcq3E/uBk77VyjIBftxC3JA+mIxzt3c4XM3hO/6
MysaL+HrdXVV/d8o2Edl0agz23/rpHBBBzzz0ykKAciDTpx4oBEyH/ERggdspupo
E3vpqDDUAwS1AW9RPOzQz2uQndECz8gxwuTmphwqgLDFcAAzzPABYsnSK6Rdrf4d
aHw5nrwJrPfhKzqcfpcrM7UyD5hsIeZ88ebI7fIsbhxCfRmDgcoWXDYTbNm/VyWM
TAWP0HtqhyT6TJVQUWFfL9ORNfwt5xCyVuCzBi92MUKbxrDrL8HjWS3epAoO3KhE
HkTox0x71CQeWsG1qBzzijNxGX8BkmsGiq50PimbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkGi2btezO8gGXtyJeTr/dKlmfN4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQwZDhiM2E4LTRmZTYtNDJjYi1iNTA3LWNkNzJjY2ZlNjcxOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACeSR8/v40Sk0k45X6/d+zsk4gtQ
85GB3bIWO1TlmwTFIfRN3lK6U2a1JFD6zxgcUS8/kpfAeCTBtTf++p3i3d1dRY9t
6v5Rv29axnA1c/zX7nvWuf+xYHT99LFQIda0wLGxP2r67Afyd8T+mVbikLtie1qM
UtDqTIDdfsvqFn5LRMTywAQri14/2vlT5UzqWAW+KNmOn0wW+GnNbcH6Ju58xECK
WFbxOoANMLXLYaQuiG8NEqVsr4e2wSmX4JG/wE4C9n7JBDZB3O+IuIUyD92Di19V
vDQ6jxgZpK2XjBe5JBlS5znEKvcJSJp8d37Ji1bbtUFia7zNibuWepx2yyI=
-----END CERTIFICATE-----