Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44a8fc20-48d0-449f-a70b-26403eeb07fd.roa
File:                     44a8fc20-48d0-449f-a70b-26403eeb07fd.roa (raw, json)
Hash identifier:          rA1vYXdWQfXPaTz87VHPgldLO1s8JMLK5I9RhAHZ5hA=
Subject key identifier:   83:F8:D7:01:58:EE:99:81:C0:A8:37:73:F7:79:27:0D:C8:1E:0D:C1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2F38F07C7839278D7D006EF72C13C5C4205D1980
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44a8fc20-48d0-449f-a70b-26403eeb07fd.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:38:f0:7c:78:39:27:8d:7d:00:6e:f7:2c:13:c5:c4:20:5d:19:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=a9fc07ac52bd5451e191a77bed3d4ae094cb5e6c09576094008d60f199b8968b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:05:5a:57:60:71:a0:c5:1c:ae:65:37:84:a0:
                    dc:b4:42:7e:52:5b:70:13:d0:c0:44:26:e9:4c:14:
                    ff:67:3f:47:4d:2f:17:40:7a:96:4a:d8:7d:e9:2c:
                    7a:db:9e:69:c3:38:ec:f5:65:a7:80:ee:d2:75:a6:
                    f9:8f:17:fe:fd:99:05:26:82:75:fa:f7:b9:f8:bd:
                    00:18:d0:5c:ca:be:4f:a2:bc:a7:d9:0b:bf:29:5d:
                    5d:b1:1d:4f:6f:d4:1a:cd:1a:5c:13:a4:94:28:13:
                    0f:2b:f1:9a:3e:c9:8f:16:b4:9e:34:33:f5:42:db:
                    77:c8:e7:92:07:91:18:af:59:91:4e:11:26:38:62:
                    9f:9a:d3:66:8e:4d:1f:c1:02:26:3b:b5:79:b7:d7:
                    70:36:d9:2d:08:e8:d2:9f:b2:f0:2d:75:24:0d:f6:
                    14:df:f2:cf:92:26:c7:85:86:b3:41:7f:6f:44:93:
                    67:6a:9e:2f:e2:55:4f:66:22:6e:bc:04:70:fd:36:
                    24:b6:1f:6d:b4:e7:45:a8:23:16:47:f1:b9:24:20:
                    dc:9b:e2:5b:74:1b:22:6f:cd:78:34:e6:93:b8:50:
                    02:79:52:fc:84:b3:d5:8e:89:be:97:18:90:88:8f:
                    91:de:a8:d3:98:de:70:5e:dc:32:2d:75:df:9a:89:
                    b4:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F8:D7:01:58:EE:99:81:C0:A8:37:73:F7:79:27:0D:C8:1E:0D:C1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44a8fc20-48d0-449f-a70b-26403eeb07fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:8d:c6:51:1c:f3:0f:32:d0:e9:ea:68:94:c0:f6:3e:f2:01:
         d2:e5:bb:f7:4d:e4:1f:51:64:b8:44:cb:e2:5a:55:a1:92:88:
         33:8d:a8:2e:73:d0:4a:31:38:9d:f9:f2:60:e2:98:85:78:0a:
         d2:76:1f:8b:5a:ad:76:48:ed:ab:a7:5f:d5:21:45:ee:db:12:
         b8:6c:f3:1e:2f:a1:a7:f7:59:70:a9:64:5e:35:44:61:cc:72:
         26:86:0d:99:7a:bd:3a:b7:04:45:21:81:fd:57:d3:8b:0f:d4:
         ec:eb:1f:4d:28:6e:bf:84:eb:36:70:e2:a2:c0:7f:c7:28:e3:
         54:98:62:f6:a0:71:8c:00:ba:be:cb:89:02:25:38:24:d3:5d:
         f6:44:86:9b:74:5a:ea:76:04:e1:8b:e4:12:7f:7e:00:36:c8:
         4e:b0:28:ff:9d:bf:36:b3:0d:20:e2:da:ed:87:a6:7c:86:fa:
         d6:8f:1b:9c:11:a5:8a:72:72:09:82:7d:b5:5e:99:0e:fb:94:
         7a:70:55:8b:dc:9f:cc:c7:92:d0:7b:1c:c3:03:d3:ee:36:00:
         10:a2:12:b9:07:56:06:f4:a8:5b:45:3a:ad:95:db:dc:57:ed:
         58:40:15:93:4f:40:f2:a6:6b:e4:be:2d:58:fc:86:de:93:94:
         f8:77:00:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULzjwfHg5J419AG73LBPFxCBdGYAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzA1MDAwMDAwWhcNMjQwNDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWZjMDdhYzUyYmQ1NDUxZTE5MWE3N2JlZDNkNGFlMDk0
Y2I1ZTZjMDk1NzYwOTQwMDhkNjBmMTk5Yjg5NjhiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1BVpXYHGgxRyuZTeEoNy0Qn5SW3AT0MBEJulMFP9nP0dN
LxdAepZK2H3pLHrbnmnDOOz1ZaeA7tJ1pvmPF/79mQUmgnX697n4vQAY0FzKvk+i
vKfZC78pXV2xHU9v1BrNGlwTpJQoEw8r8Zo+yY8WtJ40M/VC23fI55IHkRivWZFO
ESY4Yp+a02aOTR/BAiY7tXm313A22S0I6NKfsvAtdSQN9hTf8s+SJseFhrNBf29E
k2dqni/iVU9mIm68BHD9NiS2H22050WoIxZH8bkkINyb4lt0GyJvzXg05pO4UAJ5
UvyEs9WOib6XGJCIj5HeqNOY3nBe3DItdd+aibRrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUg/jXAVjumYHAqDdz93knDcgeDcEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ0YThmYzIwLTQ4ZDAtNDQ5Zi1hNzBiLTI2NDAzZWViMDdmZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFyNxlEc8w8y0OnqaJTA9j7yAdLl
u/dN5B9RZLhEy+JaVaGSiDONqC5z0EoxOJ358mDimIV4CtJ2H4tarXZI7aunX9Uh
Re7bErhs8x4voaf3WXCpZF41RGHMciaGDZl6vTq3BEUhgf1X04sP1OzrH00obr+E
6zZw4qLAf8co41SYYvagcYwAur7LiQIlOCTTXfZEhpt0Wup2BOGL5BJ/fgA2yE6w
KP+dvzazDSDi2u2HpnyG+taPG5wRpYpycgmCfbVemQ77lHpwVYvcn8zHktB7HMMD
0+42ABCiErkHVgb0qFtFOq2V29xX7VhAFZNPQPKma+S+LVj8ht6TlPh3AMQ=
-----END CERTIFICATE-----