Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/479803d2-245b-4750-93a1-51d534de7cd9.roa
File:                     479803d2-245b-4750-93a1-51d534de7cd9.roa (raw, json)
Hash identifier:          rtG9pLz0RUW0oY6K+N0FgpRoiIq8JXvmz2/aShGtzh4=
Subject key identifier:   50:85:EA:71:48:7B:59:8C:C6:E2:BF:DA:12:0A:AA:07:CC:54:C0:85
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2FF475C6ADF8396BAA2FA1075D5F05558EDDBF80
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/479803d2-245b-4750-93a1-51d534de7cd9.roa
Signing time:             Thu 24 Oct 2024 00:00:00 +0000
ROA not before:           Thu 24 Oct 2024 00:00:00 +0000
ROA not after:            Thu 28 Nov 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:f4:75:c6:ad:f8:39:6b:aa:2f:a1:07:5d:5f:05:55:8e:dd:bf:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 24 00:00:00 2024 GMT
            Not After : Nov 28 23:59:59 2024 GMT
        Subject: serialNumber=6201ce52e6b3b4bf412ccafa0410dac98d638979a701c13a70d1298757790641, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6f:e1:38:fe:3d:c0:66:bc:aa:35:5d:2c:c0:
                    8d:3a:c8:3a:3f:33:02:a5:f7:15:81:87:5a:4a:f2:
                    b4:54:bc:65:cd:dc:ab:af:8b:7a:0a:d6:7f:8c:55:
                    69:06:c0:6e:12:db:9c:64:cc:db:3d:29:3b:8c:d9:
                    31:4c:81:95:08:e6:34:0d:f2:0f:29:80:b5:5e:49:
                    bc:f2:f3:cb:bc:f3:f6:53:87:d0:d8:5d:80:02:f2:
                    11:c5:a4:61:9a:e8:9e:ab:48:9c:3d:75:2e:32:46:
                    21:1b:2d:ea:1a:64:60:dd:cb:8c:75:4a:b4:9a:d4:
                    e1:22:71:98:46:71:b0:fc:56:29:db:d6:0b:54:1f:
                    62:da:c9:a4:b0:18:5b:b1:00:2d:bf:db:58:d0:53:
                    8a:62:57:a9:34:3e:63:3e:39:47:68:b4:67:99:f9:
                    6f:5f:85:9c:89:88:e4:38:d8:d9:79:43:bf:4f:52:
                    84:6a:85:d0:27:a6:94:ff:aa:4a:ee:51:57:66:cf:
                    a0:4d:4f:58:08:dd:d0:58:49:00:08:af:be:8a:cb:
                    a1:43:61:aa:d8:83:3c:d1:4b:6b:4b:95:06:78:da:
                    8c:66:e6:9d:34:33:20:65:ca:34:77:f5:f4:fa:3a:
                    87:9a:2b:08:77:73:bd:94:29:7a:30:16:86:24:25:
                    32:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:85:EA:71:48:7B:59:8C:C6:E2:BF:DA:12:0A:AA:07:CC:54:C0:85
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/479803d2-245b-4750-93a1-51d534de7cd9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:c4:8f:43:fa:47:1b:7d:72:cf:aa:6b:de:c5:f2:b9:a3:b5:
         dd:d2:b2:8f:d4:b5:dd:a4:71:59:ee:30:9e:de:fc:4b:4e:25:
         99:b4:b8:48:9a:f6:67:e5:bc:d9:90:5c:41:b2:c2:d6:1d:3b:
         1a:9a:3c:82:f6:57:45:84:67:5f:cc:8e:c4:8b:17:9a:fa:f8:
         b0:d3:c5:ff:83:f3:8d:49:2f:da:4e:fa:f0:81:da:38:89:ab:
         3c:74:eb:51:4c:81:35:a4:c3:b6:2c:ca:8c:92:ca:a4:55:8d:
         48:19:aa:db:e6:d2:fd:a8:62:c7:d6:c3:f1:a4:17:42:82:9e:
         17:86:49:e1:44:0a:3a:c5:45:50:9d:a8:6e:82:6d:ab:29:29:
         a2:54:50:fe:03:38:cf:bc:8d:a4:55:20:79:4c:ee:bb:44:7a:
         a2:a2:95:43:ff:04:eb:57:6f:16:be:c5:b1:53:70:f4:d5:da:
         33:7f:15:05:90:a6:88:61:59:3e:8b:4e:91:9f:17:36:e1:61:
         e2:27:05:a6:64:2d:2e:f4:9f:20:7b:3b:b9:19:33:d6:55:26:
         dc:ab:18:04:d5:75:17:b0:51:70:2b:e7:91:9b:6f:3d:48:5a:
         27:67:7e:57:45:1d:4f:97:02:d4:b2:cc:bf:da:2b:df:e1:81:
         f6:4b:40:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL/R1xq34OWuqL6EHXV8FVY7dv4AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDI0MDAwMDAwWhcNMjQxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjAxY2U1MmU2YjNiNGJmNDEyY2NhZmEwNDEwZGFjOThk
NjM4OTc5YTcwMWMxM2E3MGQxMjk4NzU3NzkwNjQxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCub+E4/j3AZryqNV0swI06yDo/MwKl9xWBh1pK8rRUvGXN
3Kuvi3oK1n+MVWkGwG4S25xkzNs9KTuM2TFMgZUI5jQN8g8pgLVeSbzy88u88/ZT
h9DYXYAC8hHFpGGa6J6rSJw9dS4yRiEbLeoaZGDdy4x1SrSa1OEicZhGcbD8Vinb
1gtUH2LayaSwGFuxAC2/21jQU4piV6k0PmM+OUdotGeZ+W9fhZyJiOQ42Nl5Q79P
UoRqhdAnppT/qkruUVdmz6BNT1gI3dBYSQAIr76Ky6FDYarYgzzRS2tLlQZ42oxm
5p00MyBlyjR39fT6OoeaKwh3c72UKXowFoYkJTIDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUIXqcUh7WYzG4r/aEgqqB8xUwIUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ3OTgwM2QyLTI0NWItNDc1MC05M2ExLTUxZDUzNGRlN2NkOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKPEj0P6Rxt9cs+qa97F8rmjtd3S
so/Utd2kcVnuMJ7e/EtOJZm0uEia9mflvNmQXEGywtYdOxqaPIL2V0WEZ1/MjsSL
F5r6+LDTxf+D841JL9pO+vCB2jiJqzx061FMgTWkw7YsyoySyqRVjUgZqtvm0v2o
YsfWw/GkF0KCnheGSeFECjrFRVCdqG6CbaspKaJUUP4DOM+8jaRVIHlM7rtEeqKi
lUP/BOtXbxa+xbFTcPTV2jN/FQWQpohhWT6LTpGfFzbhYeInBaZkLS70nyB7O7kZ
M9ZVJtyrGATVdRewUXAr55Gbbz1IWidnfldFHU+XAtSyzL/aK9/hgfZLQJ4=
-----END CERTIFICATE-----