Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4799ad8d-e458-4bac-90af-4b2af509e1fc.roa
File:                     4799ad8d-e458-4bac-90af-4b2af509e1fc.roa (raw, json)
Hash identifier:          tLOw5dvISGsPPJ/hF8t2MUex74N3E/1PLcl/eqbqT84=
Subject key identifier:   F9:0D:0F:D6:F9:25:C4:F9:04:22:A4:87:B6:7D:3B:24:4E:7B:8A:0D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6CE91A202230BCF7DD4A878F748C07AA63E46FCF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4799ad8d-e458-4bac-90af-4b2af509e1fc.roa
Signing time:             Thu 12 Sep 2024 00:00:00 +0000
ROA not before:           Thu 12 Sep 2024 00:00:00 +0000
ROA not after:            Thu 17 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:e9:1a:20:22:30:bc:f7:dd:4a:87:8f:74:8c:07:aa:63:e4:6f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 12 00:00:00 2024 GMT
            Not After : Oct 17 23:59:59 2024 GMT
        Subject: serialNumber=860ae9b836e8f4f3ed1d5a8cf4c8470e34b730fdb9dc2456e1af64eb9b420163, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:3b:6e:04:25:a1:c9:a1:96:7a:e6:d0:98:90:
                    d5:fd:80:29:ca:98:5d:eb:34:f9:83:c9:38:7d:ff:
                    a0:b8:64:b9:a6:69:f2:c9:cb:c5:af:3f:ad:ad:0f:
                    73:3a:89:a4:6b:a9:20:ec:63:73:d0:cc:94:43:ef:
                    7c:5d:c0:9a:32:2c:39:21:4b:25:e1:18:ab:81:32:
                    79:f9:67:24:26:b5:28:a6:b4:47:b1:a2:b1:7c:89:
                    4e:4b:35:36:53:0c:19:1d:ec:c8:31:13:ab:e2:f9:
                    b7:e9:87:26:ef:9f:b5:17:56:48:a5:ce:9b:cb:03:
                    a0:1e:db:33:a2:fd:ed:9d:6c:2a:36:6b:16:22:25:
                    43:23:4a:9f:61:84:52:9a:75:d2:60:4b:be:fe:9f:
                    a5:0b:83:4b:20:a0:d0:53:3e:13:a6:d2:97:0f:68:
                    e1:6b:10:c1:79:05:a4:9d:95:eb:85:1c:66:57:19:
                    09:73:87:5c:ea:3b:dc:fa:f5:68:c7:b6:ec:c1:bc:
                    3a:f5:cb:fd:41:82:eb:19:77:76:cd:0a:48:52:48:
                    ea:21:ff:07:54:15:49:6f:94:c4:2f:02:52:00:bf:
                    8b:31:26:b3:06:73:60:3a:09:69:7a:53:82:44:e0:
                    b9:8e:56:27:f3:9f:2e:b1:fa:a0:4b:74:7e:7d:eb:
                    b1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:0D:0F:D6:F9:25:C4:F9:04:22:A4:87:B6:7D:3B:24:4E:7B:8A:0D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4799ad8d-e458-4bac-90af-4b2af509e1fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:8e:e9:0c:e2:96:f8:56:34:b8:fb:ea:ed:36:5e:38:70:55:
         4b:65:3b:c6:96:f5:ad:01:8c:7a:30:86:b0:00:cf:45:c9:eb:
         81:01:35:26:0e:e5:9b:35:ee:ff:63:2e:3f:b9:89:3d:02:62:
         4f:91:04:64:3b:63:7b:c1:9e:0e:25:8a:99:ab:5a:71:c1:bf:
         71:d3:52:69:1b:f8:cf:9f:29:49:70:b3:9a:a3:61:a0:02:d4:
         d8:a9:fa:c5:86:2d:44:4f:4b:8d:c7:15:61:29:20:dd:52:09:
         f7:fc:10:50:56:61:d2:f0:7e:2e:8f:16:f1:9c:b7:86:4d:89:
         34:6d:b4:25:c9:e4:ca:88:e7:c0:cb:20:b9:9a:b7:44:e5:9f:
         71:16:35:bc:d9:0d:0e:32:52:a4:9f:03:ee:34:25:8e:d8:28:
         4c:cf:6c:ee:30:db:51:65:5c:c5:e6:ef:d5:e1:63:8e:39:f4:
         2c:23:bc:b1:88:7f:d3:00:d8:9c:d4:2b:16:b1:fc:51:dd:e0:
         87:51:b2:c6:4a:ae:13:3e:a6:e4:ad:69:b3:5c:4e:02:98:0c:
         e1:97:ed:39:ed:ff:7c:21:ca:9f:dd:6b:12:56:5a:bf:a6:17:
         78:cf:04:f8:40:f9:23:03:1c:50:97:d4:64:e6:22:1f:60:69:
         1c:ca:01:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbOkaICIwvPfdSoePdIwHqmPkb88wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwOTEyMDAwMDAwWhcNMjQxMDE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjBhZTliODM2ZThmNGYzZWQxZDVhOGNmNGM4NDcwZTM0
YjczMGZkYjlkYzI0NTZlMWFmNjRlYjliNDIwMTYzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIO24EJaHJoZZ65tCYkNX9gCnKmF3rNPmDyTh9/6C4ZLmm
afLJy8WvP62tD3M6iaRrqSDsY3PQzJRD73xdwJoyLDkhSyXhGKuBMnn5ZyQmtSim
tEexorF8iU5LNTZTDBkd7MgxE6vi+bfphybvn7UXVkilzpvLA6Ae2zOi/e2dbCo2
axYiJUMjSp9hhFKaddJgS77+n6ULg0sgoNBTPhOm0pcPaOFrEMF5BaSdleuFHGZX
GQlzh1zqO9z69WjHtuzBvDr1y/1BgusZd3bNCkhSSOoh/wdUFUlvlMQvAlIAv4sx
JrMGc2A6CWl6U4JE4LmOVifzny6x+qBLdH5967FtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+Q0P1vklxPkEIqSHtn07JE57ig0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ3OTlhZDhkLWU0NTgtNGJhYy05MGFmLTRiMmFmNTA5ZTFmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADmO6QzilvhWNLj76u02XjhwVUtl
O8aW9a0BjHowhrAAz0XJ64EBNSYO5Zs17v9jLj+5iT0CYk+RBGQ7Y3vBng4lipmr
WnHBv3HTUmkb+M+fKUlws5qjYaAC1Nip+sWGLURPS43HFWEpIN1SCff8EFBWYdLw
fi6PFvGct4ZNiTRttCXJ5MqI58DLILmat0Tln3EWNbzZDQ4yUqSfA+40JY7YKEzP
bO4w21FlXMXm79XhY4459CwjvLGIf9MA2JzUKxax/FHd4IdRssZKrhM+puStabNc
TgKYDOGX7Tnt/3whyp/daxJWWr+mF3jPBPhA+SMDHFCX1GTmIh9gaRzKAbg=
-----END CERTIFICATE-----