Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4e13df9c-7268-4a1c-817d-422e46048e30.roa
File:                     4e13df9c-7268-4a1c-817d-422e46048e30.roa (raw, json)
Hash identifier:          6NNSl1ce93V5GQBIv57tXvXsXKMKdThNI655OnqxaCw=
Subject key identifier:   4C:D3:10:D6:57:D5:38:63:DE:CA:7B:28:E9:7F:E9:15:B3:23:34:95
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7EE96A99E588BE92902EDEBAFF27D2512F9E3ECE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4e13df9c-7268-4a1c-817d-422e46048e30.roa
Signing time:             Thu 08 Feb 2024 00:00:00 +0000
ROA not before:           Thu 08 Feb 2024 00:00:00 +0000
ROA not after:            Thu 14 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:e9:6a:99:e5:88:be:92:90:2e:de:ba:ff:27:d2:51:2f:9e:3e:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  8 00:00:00 2024 GMT
            Not After : Mar 14 23:59:59 2024 GMT
        Subject: serialNumber=a17675a5afa67b83ffa939e23bd3edc2b829deafcf0cef5a936feaa160eacbdb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c3:be:f9:c7:b4:bf:73:41:36:ed:a1:e1:7e:
                    04:f1:05:fd:16:aa:1d:08:a9:ed:5b:58:39:b9:a6:
                    d8:4c:db:65:72:49:78:f1:23:0b:42:5f:d9:bd:e0:
                    a8:a6:a0:2a:7d:fe:7f:b6:50:42:b0:8d:47:d9:1f:
                    c7:dd:1c:d5:ea:26:b4:95:38:7b:4d:b3:2b:89:32:
                    44:32:b1:ba:46:37:ea:de:0c:f5:af:33:f7:5a:f1:
                    30:9f:f6:7c:94:13:1d:18:83:40:9c:e4:71:0f:5f:
                    cd:90:53:ac:a1:a0:fb:b4:b6:59:a8:19:c5:53:34:
                    f8:65:db:c5:a5:18:38:13:f8:22:c0:48:94:dd:74:
                    c8:a0:e8:55:c9:35:03:37:2b:27:32:a6:63:a5:f0:
                    d8:fd:f4:86:fc:ca:9c:d2:4a:38:33:8a:81:73:2a:
                    de:15:38:07:4b:aa:24:fc:1a:d6:1e:17:95:0d:0c:
                    47:8b:57:fd:a4:e6:67:de:d6:a3:63:68:00:f3:22:
                    9d:67:75:df:d9:34:31:8c:12:56:0c:6e:e3:44:43:
                    31:9b:58:27:73:3d:76:35:5f:52:dd:dd:b3:65:ad:
                    32:db:f4:f9:b0:92:2b:3e:16:44:c8:d8:e6:48:8a:
                    9a:25:cf:65:47:f3:d9:82:7e:fc:44:54:51:29:d1:
                    f3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:D3:10:D6:57:D5:38:63:DE:CA:7B:28:E9:7F:E9:15:B3:23:34:95
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4e13df9c-7268-4a1c-817d-422e46048e30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:56:c7:f7:6a:4d:2f:50:cc:2b:85:5f:b8:1a:c7:35:5f:4b:
         73:29:21:f0:dc:50:c7:8b:91:a0:a3:4f:ab:25:31:24:df:6a:
         37:ea:91:03:33:70:9d:99:e1:f7:12:f3:42:20:b1:2a:79:7a:
         15:5a:ee:f2:3c:9b:10:65:70:39:c5:f5:76:ae:47:82:eb:b7:
         e9:79:dc:f1:13:01:05:90:d9:02:1e:43:84:fb:9c:3e:bf:68:
         95:2d:91:ac:7b:ec:a4:69:21:16:f6:7b:f5:e2:2e:f8:80:7c:
         76:1d:33:48:76:5a:60:61:ab:7e:57:21:75:5a:ba:a7:94:8d:
         68:80:88:fa:ac:6c:8b:58:9f:9d:33:23:72:18:03:4a:12:cd:
         1f:a0:f7:8d:c4:d9:b3:17:ec:33:89:5c:33:03:f2:fe:cd:56:
         de:ca:8b:75:2f:cc:76:78:79:0a:82:38:e1:d5:8e:4f:8d:a4:
         53:0b:e0:6f:06:0c:ce:cd:fe:74:d1:e7:46:db:19:a5:c3:44:
         95:bc:ef:a1:e0:7c:fd:36:94:cf:46:37:8f:6b:9a:36:17:56:
         07:9e:ab:f9:a2:6b:55:4a:15:8e:04:66:dc:46:51:8e:2d:5e:
         db:18:08:df:f4:cc:51:ec:e1:29:cf:67:b8:3b:89:b4:1e:6d:
         c6:ad:e2:7a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfulqmeWIvpKQLt66/yfSUS+ePs4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjA4MDAwMDAwWhcNMjQwMzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTc2NzVhNWFmYTY3YjgzZmZhOTM5ZTIzYmQzZWRjMmI4
MjlkZWFmY2YwY2VmNWE5MzZmZWFhMTYwZWFjYmRiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKw775x7S/c0E27aHhfgTxBf0Wqh0Iqe1bWDm5pthM22Vy
SXjxIwtCX9m94KimoCp9/n+2UEKwjUfZH8fdHNXqJrSVOHtNsyuJMkQysbpGN+re
DPWvM/da8TCf9nyUEx0Yg0Cc5HEPX82QU6yhoPu0tlmoGcVTNPhl28WlGDgT+CLA
SJTddMig6FXJNQM3KycypmOl8Nj99Ib8ypzSSjgzioFzKt4VOAdLqiT8GtYeF5UN
DEeLV/2k5mfe1qNjaADzIp1ndd/ZNDGMElYMbuNEQzGbWCdzPXY1X1Ld3bNlrTLb
9Pmwkis+FkTI2OZIipolz2VH89mCfvxEVFEp0fNRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTNMQ1lfVOGPeynso6X/pFbMjNJUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRlMTNkZjljLTcyNjgtNGExYy04MTdkLTQyMmU0NjA0OGUzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFxWx/dqTS9QzCuFX7gaxzVfS3Mp
IfDcUMeLkaCjT6slMSTfajfqkQMzcJ2Z4fcS80IgsSp5ehVa7vI8mxBlcDnF9Xau
R4Lrt+l53PETAQWQ2QIeQ4T7nD6/aJUtkax77KRpIRb2e/XiLviAfHYdM0h2WmBh
q35XIXVauqeUjWiAiPqsbItYn50zI3IYA0oSzR+g943E2bMX7DOJXDMD8v7NVt7K
i3UvzHZ4eQqCOOHVjk+NpFML4G8GDM7N/nTR50bbGaXDRJW876HgfP02lM9GN49r
mjYXVgeeq/mia1VKFY4EZtxGUY4tXtsYCN/0zFHs4SnPZ7g7ibQebcat4no=
-----END CERTIFICATE-----