Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4faae10c-3c73-4e3d-8a8e-436ac0415371.roa
File:                     4faae10c-3c73-4e3d-8a8e-436ac0415371.roa (raw, json)
Hash identifier:          GownEhWOKkVdo8NhJGCcWQmqSRVmN8kCI5cXm31yWdU=
Subject key identifier:   3B:D5:D2:9F:3C:35:77:EE:AA:EB:98:24:F9:A1:69:B3:53:68:80:31
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1877F22FF9A7C04B12EE0A0FE96101BC70565790
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4faae10c-3c73-4e3d-8a8e-436ac0415371.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:77:f2:2f:f9:a7:c0:4b:12:ee:0a:0f:e9:61:01:bc:70:56:57:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=8e9f6ca2dccca25c5743a3dd9164ab32d5462c1d37ec73f1a6e6327019fb5937, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:35:8e:e4:d6:d6:62:30:00:be:17:fe:22:a4:
                    cd:95:01:42:51:bb:9a:2c:e3:44:0e:52:3e:a3:b7:
                    e0:5e:64:7f:8e:91:e0:b0:13:d5:ce:3f:2a:51:1d:
                    a4:bb:cb:6c:91:28:b3:5c:7e:c9:84:72:4b:12:81:
                    6a:dd:07:8a:2f:67:91:82:7b:e2:af:8c:dd:81:14:
                    bb:12:a5:3a:1c:59:f6:39:02:73:6d:13:5c:3b:61:
                    48:d5:94:05:6e:a8:22:00:92:d8:db:20:a2:20:e5:
                    be:e1:df:21:68:56:ab:5f:bd:4f:00:48:e5:86:4e:
                    b5:51:6d:13:55:42:e2:33:1c:4a:a2:5b:ae:1e:3f:
                    3b:13:f1:87:bc:4d:e0:f4:a2:18:20:2c:61:84:bc:
                    06:32:02:bf:16:82:85:7f:cb:9b:7d:58:05:12:a5:
                    dd:93:62:5d:7e:21:d3:e2:89:8e:0e:43:63:77:15:
                    8f:a7:b9:d3:b6:cf:73:9f:a7:7f:23:01:97:fe:27:
                    98:ab:7e:10:a9:ac:1c:c8:84:20:7e:4c:0f:b1:3a:
                    61:cc:17:4b:19:84:b4:a5:3c:31:a9:26:ed:d1:b1:
                    b5:af:0f:55:69:69:e6:49:7f:7b:2b:b9:c6:4d:63:
                    2e:26:3d:73:60:49:14:0f:ca:81:03:a7:32:4a:fd:
                    b6:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D5:D2:9F:3C:35:77:EE:AA:EB:98:24:F9:A1:69:B3:53:68:80:31
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4faae10c-3c73-4e3d-8a8e-436ac0415371.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:cd:7e:ae:e8:d6:ab:29:f5:8e:dd:31:7f:15:97:81:9d:40:
         86:b2:82:54:e4:92:79:0b:b4:bb:8b:ec:42:ae:42:1a:a8:4d:
         23:be:1c:1c:36:37:ae:00:e3:b7:0e:7e:cf:3b:a1:e1:19:3b:
         6d:47:a0:84:0c:10:a4:5d:2b:51:98:96:7f:de:60:3d:8f:21:
         f6:4f:94:6e:c1:51:8f:12:2f:4b:6d:37:16:f4:6a:ad:ee:2a:
         1e:6e:c2:e2:1d:16:50:9f:b0:bf:c9:d5:36:16:1d:0d:00:f5:
         5b:82:41:78:ad:3c:29:b8:49:82:ab:66:cc:5d:a9:6f:8d:86:
         1c:b4:81:b1:fe:83:06:46:25:65:09:37:cc:d9:52:98:ea:5a:
         86:29:30:33:d0:8a:84:16:1a:55:aa:6f:1e:c2:7b:7e:6c:86:
         0f:84:c3:1e:ca:ae:ad:6c:d7:a6:82:4c:e8:93:89:f0:55:d5:
         08:d6:c9:07:47:c3:2c:5f:0b:71:c6:70:c0:3d:6d:28:31:1e:
         7a:89:78:57:27:f6:62:78:7a:1a:aa:95:c9:e4:58:a2:fa:56:
         26:a1:76:64:40:16:ac:c1:87:94:a4:1a:86:03:d4:fd:0a:87:
         42:92:cf:61:15:da:c3:f5:9d:fc:09:0f:35:e4:bb:2e:88:43:
         2b:80:30:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGHfyL/mnwEsS7goP6WEBvHBWV5AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTIxMDAwMDAwWhcNMjQwNjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZTlmNmNhMmRjY2NhMjVjNTc0M2EzZGQ5MTY0YWIzMmQ1
NDYyYzFkMzdlYzczZjFhNmU2MzI3MDE5ZmI1OTM3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCNY7k1tZiMAC+F/4ipM2VAUJRu5os40QOUj6jt+BeZH+O
keCwE9XOPypRHaS7y2yRKLNcfsmEcksSgWrdB4ovZ5GCe+KvjN2BFLsSpTocWfY5
AnNtE1w7YUjVlAVuqCIAktjbIKIg5b7h3yFoVqtfvU8ASOWGTrVRbRNVQuIzHEqi
W64ePzsT8Ye8TeD0ohggLGGEvAYyAr8WgoV/y5t9WAUSpd2TYl1+IdPiiY4OQ2N3
FY+nudO2z3Ofp38jAZf+J5irfhCprBzIhCB+TA+xOmHMF0sZhLSlPDGpJu3RsbWv
D1VpaeZJf3srucZNYy4mPXNgSRQPyoEDpzJK/bb5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUO9XSnzw1d+6q65gk+aFps1NogDEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRmYWFlMTBjLTNjNzMtNGUzZC04YThlLTQzNmFjMDQxNTM3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJnNfq7o1qsp9Y7dMX8Vl4GdQIay
glTkknkLtLuL7EKuQhqoTSO+HBw2N64A47cOfs87oeEZO21HoIQMEKRdK1GYln/e
YD2PIfZPlG7BUY8SL0ttNxb0aq3uKh5uwuIdFlCfsL/J1TYWHQ0A9VuCQXitPCm4
SYKrZsxdqW+Nhhy0gbH+gwZGJWUJN8zZUpjqWoYpMDPQioQWGlWqbx7Ce35shg+E
wx7Krq1s16aCTOiTifBV1QjWyQdHwyxfC3HGcMA9bSgxHnqJeFcn9mJ4ehqqlcnk
WKL6ViahdmRAFqzBh5SkGoYD1P0Kh0KSz2EV2sP1nfwJDzXkuy6IQyuAMJc=
-----END CERTIFICATE-----