Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53993323-1584-4fc9-891c-d7e67505caf1.roa
File:                     53993323-1584-4fc9-891c-d7e67505caf1.roa (raw, json)
Hash identifier:          N6JJOdM2PpMXk42AfZ6L3HMaTDIfWByuqWbMNV+3/yA=
Subject key identifier:   6A:5D:60:DB:38:D5:74:D7:6F:47:FA:FE:9A:B1:BD:9E:3D:03:05:0A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       22B469113049D259DA1DEFA5F68D1F42028A9D8A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53993323-1584-4fc9-891c-d7e67505caf1.roa
Signing time:             Wed 20 Mar 2024 00:00:00 +0000
ROA not before:           Wed 20 Mar 2024 00:00:00 +0000
ROA not after:            Wed 24 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:b4:69:11:30:49:d2:59:da:1d:ef:a5:f6:8d:1f:42:02:8a:9d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 20 00:00:00 2024 GMT
            Not After : Apr 24 23:59:59 2024 GMT
        Subject: serialNumber=7eaf4708356ad7bbe8019c1fafd95f710a4a019713c3c73d5b1be69241b46ca7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:67:65:a2:0b:32:a2:6a:5f:18:19:b5:2c:49:
                    72:af:25:9a:ac:2b:d9:4e:13:5d:b1:75:e5:b8:ac:
                    a2:a1:7c:ec:47:8c:32:2e:d3:bf:c0:ac:11:a7:9e:
                    4b:bc:14:91:44:95:34:bf:25:96:24:83:e6:5d:1d:
                    98:9b:2a:1d:cc:0c:78:19:bf:cf:44:45:2c:63:84:
                    43:07:00:30:9f:ab:18:aa:8a:0a:7c:fd:76:e7:2a:
                    8d:a8:0e:04:ea:19:47:5b:33:73:f3:2f:a1:4b:db:
                    25:41:d4:36:01:f2:1f:63:eb:0a:ee:17:45:57:4e:
                    fc:4e:49:e5:4b:16:17:ea:2b:d8:9c:7e:60:5a:bb:
                    f8:f0:97:73:4d:e2:a2:81:c2:88:75:a5:86:b0:19:
                    ce:2c:e5:66:ed:18:c4:d3:0a:0a:07:d8:41:8a:57:
                    89:8a:24:cb:8b:d7:ae:45:c7:a8:51:aa:e7:10:d4:
                    13:59:30:85:ce:8e:a2:99:f0:ee:ce:38:ef:40:ae:
                    f8:46:d7:69:ce:f5:91:ff:95:dd:40:59:03:50:41:
                    f3:0d:53:45:97:da:34:2b:51:3c:2a:17:5f:69:b8:
                    db:9d:be:28:59:f3:6c:77:5d:f4:e4:4e:6b:36:2b:
                    18:6e:d7:c0:81:dd:cf:ff:28:d0:e1:10:59:bd:e0:
                    6d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:5D:60:DB:38:D5:74:D7:6F:47:FA:FE:9A:B1:BD:9E:3D:03:05:0A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53993323-1584-4fc9-891c-d7e67505caf1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:95:d1:28:2d:23:01:44:1a:88:e9:05:d7:8d:88:b0:68:24:
         18:da:7c:63:08:ab:9b:50:f6:cb:e9:8b:94:05:be:0f:d3:b3:
         62:68:7b:ac:61:54:75:5e:2d:5c:84:79:2e:ab:a7:95:2e:81:
         99:ee:d0:a2:88:80:38:9b:a3:de:f5:bc:93:bc:be:e5:86:2b:
         7c:05:d9:56:2d:e9:74:59:17:db:fb:67:fa:55:99:eb:f9:4d:
         07:15:36:53:2d:9b:14:98:6e:0c:c0:37:78:30:76:d2:33:e7:
         b5:72:8f:ee:22:6c:e7:51:42:4a:06:e1:09:45:9e:ce:e0:9c:
         b6:6d:c5:92:d1:cb:f9:6c:bb:a0:f0:51:39:1d:df:d7:35:fb:
         1d:c6:dd:2a:dc:e1:d7:77:55:6f:02:d7:ab:ea:24:12:11:91:
         f5:01:dd:e2:ae:cd:cc:7e:30:20:9a:6c:3b:73:1f:fa:fd:a4:
         73:82:a9:ad:f1:b9:4d:e0:0b:0c:95:69:af:79:1c:91:53:0d:
         19:b8:c1:d5:21:6e:11:be:78:19:02:86:a3:89:ba:b3:ed:02:
         b4:e8:d6:54:8c:d5:86:5e:94:b8:dc:8c:e9:6b:90:bc:5b:62:
         65:91:df:d3:28:bf:d0:12:ac:c5:4c:c3:d4:d4:47:b8:68:9d:
         26:2e:63:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIrRpETBJ0lnaHe+l9o0fQgKKnYowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzIwMDAwMDAwWhcNMjQwNDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZWFmNDcwODM1NmFkN2JiZTgwMTljMWZhZmQ5NWY3MTBh
NGEwMTk3MTNjM2M3M2Q1YjFiZTY5MjQxYjQ2Y2E3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8Z2WiCzKial8YGbUsSXKvJZqsK9lOE12xdeW4rKKhfOxH
jDIu07/ArBGnnku8FJFElTS/JZYkg+ZdHZibKh3MDHgZv89ERSxjhEMHADCfqxiq
igp8/XbnKo2oDgTqGUdbM3PzL6FL2yVB1DYB8h9j6wruF0VXTvxOSeVLFhfqK9ic
fmBau/jwl3NN4qKBwoh1pYawGc4s5WbtGMTTCgoH2EGKV4mKJMuL165Fx6hRqucQ
1BNZMIXOjqKZ8O7OOO9ArvhG12nO9ZH/ld1AWQNQQfMNU0WX2jQrUTwqF19puNud
vihZ82x3XfTkTms2Kxhu18CB3c//KNDhEFm94G2BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUal1g2zjVdNdvR/r+mrG9nj0DBQowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUzOTkzMzIzLTE1ODQtNGZjOS04OTFjLWQ3ZTY3NTA1Y2FmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGKV0SgtIwFEGojpBdeNiLBoJBja
fGMIq5tQ9svpi5QFvg/Ts2Joe6xhVHVeLVyEeS6rp5UugZnu0KKIgDibo971vJO8
vuWGK3wF2VYt6XRZF9v7Z/pVmev5TQcVNlMtmxSYbgzAN3gwdtIz57Vyj+4ibOdR
QkoG4QlFns7gnLZtxZLRy/lsu6DwUTkd39c1+x3G3Src4dd3VW8C16vqJBIRkfUB
3eKuzcx+MCCabDtzH/r9pHOCqa3xuU3gCwyVaa95HJFTDRm4wdUhbhG+eBkChqOJ
urPtArTo1lSM1YZelLjcjOlrkLxbYmWR39Mov9ASrMVMw9TUR7honSYuYws=
-----END CERTIFICATE-----