Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54a232ff-db38-414a-a41c-fc85ac26c601.roa
File:                     54a232ff-db38-414a-a41c-fc85ac26c601.roa (raw, json)
Hash identifier:          q/W/RpnGOjZkKJtlgzYvZd2IIVmiMkwSipPe9DZ99qs=
Subject key identifier:   68:E9:E4:79:73:EC:41:53:99:7E:EC:CD:B4:49:A6:85:8B:50:94:9E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       17B1225D79F5C126362712C4826EDFBF481DE4CD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54a232ff-db38-414a-a41c-fc85ac26c601.roa
Signing time:             Wed 14 Feb 2024 00:00:00 +0000
ROA not before:           Wed 14 Feb 2024 00:00:00 +0000
ROA not after:            Wed 20 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:b1:22:5d:79:f5:c1:26:36:27:12:c4:82:6e:df:bf:48:1d:e4:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 14 00:00:00 2024 GMT
            Not After : Mar 20 23:59:59 2024 GMT
        Subject: serialNumber=a8ac6dbb39a319e5dc382e96eef5eb35ef60704f904df00ab3a15f3e0837735b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:78:ff:53:34:1b:c4:5f:c2:da:83:42:5a:a7:
                    37:2d:b4:a7:c3:9c:2c:3a:e2:7c:1c:92:88:35:ba:
                    13:6b:ce:3f:c3:c6:e0:aa:d0:bd:4a:ac:e1:9f:e2:
                    c2:bc:95:c1:8d:db:e1:58:1f:ad:59:10:98:c2:51:
                    6c:bf:5a:c3:66:c9:0d:2b:eb:d5:d9:c0:9e:33:87:
                    1c:e7:e0:a9:42:ba:fa:7b:a4:f7:ea:35:14:09:10:
                    1b:15:96:80:6c:5f:59:0d:bf:e6:74:bb:e1:47:bc:
                    f2:72:83:eb:7d:6b:fe:29:97:0c:92:f9:78:c7:d9:
                    4d:f7:26:cb:bd:72:bc:e1:1d:64:e4:c2:64:d6:7e:
                    0a:ba:cc:89:32:00:04:f3:51:31:bb:95:8c:99:fa:
                    63:28:6e:07:2a:39:35:db:97:c5:98:47:1c:11:aa:
                    b8:e4:62:a3:46:3a:ef:20:30:91:71:c4:50:7d:a6:
                    d7:30:34:4e:73:4a:fe:67:e0:73:6a:87:ae:b8:18:
                    fa:68:07:69:d2:93:9a:bb:65:ce:65:3d:0c:b5:ec:
                    d7:f9:d7:c0:92:93:bf:d3:f7:91:18:0c:7b:b0:0f:
                    ed:bf:e7:d0:d5:c6:0b:cb:91:2c:bc:49:a1:86:0d:
                    8d:81:87:ac:28:05:bd:73:4a:e8:81:87:da:ca:12:
                    e5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E9:E4:79:73:EC:41:53:99:7E:EC:CD:B4:49:A6:85:8B:50:94:9E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54a232ff-db38-414a-a41c-fc85ac26c601.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:6b:87:cf:35:9a:f7:c0:03:9b:ad:08:04:8b:d4:56:14:a6:
         c5:c8:0f:70:ab:4a:ec:ff:66:71:b3:7a:28:2d:df:57:f6:80:
         a9:65:d7:4f:f9:94:ce:80:bb:89:67:4c:c9:bd:bb:a4:12:66:
         f3:98:bf:f0:36:f7:97:b4:44:b3:20:d9:42:88:d2:4c:de:da:
         d0:f9:c7:bc:bc:99:e9:ee:59:87:d3:2a:b1:b2:17:f9:d5:8c:
         a8:66:c7:9d:c6:d5:78:0a:53:8d:6d:54:e7:81:1c:9b:fc:1e:
         d1:3f:f4:38:5a:07:37:1b:a2:b9:7c:ee:35:1f:8f:7b:e1:f6:
         57:93:58:62:97:0f:d2:a8:b9:88:ee:92:3e:6f:64:6b:2f:8e:
         af:9f:ed:19:06:c3:82:d5:69:27:fe:e1:ac:8d:7e:c8:8e:51:
         bd:a7:0d:83:85:5e:67:ab:c2:4a:d7:e0:49:63:69:e3:17:4e:
         35:88:fa:b2:9e:58:cd:fe:44:e8:f2:00:46:01:7a:cd:cb:ae:
         e7:94:ff:27:0f:f2:8a:ae:1d:b4:cb:3f:64:4d:9e:45:4d:0b:
         4f:14:ff:1e:c7:d7:22:4a:e8:42:c4:27:20:47:7c:a2:25:68:
         00:e4:2a:ed:6d:27:d3:d2:de:a7:e1:52:47:59:11:92:5f:c9:
         f1:4d:7d:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF7EiXXn1wSY2JxLEgm7fv0gd5M0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjE0MDAwMDAwWhcNMjQwMzIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOGFjNmRiYjM5YTMxOWU1ZGMzODJlOTZlZWY1ZWIzNWVm
NjA3MDRmOTA0ZGYwMGFiM2ExNWYzZTA4Mzc3MzViMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCReP9TNBvEX8Lag0JapzcttKfDnCw64nwckog1uhNrzj/D
xuCq0L1KrOGf4sK8lcGN2+FYH61ZEJjCUWy/WsNmyQ0r69XZwJ4zhxzn4KlCuvp7
pPfqNRQJEBsVloBsX1kNv+Z0u+FHvPJyg+t9a/4plwyS+XjH2U33Jsu9crzhHWTk
wmTWfgq6zIkyAATzUTG7lYyZ+mMobgcqOTXbl8WYRxwRqrjkYqNGOu8gMJFxxFB9
ptcwNE5zSv5n4HNqh664GPpoB2nSk5q7Zc5lPQy17Nf518CSk7/T95EYDHuwD+2/
59DVxgvLkSy8SaGGDY2Bh6woBb1zSuiBh9rKEuWVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaOnkeXPsQVOZfuzNtEmmhYtQlJ4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU0YTIzMmZmLWRiMzgtNDE0YS1hNDFjLWZjODVhYzI2YzYwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJZrh881mvfAA5utCASL1FYUpsXI
D3CrSuz/ZnGzeigt31f2gKll10/5lM6Au4lnTMm9u6QSZvOYv/A295e0RLMg2UKI
0kze2tD5x7y8menuWYfTKrGyF/nVjKhmx53G1XgKU41tVOeBHJv8HtE/9DhaBzcb
orl87jUfj3vh9leTWGKXD9KouYjukj5vZGsvjq+f7RkGw4LVaSf+4ayNfsiOUb2n
DYOFXmerwkrX4EljaeMXTjWI+rKeWM3+ROjyAEYBes3LrueU/ycP8oquHbTLP2RN
nkVNC08U/x7H1yJK6ELEJyBHfKIlaADkKu1tJ9PS3qfhUkdZEZJfyfFNfT0=
-----END CERTIFICATE-----