Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/568e0eb8-bbdb-4a4e-9a02-8eb4fc04666f.roa
File:                     568e0eb8-bbdb-4a4e-9a02-8eb4fc04666f.roa (raw, json)
Hash identifier:          OHC0jSJm/imttFmz4Qjb/YeR3CO+vPJAMTe3+hCmIz0=
Subject key identifier:   78:7E:0D:2C:08:26:21:6A:05:D7:F1:2E:32:5E:94:C7:E4:58:AB:16
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4FC68D19E60964E66CAAD7652FB634A4D5B67728
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/568e0eb8-bbdb-4a4e-9a02-8eb4fc04666f.roa
Signing time:             Wed 22 May 2024 00:00:00 +0000
ROA not before:           Wed 22 May 2024 00:00:00 +0000
ROA not after:            Wed 26 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:c6:8d:19:e6:09:64:e6:6c:aa:d7:65:2f:b6:34:a4:d5:b6:77:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 22 00:00:00 2024 GMT
            Not After : Jun 26 23:59:59 2024 GMT
        Subject: serialNumber=d9bc32733650804ca8037b78f14e7e1ffbd941786b7c3e164e65d59b97cc7536, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b0:e7:2e:9d:c9:cf:d6:bb:aa:6f:66:aa:af:
                    71:f5:94:78:47:cf:c2:56:27:c6:26:87:6f:2e:fb:
                    8f:36:39:f4:ab:3e:77:f5:19:3d:df:91:3a:93:b0:
                    a4:e0:03:24:2d:ff:3a:78:4b:88:51:76:75:23:3b:
                    f6:ff:0e:17:13:44:9b:d9:95:39:bc:18:ce:54:60:
                    75:f7:41:79:b9:c6:a4:21:4f:c6:77:ed:81:d6:43:
                    5e:5f:fe:60:e3:48:51:a3:86:87:4f:a2:3c:6f:b2:
                    fe:ad:c6:a0:f0:3d:84:31:5e:4e:ca:4b:e7:92:6b:
                    52:0a:5b:61:10:43:5e:1d:13:af:9c:d1:34:59:84:
                    4e:9a:2d:b4:c5:7c:44:88:58:d9:ee:50:c6:dd:6d:
                    11:bb:44:ad:d0:4c:9f:74:fa:ab:9f:84:98:49:fc:
                    6e:f0:81:4e:0b:e5:b8:c5:7e:03:c3:dd:df:a3:87:
                    ec:33:c6:26:57:05:63:22:3f:16:75:81:5b:a8:8d:
                    65:d1:e3:2e:a1:90:19:40:c0:5f:05:34:af:13:83:
                    f8:75:47:fc:75:b6:5d:47:1f:7c:20:3a:14:70:12:
                    03:5c:12:be:1b:70:f1:33:34:85:e4:73:f4:df:0c:
                    3f:30:e9:f4:c6:b0:20:b4:95:40:a3:31:aa:b6:a4:
                    41:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:7E:0D:2C:08:26:21:6A:05:D7:F1:2E:32:5E:94:C7:E4:58:AB:16
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/568e0eb8-bbdb-4a4e-9a02-8eb4fc04666f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:a8:d2:bd:36:3e:de:67:82:74:26:c3:0a:d9:dc:11:cb:9f:
         44:91:3a:d6:b2:7d:bc:38:36:9b:3d:e5:84:24:94:14:30:03:
         39:ff:23:dd:8a:c2:84:9f:32:84:8f:1c:f2:59:97:04:0a:41:
         b5:97:08:f4:da:04:b6:4c:2e:c2:a6:45:10:ae:31:51:12:7c:
         b9:c7:9b:9f:42:56:14:fa:08:25:a7:cb:e9:b0:9d:fc:c6:5a:
         f1:fe:c2:44:f3:8e:df:45:ed:52:14:d5:89:d3:c6:73:63:28:
         e2:60:31:aa:23:2f:10:2c:b4:ea:dc:8c:ef:93:32:91:01:51:
         43:ce:bf:79:a8:ca:f6:d5:7e:82:38:a1:93:47:d8:a1:38:af:
         bb:35:66:7f:2c:f8:b8:0e:7c:eb:22:7c:74:4b:b7:9b:b5:49:
         54:79:7e:13:95:1a:1b:1d:94:00:99:8f:62:5e:dc:20:dc:b0:
         2d:e2:87:95:29:76:c4:24:f1:42:e2:0f:78:1c:f5:e9:39:90:
         74:3c:d7:43:e4:81:58:aa:23:17:84:76:4c:66:e3:f4:6a:4d:
         ab:8c:52:4a:5a:09:c0:ee:a3:40:26:b1:65:5d:5b:8d:9d:23:
         f6:f2:7d:e6:7d:00:80:76:5a:12:03:3c:9c:25:a5:30:43:10:
         4f:7f:00:76
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT8aNGeYJZOZsqtdlL7Y0pNW2dygwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTIyMDAwMDAwWhcNMjQwNjI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOWJjMzI3MzM2NTA4MDRjYTgwMzdiNzhmMTRlN2UxZmZi
ZDk0MTc4NmI3YzNlMTY0ZTY1ZDU5Yjk3Y2M3NTM2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1sOcuncnP1ruqb2aqr3H1lHhHz8JWJ8Ymh28u+482OfSr
Pnf1GT3fkTqTsKTgAyQt/zp4S4hRdnUjO/b/DhcTRJvZlTm8GM5UYHX3QXm5xqQh
T8Z37YHWQ15f/mDjSFGjhodPojxvsv6txqDwPYQxXk7KS+eSa1IKW2EQQ14dE6+c
0TRZhE6aLbTFfESIWNnuUMbdbRG7RK3QTJ90+qufhJhJ/G7wgU4L5bjFfgPD3d+j
h+wzxiZXBWMiPxZ1gVuojWXR4y6hkBlAwF8FNK8Tg/h1R/x1tl1HH3wgOhRwEgNc
Er4bcPEzNIXkc/TfDD8w6fTGsCC0lUCjMaq2pEHLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeH4NLAgmIWoF1/EuMl6Ux+RYqxYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU2OGUwZWI4LWJiZGItNGE0ZS05YTAyLThlYjRmYzA0NjY2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJio0r02Pt5ngnQmwwrZ3BHLn0SR
Otayfbw4Nps95YQklBQwAzn/I92KwoSfMoSPHPJZlwQKQbWXCPTaBLZMLsKmRRCu
MVESfLnHm59CVhT6CCWny+mwnfzGWvH+wkTzjt9F7VIU1YnTxnNjKOJgMaojLxAs
tOrcjO+TMpEBUUPOv3moyvbVfoI4oZNH2KE4r7s1Zn8s+LgOfOsifHRLt5u1SVR5
fhOVGhsdlACZj2Je3CDcsC3ih5UpdsQk8ULiD3gc9ek5kHQ810PkgViqIxeEdkxm
4/RqTauMUkpaCcDuo0AmsWVdW42dI/byfeZ9AIB2WhIDPJwlpTBDEE9/AHY=
-----END CERTIFICATE-----