Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/572cadea-4818-4101-b1e9-caf3b072307e.roa
File:                     572cadea-4818-4101-b1e9-caf3b072307e.roa (raw, json)
Hash identifier:          eXX9jdWCo2AkuQkGNPe71hi3Ik+vacrNHm5Del0FGGY=
Subject key identifier:   D2:2F:89:D4:03:4A:2B:A6:5A:79:FE:59:F7:78:2B:68:8C:77:97:E8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       49665360BB309323A185B49D1E91F34C1C39A28F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/572cadea-4818-4101-b1e9-caf3b072307e.roa
Signing time:             Thu 19 Sep 2024 00:00:00 +0000
ROA not before:           Thu 19 Sep 2024 00:00:00 +0000
ROA not after:            Thu 24 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:66:53:60:bb:30:93:23:a1:85:b4:9d:1e:91:f3:4c:1c:39:a2:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 19 00:00:00 2024 GMT
            Not After : Oct 24 23:59:59 2024 GMT
        Subject: serialNumber=bfa4ef5756e4f081c3c72c6f699418a30949ebe86603882b926a26e9341911ba, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:13:9e:a1:50:99:a6:d6:85:f5:0c:5f:f0:f4:
                    08:37:83:08:80:e4:8d:b9:92:9e:30:a3:4f:71:cf:
                    14:3e:13:c4:f2:76:59:07:9d:06:70:f9:b5:67:78:
                    8d:ad:03:07:8e:d1:27:7c:6b:12:3e:01:a5:83:0a:
                    82:01:76:0d:d9:ca:c1:a9:5b:e7:ee:60:ea:2a:e2:
                    d8:65:c8:5b:15:24:df:14:e3:08:5a:69:08:65:46:
                    c1:0c:bb:9f:a6:11:89:6b:5d:e5:8e:65:c9:94:cf:
                    3d:4f:b7:a5:f2:29:83:9b:73:28:fe:f1:06:9d:cb:
                    f3:ce:1f:23:03:84:69:94:4e:fb:55:de:f1:03:9d:
                    8b:39:b7:2e:41:8e:b5:c0:35:d6:7a:af:dd:b3:e1:
                    fd:97:d6:6a:be:2c:e7:88:87:79:73:a0:23:ab:dc:
                    36:a9:3d:d4:fa:9f:28:90:b4:52:34:05:ef:7b:ed:
                    4a:d3:06:9c:03:2f:fd:a6:b4:0b:7b:4f:c3:1a:da:
                    4c:b0:26:93:9a:69:bf:5d:d6:7b:65:68:b5:e5:48:
                    65:94:c1:ab:da:15:07:f6:93:bb:52:e2:8f:3e:cf:
                    40:95:a1:65:c4:fa:25:78:f8:cb:53:43:3a:18:d8:
                    8c:7f:da:e7:e9:d9:ec:bf:05:a7:7d:1f:fc:0d:91:
                    5f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:2F:89:D4:03:4A:2B:A6:5A:79:FE:59:F7:78:2B:68:8C:77:97:E8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/572cadea-4818-4101-b1e9-caf3b072307e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:14:61:bb:d0:6f:2f:5b:74:33:d4:c7:ee:be:cb:60:aa:94:
         de:a4:2c:02:58:92:26:38:f0:07:61:ff:7d:24:9f:54:3b:85:
         69:d4:8a:a0:3b:2f:53:f3:e4:d8:2c:17:5b:41:5f:97:8e:b6:
         40:09:f3:89:c1:f5:cc:10:43:15:ad:68:d9:d3:cf:9b:4f:5e:
         5f:75:38:91:82:11:97:eb:62:f1:0d:e1:ce:8e:57:d0:c4:aa:
         49:f3:d3:13:d9:4b:2a:25:21:f2:c8:db:d5:06:f3:ce:39:54:
         8d:76:7c:e1:44:a5:6b:7d:3b:01:87:9c:cb:92:c4:7a:c7:f4:
         de:3d:de:60:3c:4b:55:46:cb:3d:a7:e4:d6:c3:d9:15:5f:dd:
         78:df:c5:cf:bd:07:64:b8:a2:55:02:fd:58:50:b5:eb:b6:c6:
         c0:a9:9d:b6:cf:2e:0d:41:93:fd:d5:cd:47:9e:7a:4c:08:f6:
         b6:23:cc:b8:75:26:99:35:9f:e4:74:c8:c2:02:cb:d6:a0:71:
         e3:0c:d9:07:cf:1b:44:d8:f6:0f:8e:92:9d:10:8b:86:93:f5:
         f1:eb:66:13:af:54:9e:ba:d9:dd:08:3b:64:db:c1:f4:65:6a:
         22:7f:ec:5d:6a:f0:90:3b:fd:91:0b:0a:47:6b:62:76:3d:10:
         af:bc:ab:d5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSWZTYLswkyOhhbSdHpHzTBw5oo8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwOTE5MDAwMDAwWhcNMjQxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmE0ZWY1NzU2ZTRmMDgxYzNjNzJjNmY2OTk0MThhMzA5
NDllYmU4NjYwMzg4MmI5MjZhMjZlOTM0MTkxMWJhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHE56hUJmm1oX1DF/w9Ag3gwiA5I25kp4wo09xzxQ+E8Ty
dlkHnQZw+bVneI2tAweO0Sd8axI+AaWDCoIBdg3ZysGpW+fuYOoq4thlyFsVJN8U
4whaaQhlRsEMu5+mEYlrXeWOZcmUzz1Pt6XyKYObcyj+8Qady/POHyMDhGmUTvtV
3vEDnYs5ty5BjrXANdZ6r92z4f2X1mq+LOeIh3lzoCOr3DapPdT6nyiQtFI0Be97
7UrTBpwDL/2mtAt7T8Ma2kywJpOaab9d1ntlaLXlSGWUwavaFQf2k7tS4o8+z0CV
oWXE+iV4+MtTQzoY2Ix/2ufp2ey/Bad9H/wNkV+/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0i+J1ANKK6Zaef5Z93graIx3l+gwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU3MmNhZGVhLTQ4MTgtNDEwMS1iMWU5LWNhZjNiMDcyMzA3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACsUYbvQby9bdDPUx+6+y2CqlN6k
LAJYkiY48Adh/30kn1Q7hWnUiqA7L1Pz5NgsF1tBX5eOtkAJ84nB9cwQQxWtaNnT
z5tPXl91OJGCEZfrYvEN4c6OV9DEqknz0xPZSyolIfLI29UG8845VI12fOFEpWt9
OwGHnMuSxHrH9N493mA8S1VGyz2n5NbD2RVf3Xjfxc+9B2S4olUC/VhQteu2xsCp
nbbPLg1Bk/3VzUeeekwI9rYjzLh1Jpk1n+R0yMICy9agceMM2QfPG0TY9g+Okp0Q
i4aT9fHrZhOvVJ662d0IO2TbwfRlaiJ/7F1q8JA7/ZELCkdrYnY9EK+8q9U=
-----END CERTIFICATE-----