Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f37fab5-5c09-4d48-8b85-bc924593e258.roa
File:                     5f37fab5-5c09-4d48-8b85-bc924593e258.roa (raw, json)
Hash identifier:          AkUIcJkOQokE7WWhLp1DrXjyMtq53xMzz5cnIfC1Gts=
Subject key identifier:   A7:A2:16:C9:55:C5:B8:24:15:0D:A2:19:DD:1A:59:2D:8D:0F:39:A6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1707F0EC138B9521D16028C42C04C7876494B4DA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f37fab5-5c09-4d48-8b85-bc924593e258.roa
Signing time:             Sun 25 Feb 2024 00:00:00 +0000
ROA not before:           Sun 25 Feb 2024 00:00:00 +0000
ROA not after:            Sun 31 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:07:f0:ec:13:8b:95:21:d1:60:28:c4:2c:04:c7:87:64:94:b4:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 25 00:00:00 2024 GMT
            Not After : Mar 31 23:59:59 2024 GMT
        Subject: serialNumber=19db0188b56a80804a3da034ba47bfed17d9e1e72db5ac36812520c021e50a37, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:17:4a:3c:89:00:a0:60:2f:c9:46:8d:a8:29:
                    00:80:da:04:5e:04:ee:8b:4d:5b:7a:5a:e2:40:51:
                    7e:0f:a0:f5:6d:b0:75:2c:bd:b3:4d:57:9d:06:11:
                    37:d5:ac:5e:14:3a:bd:02:7f:6a:e7:29:86:15:4e:
                    24:b8:05:b3:2a:06:05:3d:b7:8d:a0:6d:c5:27:4b:
                    d0:c4:5c:86:b6:7d:66:87:c9:5e:43:2b:22:16:21:
                    30:e3:ee:c1:6e:e9:34:0f:b3:6f:7f:67:fd:e8:27:
                    f9:e8:b1:05:40:c1:31:75:28:54:22:58:10:8b:ba:
                    7f:fd:a9:2f:7f:47:99:b5:7c:49:1b:12:11:70:a9:
                    8f:78:eb:82:3c:47:21:de:6a:d3:36:03:7f:95:65:
                    f2:78:a7:ac:53:43:d4:99:0b:a3:bf:07:62:fb:42:
                    47:43:78:e5:de:c7:24:75:5a:02:ce:90:da:24:2c:
                    3f:a8:cb:b5:42:12:f0:52:42:26:ec:57:b7:77:56:
                    03:09:36:2f:13:e2:65:f4:eb:ef:49:29:a8:4f:56:
                    e7:6d:5e:ff:18:f5:fb:71:bb:3c:42:06:b3:2f:b2:
                    62:0f:da:0f:9e:9d:7b:3c:10:f3:cf:70:63:56:1c:
                    63:70:01:ec:f3:bc:40:93:61:3a:6d:61:8d:cb:2c:
                    4d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:A2:16:C9:55:C5:B8:24:15:0D:A2:19:DD:1A:59:2D:8D:0F:39:A6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f37fab5-5c09-4d48-8b85-bc924593e258.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:23:e5:1a:59:8f:b7:3e:d1:70:30:c6:a6:d1:37:e1:e7:de:
         d9:63:13:cc:f7:47:8a:b1:32:30:ae:35:ed:ee:9f:81:20:89:
         a4:07:61:e5:cf:d6:6b:75:4c:ee:c9:e7:93:2c:e2:4e:25:e3:
         4c:29:15:ef:1f:b0:4b:e7:a9:2d:24:0c:da:57:97:95:ea:5e:
         a4:fc:87:d7:3c:a1:f1:a2:d2:45:0d:cc:51:8c:c5:cc:af:28:
         b5:ae:9c:98:c7:38:eb:8b:4b:d3:f1:86:53:f0:59:0f:21:e4:
         96:a1:75:9a:12:bb:fe:0b:11:4f:1d:d4:e4:11:35:63:4e:75:
         77:8e:85:3b:24:ac:dd:ee:b2:d1:2b:bd:87:19:32:7d:e7:b3:
         cb:74:b8:a7:70:7d:ab:b3:53:47:45:af:ac:0b:98:a9:db:3a:
         37:64:f2:e6:c3:f3:c4:e2:fa:ce:fd:55:52:2f:0f:0b:89:8c:
         5a:de:fe:6e:3f:21:01:b4:d0:9d:1f:4f:67:a8:c7:cf:00:0c:
         b5:25:c6:ed:4b:fc:d9:da:d9:0f:4a:db:84:1a:97:71:ef:f2:
         a2:6b:27:7c:b6:46:e5:f2:d6:d0:01:12:a4:b6:eb:b4:44:c8:
         95:bd:04:db:a3:de:ca:b6:58:fc:7b:33:99:ae:30:be:0f:03:
         28:10:68:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFwfw7BOLlSHRYCjELATHh2SUtNowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjI1MDAwMDAwWhcNMjQwMzMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOWRiMDE4OGI1NmE4MDgwNGEzZGEwMzRiYTQ3YmZlZDE3
ZDllMWU3MmRiNWFjMzY4MTI1MjBjMDIxZTUwYTM3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0F0o8iQCgYC/JRo2oKQCA2gReBO6LTVt6WuJAUX4PoPVt
sHUsvbNNV50GETfVrF4UOr0Cf2rnKYYVTiS4BbMqBgU9t42gbcUnS9DEXIa2fWaH
yV5DKyIWITDj7sFu6TQPs29/Z/3oJ/nosQVAwTF1KFQiWBCLun/9qS9/R5m1fEkb
EhFwqY9464I8RyHeatM2A3+VZfJ4p6xTQ9SZC6O/B2L7QkdDeOXexyR1WgLOkNok
LD+oy7VCEvBSQibsV7d3VgMJNi8T4mX06+9JKahPVudtXv8Y9ftxuzxCBrMvsmIP
2g+enXs8EPPPcGNWHGNwAezzvECTYTptYY3LLE2PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUp6IWyVXFuCQVDaIZ3RpZLY0POaYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVmMzdmYWI1LTVjMDktNGQ0OC04Yjg1LWJjOTI0NTkzZTI1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADUj5RpZj7c+0XAwxqbRN+Hn3tlj
E8z3R4qxMjCuNe3un4EgiaQHYeXP1mt1TO7J55Ms4k4l40wpFe8fsEvnqS0kDNpX
l5XqXqT8h9c8ofGi0kUNzFGMxcyvKLWunJjHOOuLS9PxhlPwWQ8h5JahdZoSu/4L
EU8d1OQRNWNOdXeOhTskrN3ustErvYcZMn3ns8t0uKdwfauzU0dFr6wLmKnbOjdk
8ubD88Ti+s79VVIvDwuJjFre/m4/IQG00J0fT2eox88ADLUlxu1L/Nna2Q9K24Qa
l3Hv8qJrJ3y2RuXy1tABEqS267REyJW9BNuj3sq2WPx7M5muML4PAygQaO8=
-----END CERTIFICATE-----