Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60055d02-8f13-4736-99c3-cb129bf24e8d.roa
File:                     60055d02-8f13-4736-99c3-cb129bf24e8d.roa (raw, json)
Hash identifier:          G8LMjhnt2fdASkG6Q8Usk7s2hQaFEyLGxemKADxxf9A=
Subject key identifier:   22:08:B4:2B:4B:4B:A9:47:7B:0E:E7:66:50:67:47:4A:59:03:95:6D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2EEACF85A5C19A0B133F0DD5D8C24D599D523D28
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60055d02-8f13-4736-99c3-cb129bf24e8d.roa
Signing time:             Mon 05 Aug 2024 00:00:00 +0000
ROA not before:           Mon 05 Aug 2024 00:00:00 +0000
ROA not after:            Mon 09 Sep 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ea:cf:85:a5:c1:9a:0b:13:3f:0d:d5:d8:c2:4d:59:9d:52:3d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  5 00:00:00 2024 GMT
            Not After : Sep  9 23:59:59 2024 GMT
        Subject: serialNumber=49a9a922a712b50ab709e5d11e6e37d4f51e7c9d39bbce508e998c237071dfc2, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b9:e1:e8:c7:74:e8:f3:e9:94:61:8e:ce:10:
                    e8:90:33:38:3b:48:7c:8c:6c:75:f1:fe:c3:15:a0:
                    9c:4f:6e:89:be:52:97:43:3a:12:a2:ae:40:d8:7e:
                    4b:e6:2e:49:b0:4b:07:ac:85:30:8c:9d:74:aa:8f:
                    b0:cc:b4:73:e1:ed:1d:75:fd:31:87:ab:29:46:5d:
                    3f:a5:23:fe:a3:15:74:ef:ec:36:c8:ec:8e:59:fa:
                    cf:09:f6:83:cc:6d:e3:45:e1:b1:af:53:b1:98:c0:
                    d3:a9:73:f7:1d:fe:34:bf:ba:97:e2:f6:0b:fc:5b:
                    b0:ba:34:97:75:36:5e:b3:a4:7b:b7:61:57:59:9d:
                    83:a5:78:15:00:a8:79:d7:af:21:05:de:10:64:72:
                    d7:a0:ab:04:ae:ee:16:91:34:47:9f:06:c6:a9:23:
                    21:6d:ab:4c:9c:67:ae:b7:64:24:d9:d4:c8:78:2c:
                    f9:e1:2a:cf:46:23:8f:4e:a1:b8:2f:1a:2d:46:bb:
                    e0:e8:5c:4a:49:0f:4d:be:f0:21:4a:77:90:83:cd:
                    3c:d4:38:22:d4:2e:a6:64:ea:e0:d1:ae:7b:33:f5:
                    75:b7:b5:5f:33:d0:3b:05:19:97:e7:85:19:bf:ec:
                    81:a2:9a:f3:e9:a6:92:7a:50:49:7a:bf:6f:c7:8a:
                    bd:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:08:B4:2B:4B:4B:A9:47:7B:0E:E7:66:50:67:47:4A:59:03:95:6D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60055d02-8f13-4736-99c3-cb129bf24e8d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:fa:95:05:63:d0:8e:35:32:d2:b0:0d:ea:22:83:46:c3:12:
         95:4c:3b:53:a9:2e:5a:fa:ab:bd:54:82:1d:ef:ca:88:22:d6:
         4b:12:05:0d:41:53:89:8d:bd:21:af:6c:97:76:3e:ab:8b:68:
         83:ca:af:60:c6:1f:86:2d:54:a2:45:03:a5:0c:4c:5c:e4:28:
         e8:e1:db:9d:ed:33:94:f4:23:c2:45:fc:cd:d4:41:b7:45:9f:
         ea:8f:dc:50:5b:4c:a0:f6:f1:3c:3f:e9:dd:0a:16:ca:b0:fd:
         d1:b1:cc:47:98:d4:d0:d8:8e:3b:83:36:8c:df:31:dc:ce:e7:
         cc:7a:d1:1b:04:53:ea:ba:b7:fc:81:57:36:6e:9a:c5:63:ec:
         68:47:f1:72:3e:4a:c4:34:2c:47:41:67:88:fe:9e:6a:77:ef:
         56:de:b4:42:c3:1f:dc:fa:9a:77:35:c0:6f:17:c1:27:0e:f5:
         97:1f:8a:ad:43:52:c6:27:a8:75:2e:29:ee:39:4b:39:18:5e:
         d4:f3:5e:9e:59:49:fc:f8:3b:b7:ad:55:ed:42:e5:72:2f:c1:
         05:fc:e2:71:33:98:a6:d7:cb:c9:6a:5b:4a:b3:9b:e8:12:d3:
         3a:c4:26:cb:26:2e:3f:e9:4c:2a:f2:25:14:d6:44:2c:11:79:
         2a:77:c4:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULurPhaXBmgsTPw3V2MJNWZ1SPSgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODA1MDAwMDAwWhcNMjQwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OWE5YTkyMmE3MTJiNTBhYjcwOWU1ZDExZTZlMzdkNGY1
MWU3YzlkMzliYmNlNTA4ZTk5OGMyMzcwNzFkZmMyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnueHox3To8+mUYY7OEOiQMzg7SHyMbHXx/sMVoJxPbom+
UpdDOhKirkDYfkvmLkmwSweshTCMnXSqj7DMtHPh7R11/TGHqylGXT+lI/6jFXTv
7DbI7I5Z+s8J9oPMbeNF4bGvU7GYwNOpc/cd/jS/upfi9gv8W7C6NJd1Nl6zpHu3
YVdZnYOleBUAqHnXryEF3hBkctegqwSu7haRNEefBsapIyFtq0ycZ663ZCTZ1Mh4
LPnhKs9GI49OobgvGi1Gu+DoXEpJD02+8CFKd5CDzTzUOCLULqZk6uDRrnsz9XW3
tV8z0DsFGZfnhRm/7IGimvPpppJ6UEl6v2/Hir3RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIgi0K0tLqUd7DudmUGdHSlkDlW0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYwMDU1ZDAyLThmMTMtNDczNi05OWMzLWNiMTI5YmYyNGU4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACP6lQVj0I41MtKwDeoig0bDEpVM
O1OpLlr6q71Ugh3vyogi1ksSBQ1BU4mNvSGvbJd2PquLaIPKr2DGH4YtVKJFA6UM
TFzkKOjh253tM5T0I8JF/M3UQbdFn+qP3FBbTKD28Tw/6d0KFsqw/dGxzEeY1NDY
jjuDNozfMdzO58x60RsEU+q6t/yBVzZumsVj7GhH8XI+SsQ0LEdBZ4j+nmp371be
tELDH9z6mnc1wG8XwScO9Zcfiq1DUsYnqHUuKe45SzkYXtTzXp5ZSfz4O7etVe1C
5XIvwQX84nEzmKbXy8lqW0qzm+gS0zrEJssmLj/pTCryJRTWRCwReSp3xMA=
-----END CERTIFICATE-----