Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/606d6e88-ec93-4b3d-8719-9b81d70378ca.roa
File:                     606d6e88-ec93-4b3d-8719-9b81d70378ca.roa (raw, json)
Hash identifier:          qiFYQQ8h5XPBLa8sMxO9xyQSM4rPZOXNpeY8nHqDnzY=
Subject key identifier:   C1:F8:07:BC:50:DB:31:BB:0B:F1:02:B6:DF:06:F9:EB:AB:CC:8D:6E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7A09794221743C10B036BCDD4DB0415621E2EAD8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/606d6e88-ec93-4b3d-8719-9b81d70378ca.roa
Signing time:             Tue 09 Jul 2024 00:00:00 +0000
ROA not before:           Tue 09 Jul 2024 00:00:00 +0000
ROA not after:            Tue 13 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:09:79:42:21:74:3c:10:b0:36:bc:dd:4d:b0:41:56:21:e2:ea:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  9 00:00:00 2024 GMT
            Not After : Aug 13 23:59:59 2024 GMT
        Subject: serialNumber=aee3549387967434f9e6c50625f1f2b472fa7ce84133b04b00ac41d7acafbb7b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:82:5f:31:00:f0:90:b1:d2:6e:99:70:82:2b:
                    5f:46:be:f2:a6:53:a1:16:52:fb:7b:6c:83:b9:37:
                    d2:5f:b9:6d:f9:c1:d4:c8:88:2d:a9:51:ce:16:b4:
                    e4:e4:03:5b:d4:6f:41:f5:45:b8:79:23:30:71:f4:
                    00:ad:f7:a0:71:a4:73:c2:dc:da:4b:26:4d:1e:d2:
                    74:d4:d3:4d:e9:db:22:75:4d:23:80:b4:f9:6f:6f:
                    39:be:e3:70:a8:fc:d2:d6:11:44:8d:e8:33:69:a1:
                    d5:42:fa:5c:1e:31:6f:89:27:f3:83:8c:19:5b:c0:
                    43:f5:a9:7b:f2:86:df:4c:23:e6:86:d9:17:0e:6b:
                    88:f4:6b:7e:3f:b6:fa:92:c1:c6:81:dc:3a:8f:3d:
                    e4:d4:e4:ef:ac:bf:1a:e2:98:43:5b:ac:5c:6e:c9:
                    f3:fc:d2:73:b0:ee:91:7a:f5:2a:3c:64:3f:fa:ea:
                    97:c3:2b:81:95:ea:84:f2:f5:b8:ee:a8:58:5e:5f:
                    e9:7e:f0:08:dc:c7:35:c1:75:fa:b5:c5:39:e5:ac:
                    35:31:49:7a:3b:20:10:c4:f6:85:6e:73:1f:c6:7c:
                    de:4a:ca:c6:39:66:e0:1f:ce:e1:af:ab:61:77:b7:
                    7a:e9:de:dc:83:b2:4c:bc:10:cd:c9:1a:31:9d:8d:
                    41:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:F8:07:BC:50:DB:31:BB:0B:F1:02:B6:DF:06:F9:EB:AB:CC:8D:6E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/606d6e88-ec93-4b3d-8719-9b81d70378ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:10:b7:f1:cd:e4:d3:f4:ad:77:13:b6:08:73:42:a0:39:e1:
         70:1b:03:89:6e:2f:cf:c9:9a:f0:e1:25:f4:ba:b8:49:ee:41:
         4a:d5:70:df:91:b7:ff:ed:a4:f5:90:28:d5:ee:48:98:70:55:
         05:b1:ea:97:da:00:c1:9d:cb:3c:b3:5a:0d:1e:77:0a:bd:44:
         26:80:f3:93:3c:1b:ca:36:dd:cb:75:b3:35:bb:b4:9a:d0:17:
         98:43:66:ce:eb:b6:61:26:15:2f:d8:34:ca:2c:b4:bb:14:26:
         41:7b:f1:0d:5f:dd:bf:b1:2e:50:ed:19:08:7a:df:76:32:37:
         2d:62:21:31:13:dc:39:90:86:d2:fb:a0:7b:58:64:8f:9d:1b:
         78:e5:18:6b:d7:24:16:9c:f4:ac:56:d0:4c:d8:06:0d:2c:6d:
         f3:96:50:c2:9a:c5:33:e6:c7:79:0a:07:68:b7:10:3b:21:ea:
         d3:2f:f7:36:9f:51:c1:20:5e:20:98:a4:b5:16:f1:c8:6c:6a:
         af:83:f1:ea:af:61:16:5a:00:95:7d:ae:40:e6:3d:d9:d2:02:
         dc:21:c1:f6:e8:e0:8a:99:67:18:7f:c6:1f:ee:5f:99:27:1f:
         74:b5:06:9e:b9:56:b4:ef:c4:78:fa:76:bb:2e:91:27:c5:63:
         10:31:ea:86
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUegl5QiF0PBCwNrzdTbBBViHi6tgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzA5MDAwMDAwWhcNMjQwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZWUzNTQ5Mzg3OTY3NDM0ZjllNmM1MDYyNWYxZjJiNDcy
ZmE3Y2U4NDEzM2IwNGIwMGFjNDFkN2FjYWZiYjdiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCngl8xAPCQsdJumXCCK19GvvKmU6EWUvt7bIO5N9JfuW35
wdTIiC2pUc4WtOTkA1vUb0H1Rbh5IzBx9ACt96BxpHPC3NpLJk0e0nTU003p2yJ1
TSOAtPlvbzm+43Co/NLWEUSN6DNpodVC+lweMW+JJ/ODjBlbwEP1qXvyht9MI+aG
2RcOa4j0a34/tvqSwcaB3DqPPeTU5O+svxrimENbrFxuyfP80nOw7pF69So8ZD/6
6pfDK4GV6oTy9bjuqFheX+l+8AjcxzXBdfq1xTnlrDUxSXo7IBDE9oVucx/GfN5K
ysY5ZuAfzuGvq2F3t3rp3tyDsky8EM3JGjGdjUEdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwfgHvFDbMbsL8QK23wb566vMjW4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYwNmQ2ZTg4LWVjOTMtNGIzZC04NzE5LTliODFkNzAzNzhjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACAQt/HN5NP0rXcTtghzQqA54XAb
A4luL8/JmvDhJfS6uEnuQUrVcN+Rt//tpPWQKNXuSJhwVQWx6pfaAMGdyzyzWg0e
dwq9RCaA85M8G8o23ct1szW7tJrQF5hDZs7rtmEmFS/YNMostLsUJkF78Q1f3b+x
LlDtGQh633YyNy1iITET3DmQhtL7oHtYZI+dG3jlGGvXJBac9KxW0EzYBg0sbfOW
UMKaxTPmx3kKB2i3EDsh6tMv9zafUcEgXiCYpLUW8chsaq+D8eqvYRZaAJV9rkDm
PdnSAtwhwfbo4IqZZxh/xh/uX5knH3S1Bp65VrTvxHj6drsukSfFYxAx6oY=
-----END CERTIFICATE-----