Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/627c602b-8def-409e-8a84-7890dcfa7504.roa
File:                     627c602b-8def-409e-8a84-7890dcfa7504.roa (raw, json)
Hash identifier:          R2ecb3dnqDJJRvH7kFPkxW63JjeutLDRR0ylK0Y2bcA=
Subject key identifier:   20:9D:31:87:0D:2C:82:91:5E:42:AB:47:FF:9A:DD:FA:21:07:D9:CC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7BC58CA2DDE7DCE2C84F6C4B0A21A372A4D30C91
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/627c602b-8def-409e-8a84-7890dcfa7504.roa
Signing time:             Mon 24 Jun 2024 00:00:00 +0000
ROA not before:           Mon 24 Jun 2024 00:00:00 +0000
ROA not after:            Mon 29 Jul 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:c5:8c:a2:dd:e7:dc:e2:c8:4f:6c:4b:0a:21:a3:72:a4:d3:0c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 24 00:00:00 2024 GMT
            Not After : Jul 29 23:59:59 2024 GMT
        Subject: serialNumber=21870d18f9dc96386c9cbebd8df4eba7cdc3b1c22eaa9c8b496213a521c0d66e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5d:64:bd:2a:ff:03:bb:c3:de:a1:32:51:8b:
                    ec:87:ef:60:9d:ee:50:95:63:8c:a8:cc:38:96:79:
                    50:f3:89:c5:0d:37:cd:19:34:71:76:bd:8d:35:a4:
                    b6:10:91:98:0b:c6:1d:91:c8:76:0d:4c:e9:d1:6f:
                    d9:f1:67:71:e1:5f:ad:49:2b:e4:60:96:38:05:b8:
                    8e:85:1b:7e:b2:3b:10:35:d1:1a:ff:51:ac:a8:c6:
                    a8:51:ab:85:e4:a6:78:5b:9d:32:5a:90:13:37:63:
                    6a:de:64:76:da:e9:ca:97:0c:3a:d4:ff:84:20:a1:
                    bb:69:ac:9f:81:1e:3e:0e:e1:46:3f:fc:a3:1b:20:
                    3a:b9:4b:b7:4b:d9:0d:48:45:0a:6a:02:e8:a0:1e:
                    71:ab:93:14:a2:33:c9:8c:98:d2:42:81:70:73:d8:
                    5b:b3:85:af:03:7b:af:30:2d:e2:09:bc:62:87:6d:
                    58:3c:45:15:17:35:86:f3:83:fa:b7:e7:48:eb:c8:
                    e8:e6:45:7a:43:14:90:89:13:5d:88:4c:4f:14:28:
                    09:c2:a9:26:49:93:ae:84:dd:f1:27:9b:78:96:f3:
                    e4:e8:e2:41:86:25:b5:4a:0a:16:e1:ea:c6:f2:54:
                    8c:fb:ec:55:ae:00:71:5b:8c:77:36:58:33:c7:6e:
                    9c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:9D:31:87:0D:2C:82:91:5E:42:AB:47:FF:9A:DD:FA:21:07:D9:CC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/627c602b-8def-409e-8a84-7890dcfa7504.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:cd:00:b2:8e:df:58:31:e7:82:bd:27:2a:84:77:cb:c3:ad:
         28:c4:f3:b9:7a:4f:cd:3f:01:8e:52:cc:dd:22:54:69:1c:32:
         83:39:3f:32:7b:03:b0:2f:72:04:cc:b3:f5:23:a9:0f:58:d6:
         1a:1d:73:e4:57:00:90:74:e6:60:21:b8:b6:ab:bc:22:11:ac:
         d1:dc:29:01:93:1c:89:eb:6e:9d:e3:e2:4d:b2:ca:aa:fc:92:
         d1:25:b4:34:da:56:76:1d:0b:77:c5:cc:46:61:70:28:f8:af:
         1d:6a:42:e4:e8:52:59:36:1d:e0:7a:50:c1:ea:13:d4:03:9e:
         cf:77:89:79:39:b5:d5:52:72:b8:66:05:27:31:a4:4e:1a:a3:
         4e:41:41:38:7b:fd:c2:3e:91:67:a8:dc:47:f5:78:e7:dd:0e:
         6a:4f:35:a2:4d:41:16:e3:11:1f:83:e3:2f:c7:13:55:5f:0a:
         0c:50:f7:46:25:86:53:5b:a1:a6:bd:4c:89:65:f5:d1:5a:ae:
         a4:f9:a1:39:da:55:77:12:ca:4e:75:73:40:9f:0e:d6:44:ea:
         91:a7:c7:65:e6:76:ea:ea:50:ff:48:92:07:24:ce:f9:c9:93:
         99:c5:f4:51:09:71:00:ed:1a:e6:05:0c:4f:f6:66:e8:3c:8f:
         b1:3a:8e:e5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe8WMot3n3OLIT2xLCiGjcqTTDJEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNjI0MDAwMDAwWhcNMjQwNzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTg3MGQxOGY5ZGM5NjM4NmM5Y2JlYmQ4ZGY0ZWJhN2Nk
YzNiMWMyMmVhYTljOGI0OTYyMTNhNTIxYzBkNjZlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPXWS9Kv8Du8PeoTJRi+yH72Cd7lCVY4yozDiWeVDzicUN
N80ZNHF2vY01pLYQkZgLxh2RyHYNTOnRb9nxZ3HhX61JK+RgljgFuI6FG36yOxA1
0Rr/UayoxqhRq4XkpnhbnTJakBM3Y2reZHba6cqXDDrU/4QgobtprJ+BHj4O4UY/
/KMbIDq5S7dL2Q1IRQpqAuigHnGrkxSiM8mMmNJCgXBz2Fuzha8De68wLeIJvGKH
bVg8RRUXNYbzg/q350jryOjmRXpDFJCJE12ITE8UKAnCqSZJk66E3fEnm3iW8+To
4kGGJbVKChbh6sbyVIz77FWuAHFbjHc2WDPHbpxDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIJ0xhw0sgpFeQqtH/5rd+iEH2cwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYyN2M2MDJiLThkZWYtNDA5ZS04YTg0LTc4OTBkY2ZhNzUwNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGbNALKO31gx54K9JyqEd8vDrSjE
87l6T80/AY5SzN0iVGkcMoM5PzJ7A7AvcgTMs/UjqQ9Y1hodc+RXAJB05mAhuLar
vCIRrNHcKQGTHInrbp3j4k2yyqr8ktEltDTaVnYdC3fFzEZhcCj4rx1qQuToUlk2
HeB6UMHqE9QDns93iXk5tdVScrhmBScxpE4ao05BQTh7/cI+kWeo3Ef1eOfdDmpP
NaJNQRbjER+D4y/HE1VfCgxQ90YlhlNboaa9TIll9dFarqT5oTnaVXcSyk51c0Cf
DtZE6pGnx2XmdurqUP9IkgckzvnJk5nF9FEJcQDtGuYFDE/2Zug8j7E6juU=
-----END CERTIFICATE-----