Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/632a133c-336b-4a2d-8922-f14daa008ffa.roa
File:                     632a133c-336b-4a2d-8922-f14daa008ffa.roa (raw, json)
Hash identifier:          PVUU4ESaoDHvXn3qFnnU5CncW3w8ACH97R3UwoFv9ZU=
Subject key identifier:   5B:E5:EE:0A:C2:5E:97:19:30:F4:19:A6:D6:0E:FC:3F:66:6D:FA:69
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2C3B26DD72EB4F991F85D028FCA3682212D5BEE7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/632a133c-336b-4a2d-8922-f14daa008ffa.roa
Signing time:             Mon 15 Jul 2024 00:00:00 +0000
ROA not before:           Mon 15 Jul 2024 00:00:00 +0000
ROA not after:            Mon 19 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:3b:26:dd:72:eb:4f:99:1f:85:d0:28:fc:a3:68:22:12:d5:be:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 15 00:00:00 2024 GMT
            Not After : Aug 19 23:59:59 2024 GMT
        Subject: serialNumber=da3d71cc97c64d539b5deb9a2cc6d02c5168bed27917a266e144e63c021cd7aa, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:53:82:af:5d:d4:38:b9:b6:5b:bd:c1:2f:32:
                    23:ab:15:e3:3f:39:42:05:c9:90:28:56:f1:e5:bc:
                    9c:02:ae:29:fe:34:bd:14:c9:8f:d9:87:54:9c:bb:
                    53:11:dd:06:85:6c:a2:65:4d:d0:0d:34:ae:58:04:
                    db:8c:9a:28:66:d3:13:55:84:45:9b:b0:13:70:a1:
                    99:df:fa:b2:ec:cc:77:eb:cd:a3:63:4e:5e:2d:0f:
                    d2:24:cc:65:09:03:cc:b6:fa:4d:5c:91:0a:06:54:
                    bc:bf:63:bb:b0:1f:f9:8b:e1:a5:0b:14:30:74:ac:
                    f4:52:24:47:28:4b:20:75:c1:16:ba:c2:82:7e:a1:
                    66:1e:f8:80:08:ed:f3:e9:e6:ca:73:ad:a2:2a:a9:
                    b3:6a:5e:54:a8:3f:9e:91:b4:99:94:65:cf:ab:3f:
                    75:6f:4e:e7:ed:e5:3e:18:ee:78:41:57:ff:d1:9c:
                    bf:c6:bc:01:01:89:ba:30:da:50:16:47:3b:59:f5:
                    7f:f7:6a:64:81:2d:5f:b1:f9:d6:05:70:61:10:62:
                    d1:72:06:35:cc:76:0d:b9:a8:63:e0:2e:2c:3f:8b:
                    c5:e8:43:4d:76:4d:62:8c:6c:86:c3:46:0b:55:21:
                    d1:51:cf:d1:3a:50:46:69:70:0c:69:0d:aa:d4:09:
                    f4:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E5:EE:0A:C2:5E:97:19:30:F4:19:A6:D6:0E:FC:3F:66:6D:FA:69
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/632a133c-336b-4a2d-8922-f14daa008ffa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:f8:34:ba:14:c6:0b:e3:db:83:66:2f:64:37:6e:bb:f0:03:
         8d:a9:fb:e6:99:37:e7:1f:36:f7:21:3e:5c:a4:98:42:c8:2a:
         39:da:b6:5c:74:ba:ba:4e:51:9a:18:3a:d0:f6:96:80:4f:b1:
         f3:30:e9:c4:71:99:d5:50:04:76:43:2d:8a:ea:75:fd:15:a7:
         dd:87:b9:b1:e8:0f:ef:52:6e:b3:92:a2:08:b2:35:78:1f:1f:
         55:49:c8:01:05:65:de:ff:46:02:48:5c:75:85:ab:7f:74:c1:
         cc:d5:fd:12:ef:34:64:8b:a0:58:eb:b8:13:85:ff:35:41:c0:
         d5:bf:75:bb:ad:39:e7:59:22:50:d5:c1:82:34:cd:32:6d:c9:
         69:ee:11:69:f0:d3:f4:e3:4a:97:2d:96:a8:4f:0d:fb:91:2a:
         95:5e:aa:42:85:c4:66:01:7c:e4:bd:aa:24:36:ee:0f:36:3e:
         e0:7f:20:5b:85:d8:2e:b6:90:f5:e4:27:af:8d:68:c2:0c:9b:
         9c:f4:cd:d9:1d:cd:16:a0:4a:e1:e0:88:f1:f1:6f:f3:55:bb:
         04:6c:46:bf:7b:c7:f5:3a:96:7f:c8:ae:e2:ee:82:1b:ce:02:
         f4:91:4e:53:9e:37:0a:5a:87:53:c0:b1:c6:7f:2c:92:d4:22:
         cd:4a:b6:88
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULDsm3XLrT5kfhdAo/KNoIhLVvucwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE1MDAwMDAwWhcNMjQwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYTNkNzFjYzk3YzY0ZDUzOWI1ZGViOWEyY2M2ZDAyYzUx
NjhiZWQyNzkxN2EyNjZlMTQ0ZTYzYzAyMWNkN2FhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRU4KvXdQ4ubZbvcEvMiOrFeM/OUIFyZAoVvHlvJwCrin+
NL0UyY/Zh1Scu1MR3QaFbKJlTdANNK5YBNuMmihm0xNVhEWbsBNwoZnf+rLszHfr
zaNjTl4tD9IkzGUJA8y2+k1ckQoGVLy/Y7uwH/mL4aULFDB0rPRSJEcoSyB1wRa6
woJ+oWYe+IAI7fPp5spzraIqqbNqXlSoP56RtJmUZc+rP3VvTuft5T4Y7nhBV//R
nL/GvAEBibow2lAWRztZ9X/3amSBLV+x+dYFcGEQYtFyBjXMdg25qGPgLiw/i8Xo
Q012TWKMbIbDRgtVIdFRz9E6UEZpcAxpDarUCfTJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUW+XuCsJelxkw9Bmm1g78P2Zt+mkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYzMmExMzNjLTMzNmItNGEyZC04OTIyLWYxNGRhYTAwOGZmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGL4NLoUxgvj24NmL2Q3brvwA42p
++aZN+cfNvchPlykmELIKjnatlx0urpOUZoYOtD2loBPsfMw6cRxmdVQBHZDLYrq
df0Vp92HubHoD+9SbrOSogiyNXgfH1VJyAEFZd7/RgJIXHWFq390wczV/RLvNGSL
oFjruBOF/zVBwNW/dbutOedZIlDVwYI0zTJtyWnuEWnw0/TjSpctlqhPDfuRKpVe
qkKFxGYBfOS9qiQ27g82PuB/IFuF2C62kPXkJ6+NaMIMm5z0zdkdzRagSuHgiPHx
b/NVuwRsRr97x/U6ln/IruLughvOAvSRTlOeNwpah1PAscZ/LJLUIs1Ktog=
-----END CERTIFICATE-----