Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6444a803-489b-4a31-a36a-b5ed6c06d3ed.roa
File:                     6444a803-489b-4a31-a36a-b5ed6c06d3ed.roa (raw, json)
Hash identifier:          18scc/0Dx6mHrIRIaG7t6svDZ/dm42QWzPsVzYWq3BY=
Subject key identifier:   1E:65:84:B1:03:06:9C:CB:6A:D5:B9:10:92:D6:E3:5E:9D:89:C4:38
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       139F6D24705B6C6D0916ED48F2676F59C56D7417
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6444a803-489b-4a31-a36a-b5ed6c06d3ed.roa
Signing time:             Mon 08 Apr 2024 00:00:00 +0000
ROA not before:           Mon 08 Apr 2024 00:00:00 +0000
ROA not after:            Mon 13 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:9f:6d:24:70:5b:6c:6d:09:16:ed:48:f2:67:6f:59:c5:6d:74:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  8 00:00:00 2024 GMT
            Not After : May 13 23:59:59 2024 GMT
        Subject: serialNumber=f4819d252790619c088f2de7862db6969cfa432241342c726b902d25382ca5e1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:72:68:06:6f:fd:71:12:11:70:5c:2b:5f:79:
                    fe:53:47:e0:ca:00:4b:6b:3e:88:84:3c:08:7e:46:
                    dc:81:5d:f4:58:63:05:8e:9e:ff:87:1f:4e:a4:80:
                    51:71:6c:7c:61:99:8c:38:1c:0b:a0:1d:b0:a3:44:
                    54:e9:21:be:95:72:80:16:7e:a3:52:ce:bb:98:56:
                    85:79:6b:1c:2b:b1:d2:0d:a2:f0:2e:f9:0b:6b:db:
                    57:9d:4a:88:03:3b:1d:50:fe:41:5e:c2:40:ab:e9:
                    56:8d:dd:ab:fa:e5:bc:0b:e1:f5:67:85:31:61:0f:
                    d1:40:a8:ff:f7:5e:6e:11:4a:4f:a2:52:5e:ce:11:
                    06:22:1c:e2:ac:f4:3c:b2:23:77:4b:20:26:7c:43:
                    18:9c:9a:14:c3:f7:df:2b:84:38:92:18:79:6a:f2:
                    53:0c:73:f3:b3:9a:e5:62:13:85:3d:63:28:1d:60:
                    4a:28:96:d8:1d:55:47:91:11:9f:a2:30:af:7b:9d:
                    d6:20:45:6b:c7:2b:3c:35:7b:c6:f7:f6:ae:85:61:
                    69:71:57:f6:29:79:65:79:f5:0c:ee:42:f9:c1:d5:
                    e3:14:89:29:ba:c7:5b:2a:76:2e:f0:1a:b3:f7:1b:
                    24:d9:4e:a0:9f:24:54:f8:47:39:db:63:15:ab:9d:
                    3a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:65:84:B1:03:06:9C:CB:6A:D5:B9:10:92:D6:E3:5E:9D:89:C4:38
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6444a803-489b-4a31-a36a-b5ed6c06d3ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:26:71:aa:9d:49:5c:4b:68:51:0d:5f:5a:d9:27:1b:a5:73:
         8f:dc:66:33:19:18:38:2b:b6:19:54:a8:3f:f9:4b:be:5b:d1:
         8c:48:ca:70:f7:f2:38:a0:97:0d:bb:b6:6c:b6:67:93:97:a6:
         93:0b:04:5b:71:d1:61:2c:b0:a7:73:86:28:86:2f:84:f2:c0:
         10:de:a3:29:38:fa:e1:23:67:d0:1b:a3:88:26:d4:ec:ba:ed:
         59:ed:e8:07:75:8b:c6:a8:36:90:33:b1:a5:f6:21:59:9a:24:
         5a:f8:2c:f2:13:4c:92:44:37:92:c0:5b:c4:31:cd:06:48:44:
         88:a8:5d:34:b7:e5:b9:82:ce:7a:1a:5b:c8:f5:d9:c5:28:d9:
         f3:e6:fa:12:39:93:77:3a:5d:36:2b:0a:48:b6:14:9d:b6:03:
         85:b0:44:57:a9:bc:a5:ca:75:9e:7c:73:ff:f8:d4:5b:72:a6:
         74:e6:5e:7c:47:d9:a9:56:b2:89:8f:90:00:52:bd:11:31:61:
         39:90:67:59:5c:9f:d5:30:a5:24:ce:93:28:12:82:00:0a:2c:
         36:1d:7a:a1:54:23:b3:f9:d4:a3:6c:f1:a3:2c:29:80:80:b5:
         69:76:ae:a5:c6:9d:a7:eb:95:ce:af:84:75:05:85:9a:17:94:
         a9:4f:c4:9a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE59tJHBbbG0JFu1I8mdvWcVtdBcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDA4MDAwMDAwWhcNMjQwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDgxOWQyNTI3OTA2MTljMDg4ZjJkZTc4NjJkYjY5Njlj
ZmE0MzIyNDEzNDJjNzI2YjkwMmQyNTM4MmNhNWUxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCecmgGb/1xEhFwXCtfef5TR+DKAEtrPoiEPAh+RtyBXfRY
YwWOnv+HH06kgFFxbHxhmYw4HAugHbCjRFTpIb6VcoAWfqNSzruYVoV5axwrsdIN
ovAu+Qtr21edSogDOx1Q/kFewkCr6VaN3av65bwL4fVnhTFhD9FAqP/3Xm4RSk+i
Ul7OEQYiHOKs9DyyI3dLICZ8QxicmhTD998rhDiSGHlq8lMMc/OzmuViE4U9Yygd
YEooltgdVUeREZ+iMK97ndYgRWvHKzw1e8b39q6FYWlxV/YpeWV59QzuQvnB1eMU
iSm6x1sqdi7wGrP3GyTZTqCfJFT4RznbYxWrnToBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHmWEsQMGnMtq1bkQktbjXp2JxDgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY0NDRhODAzLTQ4OWItNGEzMS1hMzZhLWI1ZWQ2YzA2ZDNlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHMmcaqdSVxLaFENX1rZJxulc4/c
ZjMZGDgrthlUqD/5S75b0YxIynD38jiglw27tmy2Z5OXppMLBFtx0WEssKdzhiiG
L4TywBDeoyk4+uEjZ9Abo4gm1Oy67Vnt6Ad1i8aoNpAzsaX2IVmaJFr4LPITTJJE
N5LAW8QxzQZIRIioXTS35bmCznoaW8j12cUo2fPm+hI5k3c6XTYrCki2FJ22A4Ww
RFepvKXKdZ58c//41FtypnTmXnxH2alWsomPkABSvRExYTmQZ1lcn9UwpSTOkygS
ggAKLDYdeqFUI7P51KNs8aMsKYCAtWl2rqXGnafrlc6vhHUFhZoXlKlPxJo=
-----END CERTIFICATE-----