Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6648e1cf-fa61-4a6a-baa5-3c6b5d83b30d.roa
File:                     6648e1cf-fa61-4a6a-baa5-3c6b5d83b30d.roa (raw, json)
Hash identifier:          Bc4J+4RRi8OTPz3Ij36Bu4zx6OWzuuJASV2qijVQLzA=
Subject key identifier:   EA:E1:F7:F9:06:27:11:DD:A1:00:79:1A:7C:BB:F5:D3:6F:F2:FE:0E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0D4541C339FE0163E9814C7BB223E9A0B6C8DE4D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6648e1cf-fa61-4a6a-baa5-3c6b5d83b30d.roa
Signing time:             Sun 17 Mar 2024 00:00:00 +0000
ROA not before:           Sun 17 Mar 2024 00:00:00 +0000
ROA not after:            Sun 21 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:45:41:c3:39:fe:01:63:e9:81:4c:7b:b2:23:e9:a0:b6:c8:de:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 17 00:00:00 2024 GMT
            Not After : Apr 21 23:59:59 2024 GMT
        Subject: serialNumber=296d2d2aa7b25bd3fa46e5a0b31b9237b4d530f20cfab15e1eb8e0e69d67a725, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:6e:72:e9:6f:f5:f0:81:33:96:c4:71:d8:b8:
                    ab:9d:09:3a:3f:38:06:25:53:6f:f9:d1:24:ac:a7:
                    e3:05:e5:be:b1:92:e9:3b:08:0d:4d:96:53:33:37:
                    7d:29:86:9b:84:2b:eb:2c:83:3b:c8:91:82:1e:60:
                    95:30:21:19:b5:60:8b:85:cf:53:1c:bb:82:2f:c8:
                    dd:fc:d2:30:9b:80:5b:b1:1e:9b:3e:05:48:af:dc:
                    54:65:94:2f:9e:33:2c:8a:bf:8a:8e:5d:bf:b1:e0:
                    03:8b:26:54:16:20:91:c8:e8:6a:3c:4d:9f:47:d7:
                    2f:23:76:ff:67:fa:c9:ec:b6:c1:e6:a4:9c:53:09:
                    9b:23:53:22:da:ce:31:33:4f:4f:db:88:f8:7c:3b:
                    30:87:c5:b7:ff:9b:e7:42:2b:80:9e:3e:7b:c4:28:
                    67:66:fc:8b:37:46:8e:41:61:d3:ce:3d:3e:72:d9:
                    d8:87:0a:66:1f:74:7b:3b:21:80:07:04:f8:3f:c3:
                    cf:57:ea:ff:30:33:c1:cb:1a:da:64:df:6e:ea:06:
                    0b:f4:b3:4e:ac:f5:da:f1:4a:f6:3c:a8:18:8d:52:
                    de:4f:37:37:15:71:e8:4a:ea:0a:df:7d:d5:23:db:
                    24:db:05:42:cc:eb:99:2c:5a:12:b4:fe:24:17:be:
                    b2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:E1:F7:F9:06:27:11:DD:A1:00:79:1A:7C:BB:F5:D3:6F:F2:FE:0E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6648e1cf-fa61-4a6a-baa5-3c6b5d83b30d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:1b:27:4b:52:3a:a6:ef:bb:60:c4:bf:8f:24:d3:db:30:0b:
         84:9a:6f:1d:6e:6c:21:0a:a1:49:73:68:98:30:e7:c1:5a:9f:
         d0:e3:6b:01:6c:6d:d2:c0:21:b5:a0:fb:43:2e:b1:ae:12:bb:
         fa:52:cb:42:0b:6f:3c:11:41:c6:7b:07:49:2e:c5:6f:02:ca:
         7f:0e:80:b1:35:7c:87:de:12:d1:bd:a1:e6:9f:1a:ad:a8:84:
         29:ad:92:e0:35:1e:e4:c0:55:ad:b5:c5:14:65:ab:5f:09:1a:
         48:29:ea:99:09:3a:81:f9:a9:d2:57:0e:21:88:d6:96:22:53:
         d2:0c:d5:91:dd:68:71:c3:f5:bc:1c:9c:e9:94:85:74:03:df:
         61:76:89:c6:99:9b:4c:c5:30:ce:80:c5:6e:68:25:70:a5:7d:
         dc:4a:c9:b8:32:51:81:26:bf:58:fa:86:a0:df:4a:86:df:bd:
         c7:ab:6c:aa:c3:0c:2a:4a:62:c0:a0:04:69:86:d3:81:84:a1:
         d2:53:4b:fc:0c:08:77:db:5e:a8:21:66:32:02:db:10:c0:3f:
         7c:d0:c6:88:70:9d:7b:c8:91:c0:89:37:c1:e9:f1:71:ff:e9:
         86:ea:f9:8e:3d:93:39:e5:0a:40:cb:19:a1:8f:32:92:c2:39:
         33:77:88:b5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDUVBwzn+AWPpgUx7siPpoLbI3k0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzE3MDAwMDAwWhcNMjQwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTZkMmQyYWE3YjI1YmQzZmE0NmU1YTBiMzFiOTIzN2I0
ZDUzMGYyMGNmYWIxNWUxZWI4ZTBlNjlkNjdhNzI1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxbnLpb/XwgTOWxHHYuKudCTo/OAYlU2/50SSsp+MF5b6x
kuk7CA1NllMzN30phpuEK+ssgzvIkYIeYJUwIRm1YIuFz1Mcu4IvyN380jCbgFux
Hps+BUiv3FRllC+eMyyKv4qOXb+x4AOLJlQWIJHI6Go8TZ9H1y8jdv9n+snstsHm
pJxTCZsjUyLazjEzT0/biPh8OzCHxbf/m+dCK4CePnvEKGdm/Is3Ro5BYdPOPT5y
2diHCmYfdHs7IYAHBPg/w89X6v8wM8HLGtpk327qBgv0s06s9drxSvY8qBiNUt5P
NzcVcehK6grffdUj2yTbBULM65ksWhK0/iQXvrKxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6uH3+QYnEd2hAHkafLv102/y/g4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY2NDhlMWNmLWZhNjEtNGE2YS1iYWE1LTNjNmI1ZDgzYjMwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAgbJ0tSOqbvu2DEv48k09swC4Sa
bx1ubCEKoUlzaJgw58Fan9DjawFsbdLAIbWg+0Musa4Su/pSy0ILbzwRQcZ7B0ku
xW8Cyn8OgLE1fIfeEtG9oeafGq2ohCmtkuA1HuTAVa21xRRlq18JGkgp6pkJOoH5
qdJXDiGI1pYiU9IM1ZHdaHHD9bwcnOmUhXQD32F2icaZm0zFMM6AxW5oJXClfdxK
ybgyUYEmv1j6hqDfSobfvcerbKrDDCpKYsCgBGmG04GEodJTS/wMCHfbXqghZjIC
2xDAP3zQxohwnXvIkcCJN8Hp8XH/6Ybq+Y49kznlCkDLGaGPMpLCOTN3iLU=
-----END CERTIFICATE-----