Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/666b763e-a8f1-4b08-9197-52078a196260.roa
File:                     666b763e-a8f1-4b08-9197-52078a196260.roa (raw, json)
Hash identifier:          havMGF6Dkm4lQTiqAz3G8hTN3hPmjTcfN4EHY9vSvDs=
Subject key identifier:   EC:95:35:FD:E4:C9:70:23:5C:D4:3C:E8:FA:9A:25:8E:48:73:3B:40
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3A75D281E758CB0BB5341D2A9263A5F00B98A16F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/666b763e-a8f1-4b08-9197-52078a196260.roa
Signing time:             Fri 12 Jan 2024 00:00:00 +0000
ROA not before:           Fri 12 Jan 2024 00:00:00 +0000
ROA not after:            Fri 16 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:75:d2:81:e7:58:cb:0b:b5:34:1d:2a:92:63:a5:f0:0b:98:a1:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 12 00:00:00 2024 GMT
            Not After : Feb 16 23:59:59 2024 GMT
        Subject: serialNumber=6e15fc70fe5a24f1602549375e761b049faef27c44da568da161f548b41706ee, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ea:39:91:eb:0b:3f:28:62:13:56:23:75:a3:
                    d8:18:78:39:54:5a:ca:f7:df:0f:7b:ce:58:dd:bb:
                    ec:ce:6e:13:6e:95:bf:2f:fa:47:0e:90:80:ce:df:
                    fc:4b:71:ad:97:3a:8a:45:0a:8a:e0:32:3b:e7:0a:
                    a9:a7:ad:85:5b:a4:c1:d5:de:7a:e8:e3:1c:df:00:
                    f9:46:a4:90:eb:61:5e:a7:95:3a:10:cf:79:60:2e:
                    23:e0:8e:0b:a7:5d:72:c1:e7:1b:42:ad:ae:42:27:
                    72:ee:10:eb:11:4d:35:d1:07:dc:a6:6c:a3:d5:aa:
                    23:2a:f0:1a:82:a2:1a:a1:c2:09:6c:a0:77:62:7c:
                    fe:42:4d:30:32:32:fc:96:75:d1:23:bf:16:0a:d2:
                    58:8d:65:84:b3:2f:6a:3b:9d:0b:60:2d:61:df:86:
                    f7:7f:10:72:85:a8:14:40:94:e9:46:84:e4:e8:32:
                    f7:15:a3:7b:33:40:a1:d0:8c:0a:00:30:07:f4:cb:
                    73:04:69:d8:86:4a:2c:03:d3:f3:e7:1d:d0:a9:03:
                    e4:e6:d0:98:24:59:5f:c6:59:52:38:1a:8e:65:f4:
                    ef:a3:7b:7c:5b:7c:bf:27:20:89:16:ed:1c:08:a8:
                    f1:4a:50:b7:f3:e3:b4:2b:ce:19:c3:55:86:34:6e:
                    42:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:95:35:FD:E4:C9:70:23:5C:D4:3C:E8:FA:9A:25:8E:48:73:3B:40
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/666b763e-a8f1-4b08-9197-52078a196260.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:1c:4f:4d:1b:d3:a7:96:19:56:2b:4b:4e:a3:85:af:41:28:
         35:ae:83:68:44:f9:5a:bf:78:29:0d:b8:49:16:22:20:af:b7:
         bb:98:e2:af:13:65:fc:f2:4d:5f:94:e3:10:66:6c:a2:5e:d7:
         3a:c4:c6:16:5e:2e:39:d1:b5:dc:41:4d:fa:0d:81:e3:cc:0e:
         d4:48:6e:f2:dd:19:0a:e4:80:5b:e3:30:fb:e0:cd:fd:c2:a8:
         c8:f3:82:62:4c:76:71:04:a8:2f:df:32:d3:fe:20:1f:39:da:
         9e:0c:e9:b2:59:fe:01:05:d7:d2:7c:7e:36:57:7a:46:91:f5:
         ee:cb:9a:01:03:1d:40:ac:a0:14:a9:2f:61:ca:e9:be:db:61:
         d3:66:62:4a:f9:cd:4b:fd:0b:ec:b2:09:5f:2f:0e:f5:42:0c:
         2d:92:9c:01:2d:28:30:00:14:78:6c:48:fb:6b:9a:06:35:65:
         3a:ca:10:a6:30:3e:ce:bc:8b:3f:08:68:ed:81:7e:4d:e7:21:
         1e:e9:98:92:02:ba:4c:eb:84:6c:e9:5b:7e:07:a7:3e:43:b6:
         a1:5b:f7:35:05:ce:58:19:81:dd:ea:cf:88:71:5b:34:d6:c9:
         c6:32:c4:02:3e:10:6e:32:ad:b7:e1:db:ac:dc:3c:52:a2:f1:
         af:d7:24:13
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOnXSgedYywu1NB0qkmOl8AuYoW8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTEyMDAwMDAwWhcNMjQwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZTE1ZmM3MGZlNWEyNGYxNjAyNTQ5Mzc1ZTc2MWIwNDlm
YWVmMjdjNDRkYTU2OGRhMTYxZjU0OGI0MTcwNmVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx6jmR6ws/KGITViN1o9gYeDlUWsr33w97zljdu+zObhNu
lb8v+kcOkIDO3/xLca2XOopFCorgMjvnCqmnrYVbpMHV3nro4xzfAPlGpJDrYV6n
lToQz3lgLiPgjgunXXLB5xtCra5CJ3LuEOsRTTXRB9ymbKPVqiMq8BqCohqhwgls
oHdifP5CTTAyMvyWddEjvxYK0liNZYSzL2o7nQtgLWHfhvd/EHKFqBRAlOlGhOTo
MvcVo3szQKHQjAoAMAf0y3MEadiGSiwD0/PnHdCpA+Tm0JgkWV/GWVI4Go5l9O+j
e3xbfL8nIIkW7RwIqPFKULfz47QrzhnDVYY0bkLrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7JU1/eTJcCNc1Dzo+poljkhzO0AwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY2NmI3NjNlLWE4ZjEtNGIwOC05MTk3LTUyMDc4YTE5NjI2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFkcT00b06eWGVYrS06jha9BKDWu
g2hE+Vq/eCkNuEkWIiCvt7uY4q8TZfzyTV+U4xBmbKJe1zrExhZeLjnRtdxBTfoN
gePMDtRIbvLdGQrkgFvjMPvgzf3CqMjzgmJMdnEEqC/fMtP+IB852p4M6bJZ/gEF
19J8fjZXekaR9e7LmgEDHUCsoBSpL2HK6b7bYdNmYkr5zUv9C+yyCV8vDvVCDC2S
nAEtKDAAFHhsSPtrmgY1ZTrKEKYwPs68iz8IaO2Bfk3nIR7pmJICukzrhGzpW34H
pz5DtqFb9zUFzlgZgd3qz4hxWzTWycYyxAI+EG4yrbfh26zcPFKi8a/XJBM=
-----END CERTIFICATE-----