Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/680574da-0643-4a80-a9a4-f36c2d2260a2.roa
File:                     680574da-0643-4a80-a9a4-f36c2d2260a2.roa (raw, json)
Hash identifier:          AXo7HvVizesDAll4AutnCimscu345V6xFz0Bcds/Kog=
Subject key identifier:   6C:11:25:6C:75:2C:A8:96:44:64:AC:8C:03:C2:9F:D3:95:0B:BC:9F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5EC3DA91437B2346F8B954CC7395F142A46BB808
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/680574da-0643-4a80-a9a4-f36c2d2260a2.roa
Signing time:             Thu 14 Nov 2024 00:00:00 +0000
ROA not before:           Thu 14 Nov 2024 00:00:00 +0000
ROA not after:            Thu 19 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:c3:da:91:43:7b:23:46:f8:b9:54:cc:73:95:f1:42:a4:6b:b8:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 14 00:00:00 2024 GMT
            Not After : Dec 19 23:59:59 2024 GMT
        Subject: serialNumber=45579b4d2e420791f9fd4bbfcb3fbcfff108d7b5f4e347b428b30fc1f84832cc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d0:35:2a:b1:26:4a:1a:e6:80:be:c2:2b:f2:
                    e1:7a:9d:6d:d5:25:bc:66:62:c2:cb:e1:41:be:bc:
                    dc:a5:84:fd:21:e5:4c:ac:c8:5b:f6:e9:d3:92:01:
                    98:8c:fb:74:08:c5:05:52:4d:00:c6:66:1e:2f:9a:
                    39:66:28:3c:12:66:4c:eb:ff:0c:1b:bc:9b:39:9f:
                    16:ed:bd:bd:5f:51:df:3a:8b:e4:b7:ab:dc:35:3d:
                    61:17:82:a5:fd:ab:34:57:80:a7:5b:b4:c6:f2:c0:
                    0b:d6:c1:d4:9e:56:53:ff:42:4e:dd:f3:82:df:71:
                    80:9b:c0:59:8c:2e:8d:4e:5a:f5:65:69:f7:50:0b:
                    2e:07:63:1b:2d:82:6b:54:a8:2a:3d:c2:e9:5d:e6:
                    dc:11:d5:2c:4f:12:77:49:85:af:45:28:0a:20:3d:
                    6e:8c:27:74:33:14:3e:1a:c0:6f:62:bb:3e:65:ba:
                    c2:4a:74:cb:c1:cf:36:96:44:ad:4a:ab:9a:b9:75:
                    a9:7a:3a:12:2f:04:1e:12:1a:f6:a0:64:2d:f7:b6:
                    34:44:ac:ac:7e:d4:b5:86:17:17:2f:ad:45:f2:15:
                    39:69:15:c4:8c:1f:9d:4b:f8:32:bd:6f:88:63:8f:
                    2a:08:e3:49:db:15:f6:64:42:73:c8:c3:80:17:e8:
                    77:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:11:25:6C:75:2C:A8:96:44:64:AC:8C:03:C2:9F:D3:95:0B:BC:9F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/680574da-0643-4a80-a9a4-f36c2d2260a2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:f7:98:e5:bc:2b:20:60:ab:e8:1a:93:d9:72:e5:57:f2:17:
         fc:f4:e0:fd:3c:12:70:1d:59:e0:89:2b:57:05:e9:fd:94:27:
         19:bf:75:e0:f8:60:58:8e:8e:1d:93:01:a7:e5:9e:e8:42:9d:
         91:5c:6b:9e:36:ae:f0:bf:97:61:fe:57:12:2a:eb:6d:3a:8d:
         c5:78:ea:b5:c6:94:8d:b2:82:14:9c:b9:e9:cd:02:6f:d6:f3:
         0e:9f:dd:ec:98:56:b9:13:7f:81:2b:34:2e:d8:11:bb:56:84:
         02:24:f7:e4:dc:39:10:6e:8d:62:a7:a2:b6:2b:68:fa:af:7c:
         aa:26:3a:37:a5:e9:04:e1:72:d5:4f:cc:81:fb:ab:c6:ee:32:
         e5:ce:80:2f:4d:5d:08:91:d0:fd:52:33:ed:24:80:ee:f5:75:
         7a:14:59:d4:b6:d0:31:83:07:89:00:58:bc:bb:b5:37:ad:ff:
         32:91:02:91:1a:df:c9:6b:97:0b:ad:6c:4d:01:4c:fe:59:db:
         3b:8a:b7:06:13:25:26:cb:76:b6:b9:51:dd:b7:1e:70:54:29:
         49:fa:3e:f7:44:bf:bf:ec:47:61:64:3e:7e:8b:2b:33:b1:bb:
         01:f8:d5:e7:dc:26:6d:91:82:09:4a:ff:ac:90:ae:b0:7c:56:
         8e:0d:de:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXsPakUN7I0b4uVTMc5XxQqRruAgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTE0MDAwMDAwWhcNMjQxMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTU3OWI0ZDJlNDIwNzkxZjlmZDRiYmZjYjNmYmNmZmYx
MDhkN2I1ZjRlMzQ3YjQyOGIzMGZjMWY4NDgzMmNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+0DUqsSZKGuaAvsIr8uF6nW3VJbxmYsLL4UG+vNylhP0h
5UysyFv26dOSAZiM+3QIxQVSTQDGZh4vmjlmKDwSZkzr/wwbvJs5nxbtvb1fUd86
i+S3q9w1PWEXgqX9qzRXgKdbtMbywAvWwdSeVlP/Qk7d84LfcYCbwFmMLo1OWvVl
afdQCy4HYxstgmtUqCo9wuld5twR1SxPEndJha9FKAogPW6MJ3QzFD4awG9iuz5l
usJKdMvBzzaWRK1Kq5q5dal6OhIvBB4SGvagZC33tjRErKx+1LWGFxcvrUXyFTlp
FcSMH51L+DK9b4hjjyoI40nbFfZkQnPIw4AX6HdpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbBElbHUsqJZEZKyMA8Kf05ULvJ8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY4MDU3NGRhLTA2NDMtNGE4MC1hOWE0LWYzNmMyZDIyNjBhMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABv3mOW8KyBgq+gak9ly5VfyF/z0
4P08EnAdWeCJK1cF6f2UJxm/deD4YFiOjh2TAaflnuhCnZFca542rvC/l2H+VxIq
6206jcV46rXGlI2yghScuenNAm/W8w6f3eyYVrkTf4ErNC7YEbtWhAIk9+TcORBu
jWKnorYraPqvfKomOjel6QThctVPzIH7q8buMuXOgC9NXQiR0P1SM+0kgO71dXoU
WdS20DGDB4kAWLy7tTet/zKRApEa38lrlwutbE0BTP5Z2zuKtwYTJSbLdra5Ud23
HnBUKUn6PvdEv7/sR2FkPn6LKzOxuwH41efcJm2RgglK/6yQrrB8Vo4N3h4=
-----END CERTIFICATE-----