Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6b794281-2fbd-4801-bd10-c76887e8afde.roa
File:                     6b794281-2fbd-4801-bd10-c76887e8afde.roa (raw, json)
Hash identifier:          CSIvMA9lRwp3jAkkTe6jB/Hg8vL+MT4kGIY5sfqwR/U=
Subject key identifier:   2B:A5:DA:34:81:25:AF:1B:A6:3E:11:9E:DF:60:22:4E:B2:F7:B0:8E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5E23C9B58B0C14A910B5819B3A6E5E2BF49CD4F4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6b794281-2fbd-4801-bd10-c76887e8afde.roa
Signing time:             Sun 19 May 2024 00:00:00 +0000
ROA not before:           Sun 19 May 2024 00:00:00 +0000
ROA not after:            Sun 23 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:23:c9:b5:8b:0c:14:a9:10:b5:81:9b:3a:6e:5e:2b:f4:9c:d4:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 19 00:00:00 2024 GMT
            Not After : Jun 23 23:59:59 2024 GMT
        Subject: serialNumber=2f5ffa241867d5dbb8edde4f5a5e76807bf8f42bc765382a61186f0c95d0be9b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2e:b1:6c:03:ae:14:ff:e1:c0:77:d1:f1:c3:
                    83:88:9f:3f:77:98:cc:a5:36:3d:7c:3d:23:8c:14:
                    20:84:7b:12:e8:31:75:b9:36:5d:bd:f3:00:8b:85:
                    39:c5:be:d6:9b:05:e7:4f:8f:cf:89:aa:34:b1:25:
                    07:a0:44:8e:5b:7a:65:4d:f6:ad:d6:81:74:2b:c7:
                    55:6a:bb:93:64:38:46:50:93:6d:22:e4:cd:24:d2:
                    cc:c1:70:82:39:67:dd:1a:21:18:2a:0b:25:55:17:
                    7c:fe:4a:67:7a:9a:01:ae:f9:e0:f6:11:3e:9c:f0:
                    1a:3f:8f:7e:37:2f:36:a4:47:e3:b4:67:1c:c4:b8:
                    41:d6:f2:01:8d:be:25:e4:d4:7f:55:96:17:b5:1d:
                    b1:bc:6c:f4:76:26:6b:c0:59:20:6f:2f:f4:fc:ec:
                    b5:b0:4c:79:92:44:33:5f:4d:0f:b6:c2:f2:95:e0:
                    4b:a3:4d:6d:09:27:cb:1c:28:aa:07:79:12:4d:76:
                    ab:7a:f3:f3:55:c0:d1:ea:02:3f:e9:93:e6:49:90:
                    8e:69:0c:12:65:31:b1:61:b3:c2:a9:04:bf:44:7d:
                    9d:7b:56:32:37:54:e7:99:44:e2:aa:ff:4d:b2:03:
                    75:4d:4c:22:0b:88:92:64:01:6a:73:43:a6:67:1c:
                    40:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:A5:DA:34:81:25:AF:1B:A6:3E:11:9E:DF:60:22:4E:B2:F7:B0:8E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6b794281-2fbd-4801-bd10-c76887e8afde.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:78:00:6a:6c:1f:9d:c7:67:34:1c:77:5c:0b:6f:52:59:27:
         74:c6:33:de:e9:af:bb:c6:7c:64:7b:bf:2f:21:fc:db:6d:0c:
         62:66:0c:06:d1:9f:b2:cd:99:d5:13:d4:a9:19:cf:ba:59:16:
         a7:4f:b8:47:8a:1d:df:a1:9c:6d:1a:a2:12:87:a5:90:63:c2:
         5e:43:1d:d7:fd:5b:77:46:d9:f4:27:be:49:bf:1c:61:e0:43:
         c1:64:75:45:2d:ea:bc:9e:13:37:32:58:78:9d:33:53:f6:ea:
         37:2a:b7:44:89:c5:ed:3b:d3:eb:76:8b:e8:b8:38:32:e3:75:
         62:b1:68:3b:34:f6:04:41:10:28:3b:92:41:fa:65:58:09:a9:
         44:72:f5:ff:b4:3f:e2:86:bd:c4:77:1d:05:c7:a8:81:a8:79:
         15:f2:73:65:9e:3a:1e:b8:24:6b:de:49:fa:58:1f:4a:7a:a9:
         2b:93:6b:ba:a3:ba:09:e5:e6:7c:46:c0:f8:ee:1a:a1:4c:ee:
         f5:53:c9:20:45:c6:98:fc:fb:39:12:7e:60:4f:c2:5c:80:b0:
         af:2d:11:b6:5b:67:b1:60:34:ff:1b:48:c7:f8:ae:8c:77:f3:
         f5:c9:f9:90:74:9a:cd:7a:64:fd:1f:b1:49:d0:3d:0a:eb:7d:
         66:18:b6:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXiPJtYsMFKkQtYGbOm5eK/Sc1PQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTE5MDAwMDAwWhcNMjQwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZjVmZmEyNDE4NjdkNWRiYjhlZGRlNGY1YTVlNzY4MDdi
ZjhmNDJiYzc2NTM4MmE2MTE4NmYwYzk1ZDBiZTliMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7LrFsA64U/+HAd9Hxw4OInz93mMylNj18PSOMFCCEexLo
MXW5Nl298wCLhTnFvtabBedPj8+JqjSxJQegRI5bemVN9q3WgXQrx1Vqu5NkOEZQ
k20i5M0k0szBcII5Z90aIRgqCyVVF3z+Smd6mgGu+eD2ET6c8Bo/j343LzakR+O0
ZxzEuEHW8gGNviXk1H9Vlhe1HbG8bPR2JmvAWSBvL/T87LWwTHmSRDNfTQ+2wvKV
4EujTW0JJ8scKKoHeRJNdqt68/NVwNHqAj/pk+ZJkI5pDBJlMbFhs8KpBL9EfZ17
VjI3VOeZROKq/02yA3VNTCILiJJkAWpzQ6ZnHEApAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK6XaNIElrxumPhGe32AiTrL3sI4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzZiNzk0MjgxLTJmYmQtNDgwMS1iZDEwLWM3Njg4N2U4YWZkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACp4AGpsH53HZzQcd1wLb1JZJ3TG
M97pr7vGfGR7vy8h/NttDGJmDAbRn7LNmdUT1KkZz7pZFqdPuEeKHd+hnG0aohKH
pZBjwl5DHdf9W3dG2fQnvkm/HGHgQ8FkdUUt6ryeEzcyWHidM1P26jcqt0SJxe07
0+t2i+i4ODLjdWKxaDs09gRBECg7kkH6ZVgJqURy9f+0P+KGvcR3HQXHqIGoeRXy
c2WeOh64JGveSfpYH0p6qSuTa7qjugnl5nxGwPjuGqFM7vVTySBFxpj8+zkSfmBP
wlyAsK8tEbZbZ7FgNP8bSMf4rox38/XJ+ZB0ms16ZP0fsUnQPQrrfWYYtrk=
-----END CERTIFICATE-----