Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/707e68a4-3f9e-402e-a502-c1e6b366e02c.roa
File:                     707e68a4-3f9e-402e-a502-c1e6b366e02c.roa (raw, json)
Hash identifier:          TplH0NiAcsMwCHdJCFY8saAV8sH4wdQMQG8p6qPrCzc=
Subject key identifier:   5A:3E:41:A1:89:A4:B2:3C:62:99:E8:3E:67:1C:2F:91:A4:AA:D4:75
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2FAF57B4E267E7F3E49486936CAB3E92D35CCEDA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/707e68a4-3f9e-402e-a502-c1e6b366e02c.roa
Signing time:             Thu 11 Apr 2024 00:00:00 +0000
ROA not before:           Thu 11 Apr 2024 00:00:00 +0000
ROA not after:            Thu 16 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:af:57:b4:e2:67:e7:f3:e4:94:86:93:6c:ab:3e:92:d3:5c:ce:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 11 00:00:00 2024 GMT
            Not After : May 16 23:59:59 2024 GMT
        Subject: serialNumber=f6c2f211bea081c308ff058c654e543646c224ba8808dfe71447954f467e8441, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7b:cc:3a:bb:df:b6:91:4c:6e:ab:23:fc:d4:
                    35:58:93:5f:00:aa:20:6c:5e:8c:e8:5b:66:30:dc:
                    ff:dd:b5:26:42:65:b7:09:b1:c7:cf:8c:26:f5:38:
                    b1:bf:36:0c:f6:3b:73:01:2a:9d:f6:70:59:53:95:
                    0a:2e:7b:a2:49:09:04:b8:a7:a2:21:1c:ed:14:e6:
                    ea:58:50:03:d7:a0:bf:f9:a1:b1:f1:b6:7d:78:ff:
                    89:89:9d:11:a0:fb:90:c3:63:0f:b0:8d:b2:f1:10:
                    79:14:14:8e:7e:2e:06:1e:ae:3e:58:a7:e5:92:ca:
                    6a:21:29:56:7d:4f:bf:fe:0c:d4:2a:24:2b:d9:9b:
                    78:ac:ba:e7:4e:17:30:ac:46:57:27:b0:2c:16:cf:
                    a7:15:ce:54:df:77:7a:b7:bd:7c:50:61:15:6b:cc:
                    4c:71:53:63:f0:c1:6d:d2:24:7b:bf:03:74:a4:44:
                    a6:f5:a0:6d:c5:e0:3a:e1:cc:85:dd:dc:7f:28:1c:
                    bb:fd:9f:8c:cd:3f:ca:c2:91:5f:78:88:ce:f3:f9:
                    5b:64:39:c8:8a:3a:84:d3:17:10:e3:8c:95:10:b2:
                    f1:94:e7:4c:ba:6e:e7:ca:3f:17:57:25:e4:18:a0:
                    57:62:a9:b3:08:c4:54:c5:a6:5b:82:7f:d6:38:d0:
                    7d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:3E:41:A1:89:A4:B2:3C:62:99:E8:3E:67:1C:2F:91:A4:AA:D4:75
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/707e68a4-3f9e-402e-a502-c1e6b366e02c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:d3:b6:e2:9d:53:ee:39:63:cc:38:85:49:20:90:4b:36:cc:
         0c:b8:25:d1:4b:fc:32:13:26:ba:c3:5f:27:7d:62:f3:18:a4:
         e7:43:6b:1f:a1:10:97:3a:2b:3e:42:cd:9e:ea:66:15:76:61:
         c7:01:08:53:c3:57:ac:49:35:3d:df:52:91:aa:d7:58:bc:dc:
         fb:a0:8d:89:82:f4:2e:65:ad:0e:11:db:61:c7:bc:ae:6e:00:
         42:cf:a1:e9:8b:a7:31:11:02:b7:d1:84:92:08:fe:ec:92:4e:
         4b:f1:4e:4d:9d:62:02:b3:42:dc:b8:a9:35:b8:d1:9d:fe:aa:
         d8:39:c5:e7:ea:ef:43:a8:a2:27:00:39:cb:2e:61:e3:98:b1:
         aa:bb:c3:21:22:0d:f2:fc:32:ef:fd:a6:74:b4:cb:9b:f1:85:
         70:98:59:cb:07:a5:d1:c5:15:9d:1f:97:12:4a:6c:38:7c:fc:
         37:33:3e:f7:aa:db:26:7d:92:44:a7:86:74:a0:16:cf:b4:65:
         e3:89:7a:d3:00:09:3f:76:ca:db:9e:92:a8:a3:90:11:63:e5:
         75:fe:c1:81:17:49:2f:eb:19:b8:71:36:e6:1b:cb:0f:60:5d:
         fa:d8:bc:c2:3d:50:df:7e:d5:3a:af:f2:0f:67:c7:41:26:b3:
         0e:f8:15:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL69XtOJn5/PklIaTbKs+ktNcztowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDExMDAwMDAwWhcNMjQwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNmMyZjIxMWJlYTA4MWMzMDhmZjA1OGM2NTRlNTQzNjQ2
YzIyNGJhODgwOGRmZTcxNDQ3OTU0ZjQ2N2U4NDQxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYe8w6u9+2kUxuqyP81DVYk18AqiBsXozoW2Yw3P/dtSZC
ZbcJscfPjCb1OLG/Ngz2O3MBKp32cFlTlQoue6JJCQS4p6IhHO0U5upYUAPXoL/5
obHxtn14/4mJnRGg+5DDYw+wjbLxEHkUFI5+LgYerj5Yp+WSymohKVZ9T7/+DNQq
JCvZm3isuudOFzCsRlcnsCwWz6cVzlTfd3q3vXxQYRVrzExxU2PwwW3SJHu/A3Sk
RKb1oG3F4DrhzIXd3H8oHLv9n4zNP8rCkV94iM7z+VtkOciKOoTTFxDjjJUQsvGU
50y6bufKPxdXJeQYoFdiqbMIxFTFpluCf9Y40H3VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWj5BoYmksjximeg+ZxwvkaSq1HUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcwN2U2OGE0LTNmOWUtNDAyZS1hNTAyLWMxZTZiMzY2ZTAyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB3TtuKdU+45Y8w4hUkgkEs2zAy4
JdFL/DITJrrDXyd9YvMYpOdDax+hEJc6Kz5CzZ7qZhV2YccBCFPDV6xJNT3fUpGq
11i83PugjYmC9C5lrQ4R22HHvK5uAELPoemLpzERArfRhJII/uySTkvxTk2dYgKz
Qty4qTW40Z3+qtg5xefq70OooicAOcsuYeOYsaq7wyEiDfL8Mu/9pnS0y5vxhXCY
WcsHpdHFFZ0flxJKbDh8/DczPveq2yZ9kkSnhnSgFs+0ZeOJetMACT92ytuekqij
kBFj5XX+wYEXSS/rGbhxNuYbyw9gXfrYvMI9UN9+1Tqv8g9nx0Emsw74FYI=
-----END CERTIFICATE-----