Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/70b04ec5-3179-4c8c-a73d-20556d2b9d15.roa
File:                     70b04ec5-3179-4c8c-a73d-20556d2b9d15.roa (raw, json)
Hash identifier:          VHESxG1rUMq6ZF4N0ynXkjjf1q1/65bo89K40aMQ2kY=
Subject key identifier:   D1:AA:B4:0F:23:57:9E:93:11:F3:BE:22:95:17:81:45:E3:AE:84:7C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4DB824F7D562AD6BFD9B3328737452D4B43D5336
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/70b04ec5-3179-4c8c-a73d-20556d2b9d15.roa
Signing time:             Sun 18 Aug 2024 00:00:00 +0000
ROA not before:           Sun 18 Aug 2024 00:00:00 +0000
ROA not after:            Sun 22 Sep 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:b8:24:f7:d5:62:ad:6b:fd:9b:33:28:73:74:52:d4:b4:3d:53:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 18 00:00:00 2024 GMT
            Not After : Sep 22 23:59:59 2024 GMT
        Subject: serialNumber=94e4bdb13590f3459ddeeddd7b03d78c8aedccf8d3bb01605d9d21aa7858156a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:03:42:d5:af:6c:1a:4d:ef:f0:f3:2e:c0:7e:
                    5a:bf:12:a8:06:8a:2e:09:69:1f:5a:96:e6:9c:10:
                    6d:6c:71:96:d9:f7:4b:f2:83:70:b4:9f:f3:9c:fb:
                    e4:74:9d:04:f8:cb:14:c7:50:84:45:ad:8c:1c:a7:
                    38:46:0c:4e:a5:6b:66:f1:93:28:4c:a6:1e:6e:18:
                    bc:77:76:31:8a:a0:cb:92:f6:77:41:e8:15:67:47:
                    5e:be:70:16:66:1e:ad:cc:54:99:68:80:f1:8a:a2:
                    a7:42:25:95:27:5d:89:39:18:f2:20:b6:aa:23:4d:
                    28:f6:bc:e3:21:eb:9d:55:77:7c:33:6d:89:2d:03:
                    89:c8:a7:81:5c:61:1c:7f:32:11:eb:3c:5f:c6:d9:
                    e5:10:e5:06:47:f2:74:27:cb:93:a0:8c:47:83:5d:
                    9c:1e:5e:24:e5:43:44:ff:25:1f:5b:46:f1:25:9e:
                    c6:ca:6c:97:18:df:61:2f:da:c6:90:69:46:3e:09:
                    ac:fc:55:cc:a8:6c:dc:14:e1:51:f1:3f:03:15:61:
                    37:c7:1a:db:ec:4e:98:41:d5:81:58:5b:6a:89:d3:
                    76:e0:14:e8:31:24:7f:b0:07:e6:7c:e2:b9:63:bb:
                    83:59:1b:48:a5:7e:03:21:ce:ff:11:db:20:f1:6f:
                    d2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:AA:B4:0F:23:57:9E:93:11:F3:BE:22:95:17:81:45:E3:AE:84:7C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/70b04ec5-3179-4c8c-a73d-20556d2b9d15.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:9d:38:7b:c4:bf:37:73:33:9d:b8:cc:7f:44:a6:16:2a:69:
         c2:34:95:d8:49:9c:92:4b:b5:a8:45:c4:db:83:7c:87:1f:13:
         fb:59:c5:aa:82:0b:45:45:a5:34:cc:d3:da:8d:95:e0:c2:98:
         7d:06:72:ba:d8:9b:ba:40:52:86:f1:06:e3:ba:35:87:92:5f:
         4c:ca:49:7b:fd:ae:f9:7f:4a:d9:6c:53:ee:2a:8d:50:49:32:
         18:5c:b0:f1:38:ae:01:8f:a7:bf:b5:52:25:47:be:de:e1:6f:
         d7:da:49:55:09:d5:a6:69:57:b7:8e:be:c9:51:43:73:b3:6c:
         36:d8:ff:33:5c:67:38:86:90:bf:1b:7e:14:81:20:1a:66:d0:
         2f:bc:45:a4:82:53:98:cc:b0:36:97:e1:0e:8a:0b:fb:f2:1c:
         a1:77:e6:73:59:bc:58:37:14:9d:2e:56:64:c3:06:c7:ab:f6:
         49:e4:14:72:8a:8e:78:4e:8d:2f:90:d5:9e:95:eb:00:db:1b:
         2b:a8:27:2a:af:02:37:d5:cc:ec:13:d3:88:70:5a:b9:ad:80:
         11:76:3b:17:86:6f:91:ee:54:dc:bf:d6:6f:da:49:49:b8:4d:
         d4:9d:6d:29:85:e1:e2:ec:a4:a6:9e:99:43:48:df:fd:17:32:
         91:5c:db:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTbgk99VirWv9mzMoc3RS1LQ9UzYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODE4MDAwMDAwWhcNMjQwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NGU0YmRiMTM1OTBmMzQ1OWRkZWVkZGQ3YjAzZDc4Yzhh
ZWRjY2Y4ZDNiYjAxNjA1ZDlkMjFhYTc4NTgxNTZhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyA0LVr2waTe/w8y7Aflq/EqgGii4JaR9aluacEG1scZbZ
90vyg3C0n/Oc++R0nQT4yxTHUIRFrYwcpzhGDE6la2bxkyhMph5uGLx3djGKoMuS
9ndB6BVnR16+cBZmHq3MVJlogPGKoqdCJZUnXYk5GPIgtqojTSj2vOMh651Vd3wz
bYktA4nIp4FcYRx/MhHrPF/G2eUQ5QZH8nQny5OgjEeDXZweXiTlQ0T/JR9bRvEl
nsbKbJcY32Ev2saQaUY+Caz8VcyobNwU4VHxPwMVYTfHGtvsTphB1YFYW2qJ03bg
FOgxJH+wB+Z84rlju4NZG0ilfgMhzv8R2yDxb9LNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0aq0DyNXnpMR874ilReBReOuhHwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcwYjA0ZWM1LTMxNzktNGM4Yy1hNzNkLTIwNTU2ZDJiOWQxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI+dOHvEvzdzM524zH9EphYqacI0
ldhJnJJLtahFxNuDfIcfE/tZxaqCC0VFpTTM09qNleDCmH0GcrrYm7pAUobxBuO6
NYeSX0zKSXv9rvl/StlsU+4qjVBJMhhcsPE4rgGPp7+1UiVHvt7hb9faSVUJ1aZp
V7eOvslRQ3OzbDbY/zNcZziGkL8bfhSBIBpm0C+8RaSCU5jMsDaX4Q6KC/vyHKF3
5nNZvFg3FJ0uVmTDBser9knkFHKKjnhOjS+Q1Z6V6wDbGyuoJyqvAjfVzOwT04hw
WrmtgBF2OxeGb5HuVNy/1m/aSUm4TdSdbSmF4eLspKaemUNI3/0XMpFc298=
-----END CERTIFICATE-----