Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/785063bf-4357-4566-bbf2-9586960e87b9.roa
File:                     785063bf-4357-4566-bbf2-9586960e87b9.roa (raw, json)
Hash identifier:          +fRAMCTKtrBgejzRgp98rqXRqgdsd9sgcuCZyGJx74k=
Subject key identifier:   F2:8B:64:1F:01:A8:8D:CD:33:22:DC:95:C4:A6:E0:AD:34:CE:BE:6D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       72A893DCDD368C9A594A4E746B89D97EAF9FEE36
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/785063bf-4357-4566-bbf2-9586960e87b9.roa
Signing time:             Thu 28 Mar 2024 00:00:00 +0000
ROA not before:           Thu 28 Mar 2024 00:00:00 +0000
ROA not after:            Thu 02 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:a8:93:dc:dd:36:8c:9a:59:4a:4e:74:6b:89:d9:7e:af:9f:ee:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 28 00:00:00 2024 GMT
            Not After : May  2 23:59:59 2024 GMT
        Subject: serialNumber=30f51e4b1982dc1f9fb425132abc8cc900e7f31ab98064e74f88849536587606, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ba:4d:c3:e5:da:c6:8a:9a:73:b3:81:f7:19:
                    b6:ef:85:eb:c0:54:04:01:95:8f:78:3a:10:f3:62:
                    df:15:33:33:cd:67:ff:9c:ce:90:0f:f8:8c:93:84:
                    58:1d:32:f2:a8:27:08:08:f0:f3:5e:4d:b2:e5:ee:
                    40:3a:61:d6:3a:ed:06:96:8a:e5:c7:62:df:f2:6a:
                    5f:e7:8e:9a:b3:1f:25:57:78:20:51:60:16:ed:1d:
                    66:05:d8:a6:4f:cd:b3:4d:69:52:54:91:63:37:d4:
                    b1:f0:82:cb:4b:d5:39:bf:db:43:76:ee:54:3e:31:
                    77:60:66:7a:32:77:d2:36:3f:9c:7f:a9:20:bf:8a:
                    cc:bd:86:56:cd:2a:5f:b6:31:a4:94:1c:19:39:92:
                    f1:88:b2:0e:54:75:00:3d:8f:eb:40:1e:95:6e:a3:
                    08:6b:40:78:c8:2f:94:06:75:a0:0f:e0:18:4f:fb:
                    78:87:07:17:06:63:ea:42:58:81:9d:86:8b:90:bf:
                    e8:b1:47:78:db:ed:bb:1c:e8:98:50:95:88:a4:b0:
                    f6:2e:8f:86:97:55:f4:51:a5:be:eb:45:ed:37:72:
                    b2:4d:db:26:47:70:f9:0a:89:d9:db:1f:15:ef:49:
                    a1:97:ce:bf:e8:67:29:38:74:25:ff:c8:96:76:3c:
                    57:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:8B:64:1F:01:A8:8D:CD:33:22:DC:95:C4:A6:E0:AD:34:CE:BE:6D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/785063bf-4357-4566-bbf2-9586960e87b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:03:35:8f:53:9a:a6:2b:f6:d7:f0:71:2c:4e:87:83:8e:d7:
         f7:7a:d0:3b:40:ba:bb:ba:5e:87:91:3e:c7:79:2b:10:6a:2a:
         16:3b:93:d3:77:28:8e:8f:f1:e9:1e:c0:0b:21:11:72:27:ad:
         9c:a1:34:a4:73:77:5c:22:8b:51:9e:90:1c:c7:c6:55:1e:0c:
         78:bb:e7:d2:65:06:1e:d4:5a:8b:d7:69:e1:7f:6e:9f:45:ac:
         7d:b9:c9:e3:02:7f:97:db:c5:23:9e:be:a2:01:f6:d9:2c:7e:
         05:80:1e:8f:e0:42:7e:9b:aa:28:5d:3c:25:d8:7b:e4:9b:c7:
         56:5e:e5:64:18:62:d1:6a:df:c1:d2:6b:c0:21:8a:4a:aa:2d:
         34:1d:67:20:04:8b:bb:c6:13:c9:80:4f:5d:63:48:0a:a2:72:
         06:c4:ea:83:19:bd:b1:b3:db:3c:11:db:72:d6:76:f5:9c:6a:
         78:96:8e:42:83:3c:4a:eb:de:05:72:99:7c:68:dd:5a:20:fd:
         e8:c2:eb:25:2c:ce:e6:d6:bc:17:10:3c:f2:bf:07:1e:44:40:
         51:4c:12:5a:d0:16:be:fa:cf:41:fe:c3:63:1c:65:e2:30:3f:
         c6:ee:c7:e0:af:de:7c:d3:ee:30:3b:ec:be:4f:4a:a7:26:23:
         83:b1:d3:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcqiT3N02jJpZSk50a4nZfq+f7jYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzI4MDAwMDAwWhcNMjQwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMGY1MWU0YjE5ODJkYzFmOWZiNDI1MTMyYWJjOGNjOTAw
ZTdmMzFhYjk4MDY0ZTc0Zjg4ODQ5NTM2NTg3NjA2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTuk3D5drGippzs4H3GbbvhevAVAQBlY94OhDzYt8VMzPN
Z/+czpAP+IyThFgdMvKoJwgI8PNeTbLl7kA6YdY67QaWiuXHYt/yal/njpqzHyVX
eCBRYBbtHWYF2KZPzbNNaVJUkWM31LHwgstL1Tm/20N27lQ+MXdgZnoyd9I2P5x/
qSC/isy9hlbNKl+2MaSUHBk5kvGIsg5UdQA9j+tAHpVuowhrQHjIL5QGdaAP4BhP
+3iHBxcGY+pCWIGdhouQv+ixR3jb7bsc6JhQlYiksPYuj4aXVfRRpb7rRe03crJN
2yZHcPkKidnbHxXvSaGXzr/oZyk4dCX/yJZ2PFfhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8otkHwGojc0zItyVxKbgrTTOvm0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc4NTA2M2JmLTQzNTctNDU2Ni1iYmYyLTk1ODY5NjBlODdiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB0DNY9TmqYr9tfwcSxOh4OO1/d6
0DtAuru6XoeRPsd5KxBqKhY7k9N3KI6P8ekewAshEXInrZyhNKRzd1wii1GekBzH
xlUeDHi759JlBh7UWovXaeF/bp9FrH25yeMCf5fbxSOevqIB9tksfgWAHo/gQn6b
qihdPCXYe+Sbx1Ze5WQYYtFq38HSa8AhikqqLTQdZyAEi7vGE8mAT11jSAqicgbE
6oMZvbGz2zwR23LWdvWcaniWjkKDPErr3gVymXxo3Vog/ejC6yUszubWvBcQPPK/
Bx5EQFFMElrQFr76z0H+w2McZeIwP8bux+Cv3nzT7jA77L5PSqcmI4Ox0yk=
-----END CERTIFICATE-----