Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7a9e11fb-c8c9-47d0-bd69-70b7abf91348.roa
File:                     7a9e11fb-c8c9-47d0-bd69-70b7abf91348.roa (raw, json)
Hash identifier:          vah0UpggcAi+j8hBOL0RtuJfbd/wBsX7KptHaET0iRU=
Subject key identifier:   AD:DF:31:A1:6B:DB:AC:C5:69:D6:9B:9E:E1:43:1E:B9:08:5B:78:6F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3DD0109FAE72E5B1E720BD9DC6611EC0313BF8EC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7a9e11fb-c8c9-47d0-bd69-70b7abf91348.roa
Signing time:             Fri 10 May 2024 00:00:00 +0000
ROA not before:           Fri 10 May 2024 00:00:00 +0000
ROA not after:            Fri 14 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:d0:10:9f:ae:72:e5:b1:e7:20:bd:9d:c6:61:1e:c0:31:3b:f8:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 10 00:00:00 2024 GMT
            Not After : Jun 14 23:59:59 2024 GMT
        Subject: serialNumber=153a6d68bed27a23156ad4118cee6a90479eb05179f88f871b93dd3c37d25ec9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:f2:41:81:13:7f:7c:0d:34:83:99:69:48:1c:
                    b0:7d:5a:1a:ae:c7:44:40:3f:1c:e2:33:da:32:14:
                    43:a7:fe:79:27:10:cb:b5:7e:e0:bf:06:92:c7:0f:
                    01:3c:3e:1c:c9:f9:db:5c:8d:4f:ec:db:a5:ee:d0:
                    97:4d:fd:60:e1:f6:df:cf:98:b1:25:13:9f:a1:85:
                    db:ac:47:8b:df:31:52:00:24:de:25:4f:fb:d0:c8:
                    c8:65:74:58:4b:9d:41:9a:8a:20:af:81:04:90:0c:
                    b6:35:e3:53:27:a7:68:75:b0:6c:b4:a8:f2:d8:b1:
                    c1:96:48:10:89:51:5c:0b:2b:b1:01:25:ec:97:c2:
                    84:4f:26:37:ec:78:6b:4b:da:9d:fe:42:36:80:96:
                    17:a7:30:7f:27:1e:d3:61:a7:25:0e:17:28:0f:48:
                    17:22:16:44:05:9c:99:33:62:c4:5e:1f:62:05:c1:
                    c5:57:8f:0f:1b:b8:37:1c:2d:a8:c7:46:a8:d4:f5:
                    2e:69:49:21:a2:8d:d2:5b:bd:a7:73:f4:a1:3b:7b:
                    cd:bd:5f:81:ab:2d:19:fb:fe:48:7f:c8:df:68:f4:
                    c0:e7:94:9f:71:a9:c2:27:b4:e6:b0:8b:e5:b8:fd:
                    03:3e:d5:5c:33:a6:a2:11:e8:9a:a0:b3:8f:a3:ac:
                    c0:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:DF:31:A1:6B:DB:AC:C5:69:D6:9B:9E:E1:43:1E:B9:08:5B:78:6F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7a9e11fb-c8c9-47d0-bd69-70b7abf91348.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:25:89:0b:d9:13:0d:6b:43:94:5c:a9:75:2f:3c:e5:73:0f:
         ca:66:d3:c3:88:e0:be:fb:d8:94:fb:74:5b:08:6c:f4:a1:cd:
         91:0c:af:d6:1d:86:e8:6a:0f:21:ef:a9:f1:36:14:2f:96:a7:
         df:38:ff:31:b5:3f:1a:12:b1:69:32:ba:54:66:0d:7d:1d:f8:
         7c:ee:50:fa:ba:f1:f6:c0:b0:ab:84:74:a4:1c:4f:00:85:96:
         a6:85:d4:0c:ea:ca:15:b7:6c:7e:e7:3d:2a:78:f9:61:08:bc:
         98:2f:99:84:ae:0f:ad:22:a8:1f:f2:db:70:6c:a7:8e:7d:b3:
         73:99:12:0b:88:b9:ca:6c:e2:16:00:ca:91:bc:fd:fc:16:73:
         c4:5b:2b:07:03:4e:3e:0f:39:8a:86:9c:03:dd:7f:2d:66:b1:
         46:98:59:5c:fb:da:6c:32:6e:ce:4d:71:54:f9:af:05:02:49:
         2b:ae:05:04:8a:ee:08:a1:80:7c:3d:0f:eb:03:3b:fd:8a:91:
         52:34:0b:d9:80:42:90:ea:0d:ae:4f:b9:1e:60:b8:86:2c:3e:
         22:d3:a2:78:71:28:c7:7a:85:a3:7c:31:bd:b1:92:51:67:6a:
         03:7e:d2:30:24:b0:50:3b:15:7c:28:3a:15:51:53:d1:b6:bc:
         95:8b:bb:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPdAQn65y5bHnIL2dxmEewDE7+OwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTEwMDAwMDAwWhcNMjQwNjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTNhNmQ2OGJlZDI3YTIzMTU2YWQ0MTE4Y2VlNmE5MDQ3
OWViMDUxNzlmODhmODcxYjkzZGQzYzM3ZDI1ZWM5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDt8kGBE398DTSDmWlIHLB9Whqux0RAPxziM9oyFEOn/nkn
EMu1fuC/BpLHDwE8PhzJ+dtcjU/s26Xu0JdN/WDh9t/PmLElE5+hhdusR4vfMVIA
JN4lT/vQyMhldFhLnUGaiiCvgQSQDLY141Mnp2h1sGy0qPLYscGWSBCJUVwLK7EB
JeyXwoRPJjfseGtL2p3+QjaAlhenMH8nHtNhpyUOFygPSBciFkQFnJkzYsReH2IF
wcVXjw8buDccLajHRqjU9S5pSSGijdJbvadz9KE7e829X4GrLRn7/kh/yN9o9MDn
lJ9xqcIntOawi+W4/QM+1VwzpqIR6Jqgs4+jrMDDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrd8xoWvbrMVp1pue4UMeuQhbeG8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdhOWUxMWZiLWM4YzktNDdkMC1iZDY5LTcwYjdhYmY5MTM0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHAliQvZEw1rQ5RcqXUvPOVzD8pm
08OI4L772JT7dFsIbPShzZEMr9YdhuhqDyHvqfE2FC+Wp984/zG1PxoSsWkyulRm
DX0d+HzuUPq68fbAsKuEdKQcTwCFlqaF1AzqyhW3bH7nPSp4+WEIvJgvmYSuD60i
qB/y23Bsp459s3OZEguIucps4hYAypG8/fwWc8RbKwcDTj4POYqGnAPdfy1msUaY
WVz72mwybs5NcVT5rwUCSSuuBQSK7gihgHw9D+sDO/2KkVI0C9mAQpDqDa5PuR5g
uIYsPiLTonhxKMd6haN8Mb2xklFnagN+0jAksFA7FXwoOhVRU9G2vJWLu6E=
-----END CERTIFICATE-----