Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d5d1759-e515-4eb6-b4a0-548141a19cca.roa
File:                     7d5d1759-e515-4eb6-b4a0-548141a19cca.roa (raw, json)
Hash identifier:          YSYwS6XnVuRUQEwfsammWPB9vUM9glIKrysGn0TWD4U=
Subject key identifier:   B0:C3:90:88:82:62:23:A4:E6:74:D5:8E:EB:DD:2A:5B:51:4D:2E:BB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0B18FA1AF1B5045ECC3F805925E1F3731C03A7B6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d5d1759-e515-4eb6-b4a0-548141a19cca.roa
Signing time:             Thu 07 Nov 2024 00:00:00 +0000
ROA not before:           Thu 07 Nov 2024 00:00:00 +0000
ROA not after:            Thu 12 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:18:fa:1a:f1:b5:04:5e:cc:3f:80:59:25:e1:f3:73:1c:03:a7:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  7 00:00:00 2024 GMT
            Not After : Dec 12 23:59:59 2024 GMT
        Subject: serialNumber=5abdd9a8d4c6252a18350e6d95ee534c394397aa8c8f64221afe736fbbd6cc68, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:cd:ba:b3:ff:25:da:67:a3:70:ed:d2:8e:13:
                    35:e6:61:5e:78:be:db:ad:07:39:0f:9e:84:07:d5:
                    66:b9:39:70:5f:12:94:bc:fe:2c:5a:24:40:a7:ab:
                    6b:c6:fb:79:63:4d:a4:b1:60:e3:c2:e5:08:2e:4c:
                    54:ad:6c:bb:c2:6c:15:47:ad:ec:86:52:85:d9:d3:
                    d9:f8:5f:a2:be:e2:b4:53:bc:f6:af:7b:8c:6a:ae:
                    99:18:c2:2f:41:7c:b3:cd:96:54:86:9d:e4:2f:f8:
                    1c:82:9b:0a:d9:f1:6e:e9:26:0b:9a:26:22:a2:fe:
                    e4:61:2c:44:4c:47:10:78:e3:bb:4d:35:af:4c:05:
                    42:3f:86:dd:a3:ab:57:5c:85:0c:ad:2e:cb:7e:59:
                    30:83:10:14:46:d4:b6:bb:77:9c:c4:79:fe:03:4f:
                    96:9d:01:36:12:e5:b5:27:6d:f9:39:c1:24:84:52:
                    cd:b9:2e:24:00:3e:cc:b6:4e:3a:d4:d4:da:61:7b:
                    36:a0:1e:c0:bb:27:ce:91:2c:90:9c:69:4f:81:18:
                    97:46:82:e6:06:a8:a6:07:b4:67:f0:47:65:8b:88:
                    60:c8:e0:87:83:bd:0d:99:37:0c:34:24:7e:26:2c:
                    17:3f:71:07:bf:76:7a:4e:c9:21:df:f6:fd:83:b4:
                    e4:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C3:90:88:82:62:23:A4:E6:74:D5:8E:EB:DD:2A:5B:51:4D:2E:BB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7d5d1759-e515-4eb6-b4a0-548141a19cca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:27:36:cc:88:05:f4:4c:6b:b2:28:7a:55:cc:f4:db:b5:ba:
         a4:bc:63:68:5b:2a:98:02:8c:66:02:9e:70:4f:76:87:4b:b7:
         64:c6:68:50:29:de:d3:ca:32:f4:d9:96:85:4b:25:4e:47:3c:
         72:af:31:4f:1d:3f:8b:90:a8:3f:b5:0e:d0:32:db:e0:e8:1f:
         cd:63:a6:96:01:96:de:6d:39:7b:e2:e3:5e:2d:db:c0:7b:e2:
         3e:19:71:1d:3f:cc:fc:d3:e0:7f:02:6e:99:ae:88:6b:28:2e:
         fd:fd:2c:e1:aa:32:51:48:b6:2b:d7:7d:6a:bc:9a:ff:0d:63:
         20:2a:03:fc:d5:7e:83:9f:86:75:da:90:7c:fe:35:53:57:4e:
         f5:b3:1a:b2:79:0b:a1:1b:d9:9e:80:05:eb:68:7b:4a:5b:e1:
         3a:d2:8d:76:65:62:f5:06:da:a1:b2:c7:f1:77:e3:ab:19:81:
         f2:89:75:73:ed:1c:88:6c:ef:80:9d:96:db:dd:54:b0:d0:fe:
         07:2e:71:fb:c0:1e:43:03:ed:0b:e5:0a:16:a5:1f:ee:de:c2:
         15:c6:aa:bc:b4:47:eb:cb:06:44:d4:d7:32:a9:fb:d4:9b:76:
         69:5e:02:d2:ca:13:ae:9b:df:36:6e:c2:51:8b:99:02:62:ec:
         d4:89:f5:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCxj6GvG1BF7MP4BZJeHzcxwDp7YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTA3MDAwMDAwWhcNMjQxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YWJkZDlhOGQ0YzYyNTJhMTgzNTBlNmQ5NWVlNTM0YzM5
NDM5N2FhOGM4ZjY0MjIxYWZlNzM2ZmJiZDZjYzY4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDizbqz/yXaZ6Nw7dKOEzXmYV54vtutBzkPnoQH1Wa5OXBf
EpS8/ixaJECnq2vG+3ljTaSxYOPC5QguTFStbLvCbBVHreyGUoXZ09n4X6K+4rRT
vPave4xqrpkYwi9BfLPNllSGneQv+ByCmwrZ8W7pJguaJiKi/uRhLERMRxB447tN
Na9MBUI/ht2jq1dchQytLst+WTCDEBRG1La7d5zEef4DT5adATYS5bUnbfk5wSSE
Us25LiQAPsy2TjrU1NphezagHsC7J86RLJCcaU+BGJdGguYGqKYHtGfwR2WLiGDI
4IeDvQ2ZNww0JH4mLBc/cQe/dnpOySHf9v2DtOR/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsMOQiIJiI6TmdNWO690qW1FNLrswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdkNWQxNzU5LWU1MTUtNGViNi1iNGEwLTU0ODE0MWExOWNjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADsnNsyIBfRMa7IoelXM9Nu1uqS8
Y2hbKpgCjGYCnnBPdodLt2TGaFAp3tPKMvTZloVLJU5HPHKvMU8dP4uQqD+1DtAy
2+DoH81jppYBlt5tOXvi414t28B74j4ZcR0/zPzT4H8CbpmuiGsoLv39LOGqMlFI
tivXfWq8mv8NYyAqA/zVfoOfhnXakHz+NVNXTvWzGrJ5C6Eb2Z6ABetoe0pb4TrS
jXZlYvUG2qGyx/F346sZgfKJdXPtHIhs74CdltvdVLDQ/gcucfvAHkMD7QvlChal
H+7ewhXGqry0R+vLBkTU1zKp+9SbdmleAtLKE66b3zZuwlGLmQJi7NSJ9Rg=
-----END CERTIFICATE-----