Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/820fa170-e41a-4875-b1be-eb7db88a27f9.roa
File:                     820fa170-e41a-4875-b1be-eb7db88a27f9.roa (raw, json)
Hash identifier:          2rc0awVmTNj9gTy9sZRSAr5tE6VPPniShfO1ehcvasE=
Subject key identifier:   2A:EA:DE:51:2A:98:39:62:AC:0C:69:97:7B:A4:D2:39:59:41:99:37
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       02B819F9ECA97D6735413A7CA8494A8B14BB23C0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/820fa170-e41a-4875-b1be-eb7db88a27f9.roa
Signing time:             Sat 02 Mar 2024 00:00:00 +0000
ROA not before:           Sat 02 Mar 2024 00:00:00 +0000
ROA not after:            Sat 06 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:b8:19:f9:ec:a9:7d:67:35:41:3a:7c:a8:49:4a:8b:14:bb:23:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  2 00:00:00 2024 GMT
            Not After : Apr  6 23:59:59 2024 GMT
        Subject: serialNumber=72aab47cb219d0a2ba4e9410c70f2e4f9a2d050667e5b499f2a7eeb19a211096, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b4:b8:d3:8c:43:8c:28:50:98:11:58:1b:dd:
                    b2:16:b3:00:48:c4:95:71:16:e2:5e:24:89:bf:00:
                    83:2d:b3:db:9d:fb:62:57:dd:91:1a:27:05:e7:d7:
                    a9:46:29:f2:48:04:43:02:0b:1b:ad:ec:b0:24:5c:
                    48:b3:8d:42:9d:c2:07:d7:6b:e7:73:81:75:86:cf:
                    ee:2b:7c:80:44:bc:36:cc:e5:cc:58:08:42:00:c8:
                    be:0e:8a:67:da:c6:ec:2f:6e:16:6a:ab:a2:e2:e7:
                    16:5f:d4:d6:45:d0:65:76:65:f9:4e:1c:ca:9d:96:
                    32:8c:2f:cd:98:53:18:4d:03:fb:d4:26:f4:c6:e7:
                    14:ab:58:9f:1b:b4:11:01:e8:d7:81:32:cc:eb:7e:
                    f2:34:a5:70:ff:92:c0:ab:1a:d1:e1:fc:fa:33:34:
                    00:f6:f9:f7:12:80:4a:4d:97:39:ba:8f:f4:ab:fe:
                    10:76:f0:50:99:6b:09:83:c5:40:28:e0:54:5e:b9:
                    86:32:20:ac:50:cd:d0:84:fd:21:90:6d:6b:e5:76:
                    b5:f0:23:ef:f9:57:47:64:d6:7d:ef:28:48:9f:3f:
                    59:cc:56:39:3c:e2:95:d4:5b:a5:1f:61:bc:40:83:
                    ff:05:0e:71:60:42:00:a3:77:01:be:2c:80:bb:5b:
                    34:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:EA:DE:51:2A:98:39:62:AC:0C:69:97:7B:A4:D2:39:59:41:99:37
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/820fa170-e41a-4875-b1be-eb7db88a27f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:91:6e:94:67:b1:5e:8f:4e:f8:de:98:a8:69:28:78:27:c2:
         09:16:14:e4:1a:1a:ac:c7:91:90:7b:44:58:a3:d4:9a:85:b8:
         21:62:1a:18:d3:42:1c:68:a3:51:7f:b3:2e:de:46:72:b9:aa:
         76:72:c1:16:db:42:52:22:80:d8:77:45:d8:11:3a:4a:56:1a:
         40:a8:d1:89:c7:fe:b6:7e:7c:2c:12:45:d8:31:9b:e1:e7:0a:
         6c:fa:5a:5d:5c:a4:20:90:c7:eb:54:4d:3c:a8:69:0e:72:b5:
         78:c0:99:85:64:a2:ac:ee:c7:09:43:d0:c9:23:35:6e:a1:d2:
         06:e2:e6:22:96:96:e9:eb:33:36:70:a5:fd:2c:2d:e1:82:1f:
         fc:4b:e5:d6:73:dd:88:13:55:41:6e:6f:49:ee:16:dc:1b:28:
         67:2f:2e:53:dd:ed:5f:7c:ed:c7:e5:3c:9a:52:0a:60:41:7c:
         ea:fb:1f:17:11:c7:01:13:23:dc:4e:7d:74:bf:d4:99:ed:82:
         f1:33:0f:15:b9:fa:30:bb:2a:df:82:d0:88:de:3a:c2:a9:2e:
         0d:50:e9:00:42:96:65:d2:80:80:0c:e4:f3:e5:f7:1c:69:05:
         2e:9a:8d:f3:dd:6b:74:09:3b:5a:26:9f:78:3f:38:d9:05:6c:
         54:21:6d:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUArgZ+eypfWc1QTp8qElKixS7I8AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzAyMDAwMDAwWhcNMjQwNDA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MmFhYjQ3Y2IyMTlkMGEyYmE0ZTk0MTBjNzBmMmU0Zjlh
MmQwNTA2NjdlNWI0OTlmMmE3ZWViMTlhMjExMDk2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCutLjTjEOMKFCYEVgb3bIWswBIxJVxFuJeJIm/AIMts9ud
+2JX3ZEaJwXn16lGKfJIBEMCCxut7LAkXEizjUKdwgfXa+dzgXWGz+4rfIBEvDbM
5cxYCEIAyL4OimfaxuwvbhZqq6Li5xZf1NZF0GV2ZflOHMqdljKML82YUxhNA/vU
JvTG5xSrWJ8btBEB6NeBMszrfvI0pXD/ksCrGtHh/PozNAD2+fcSgEpNlzm6j/Sr
/hB28FCZawmDxUAo4FReuYYyIKxQzdCE/SGQbWvldrXwI+/5V0dk1n3vKEifP1nM
Vjk84pXUW6UfYbxAg/8FDnFgQgCjdwG+LIC7WzRNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKureUSqYOWKsDGmXe6TSOVlBmTcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgyMGZhMTcwLWU0MWEtNDg3NS1iMWJlLWViN2RiODhhMjdmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABKRbpRnsV6PTvjemKhpKHgnwgkW
FOQaGqzHkZB7RFij1JqFuCFiGhjTQhxoo1F/sy7eRnK5qnZywRbbQlIigNh3RdgR
OkpWGkCo0YnH/rZ+fCwSRdgxm+HnCmz6Wl1cpCCQx+tUTTyoaQ5ytXjAmYVkoqzu
xwlD0MkjNW6h0gbi5iKWlunrMzZwpf0sLeGCH/xL5dZz3YgTVUFub0nuFtwbKGcv
LlPd7V987cflPJpSCmBBfOr7HxcRxwETI9xOfXS/1JntgvEzDxW5+jC7Kt+C0Ije
OsKpLg1Q6QBClmXSgIAM5PPl9xxpBS6ajfPda3QJO1omn3g/ONkFbFQhbU4=
-----END CERTIFICATE-----