Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/83105419-88c3-48a4-8b60-69f933eeee7f.roa
File:                     83105419-88c3-48a4-8b60-69f933eeee7f.roa (raw, json)
Hash identifier:          ww59lmtiFuTK2hk3cgfW1sJrA75cr2+95WERdwfPolo=
Subject key identifier:   E1:3E:B3:5E:16:AA:03:7B:30:D9:39:1C:FE:1F:11:B2:FD:62:CD:C6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1B89D97358050E4A6A1DF1DC735328F3AE01EBC9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/83105419-88c3-48a4-8b60-69f933eeee7f.roa
Signing time:             Thu 18 Jul 2024 00:00:00 +0000
ROA not before:           Thu 18 Jul 2024 00:00:00 +0000
ROA not after:            Thu 22 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:89:d9:73:58:05:0e:4a:6a:1d:f1:dc:73:53:28:f3:ae:01:eb:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 18 00:00:00 2024 GMT
            Not After : Aug 22 23:59:59 2024 GMT
        Subject: serialNumber=0b0ffd6b57b45f76dcfb1d669a15465a1618d83c5d778ea3e2432c96e432377a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e2:fb:ed:22:71:08:f2:6c:e1:9f:c7:ec:72:
                    c6:7e:9e:1f:be:c5:44:f9:2d:e2:68:ec:a2:08:dd:
                    28:33:0d:1c:55:87:70:81:00:04:d2:cd:ef:11:0f:
                    c4:61:53:9c:30:35:48:f1:c3:80:60:30:9b:cc:38:
                    e4:2c:da:90:57:06:59:4e:f2:77:9d:d7:29:51:f2:
                    8c:db:80:73:ec:7b:7d:c5:92:df:4d:92:b0:44:02:
                    2b:c5:31:cb:bc:36:d1:2c:aa:0b:16:a1:8b:14:6b:
                    a4:80:7b:d7:7a:a2:c2:e6:79:ca:2b:b6:d8:a6:cb:
                    f6:aa:ef:2d:1e:b4:ce:2c:33:2b:2f:a3:e7:bb:5a:
                    ac:53:a6:f3:b7:8f:99:b5:7a:57:4d:c2:14:3b:dc:
                    37:be:1a:05:f1:c0:63:08:8b:99:43:fd:e6:69:ac:
                    4b:41:10:d3:1d:72:99:9f:cc:37:64:e7:a6:32:e9:
                    7c:96:72:4d:33:55:f8:88:bd:f1:d4:d4:79:db:0c:
                    28:15:34:ba:2b:b6:d1:ca:99:3b:02:e1:28:8b:5c:
                    f0:21:d6:3d:61:02:07:e6:cf:02:71:05:2c:a1:bf:
                    77:0b:a3:42:cc:ea:cb:e8:88:95:b7:c1:e5:b7:1b:
                    3a:d0:0c:7b:0e:f8:a9:6b:97:af:54:a8:2c:c3:1c:
                    a1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:3E:B3:5E:16:AA:03:7B:30:D9:39:1C:FE:1F:11:B2:FD:62:CD:C6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/83105419-88c3-48a4-8b60-69f933eeee7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:6f:12:84:76:71:98:91:c0:66:94:68:02:8d:aa:99:0d:d2:
         0a:46:cb:17:43:f7:29:eb:a5:81:87:a8:cb:a5:72:19:52:d0:
         25:6a:69:73:dc:e9:3f:e5:90:fd:6a:76:d8:1b:a1:fe:d5:17:
         9a:01:4a:7c:2b:51:8a:0e:0c:32:21:09:bc:ea:13:b7:24:88:
         35:11:5a:e7:79:ad:82:96:54:b0:d5:6c:91:10:6b:37:ca:93:
         b0:3e:a8:2e:a3:83:c0:d5:ec:78:f1:12:21:3c:a4:52:17:ed:
         a9:5f:0a:f3:59:bf:0e:4a:ba:a6:7a:59:76:4b:2a:df:25:f4:
         30:0b:7f:8b:30:1b:4b:9b:f9:fb:d7:0a:5c:88:bb:8a:3a:29:
         26:ba:65:c4:75:65:ae:2d:d8:e6:20:0e:e7:f4:38:d8:43:6a:
         cd:91:84:5a:75:be:35:5e:e2:02:fd:04:b6:6a:a8:c3:b2:71:
         2c:31:d5:c9:80:0a:12:ad:03:14:80:97:2e:3b:9f:76:c2:72:
         a7:e8:22:d3:f0:eb:bb:22:71:cd:18:7f:10:22:9f:fb:8b:95:
         5c:cc:44:fb:16:7f:b3:cf:87:fc:33:86:2c:2c:58:24:75:82:
         d7:de:31:f0:c8:ef:c9:5f:06:0d:bf:fd:67:62:6c:47:0e:7c:
         87:cc:4a:5b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG4nZc1gFDkpqHfHcc1Mo864B68kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE4MDAwMDAwWhcNMjQwODIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjBmZmQ2YjU3YjQ1Zjc2ZGNmYjFkNjY5YTE1NDY1YTE2
MThkODNjNWQ3NzhlYTNlMjQzMmM5NmU0MzIzNzdhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCi4vvtInEI8mzhn8fscsZ+nh++xUT5LeJo7KII3SgzDRxV
h3CBAATSze8RD8RhU5wwNUjxw4BgMJvMOOQs2pBXBllO8ned1ylR8ozbgHPse33F
kt9NkrBEAivFMcu8NtEsqgsWoYsUa6SAe9d6osLmecorttimy/aq7y0etM4sMysv
o+e7WqxTpvO3j5m1eldNwhQ73De+GgXxwGMIi5lD/eZprEtBENMdcpmfzDdk56Yy
6XyWck0zVfiIvfHU1HnbDCgVNLorttHKmTsC4SiLXPAh1j1hAgfmzwJxBSyhv3cL
o0LM6svoiJW3weW3GzrQDHsO+Klrl69UqCzDHKERAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4T6zXhaqA3sw2Tkc/h8Rsv1izcYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgzMTA1NDE5LTg4YzMtNDhhNC04YjYwLTY5ZjkzM2VlZWU3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAENvEoR2cZiRwGaUaAKNqpkN0gpG
yxdD9ynrpYGHqMulchlS0CVqaXPc6T/lkP1qdtgbof7VF5oBSnwrUYoODDIhCbzq
E7ckiDURWud5rYKWVLDVbJEQazfKk7A+qC6jg8DV7HjxEiE8pFIX7alfCvNZvw5K
uqZ6WXZLKt8l9DALf4swG0ub+fvXClyIu4o6KSa6ZcR1Za4t2OYgDuf0ONhDas2R
hFp1vjVe4gL9BLZqqMOycSwx1cmAChKtAxSAly47n3bCcqfoItPw67sicc0YfxAi
n/uLlVzMRPsWf7PPh/wzhiwsWCR1gtfeMfDI78lfBg2//WdibEcOfIfMSls=
-----END CERTIFICATE-----