Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84bbcac6-59a8-4f46-8a0b-e28b00bc0b11.roa
File:                     84bbcac6-59a8-4f46-8a0b-e28b00bc0b11.roa (raw, json)
Hash identifier:          v+EuwbPgyRNlDGUr9lvG5s8WHu+ZvsteY82yYM8XwOw=
Subject key identifier:   C5:6D:BF:ED:F0:89:ED:29:3A:7B:17:4A:A6:4C:D4:40:33:FE:71:14
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       584C14204294C5311FB5E922127BFBEED9903E9D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84bbcac6-59a8-4f46-8a0b-e28b00bc0b11.roa
Signing time:             Wed 09 Oct 2024 00:00:00 +0000
ROA not before:           Wed 09 Oct 2024 00:00:00 +0000
ROA not after:            Wed 13 Nov 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:4c:14:20:42:94:c5:31:1f:b5:e9:22:12:7b:fb:ee:d9:90:3e:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  9 00:00:00 2024 GMT
            Not After : Nov 13 23:59:59 2024 GMT
        Subject: serialNumber=f57587c1084fa32f9fd8f712c22f07ff3c3c2fd09e91b51ca4fc343d8cb05482, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ed:d8:5a:66:51:54:f1:da:7d:f1:d2:84:38:
                    a5:c8:42:56:d2:0c:af:be:c9:79:b5:24:97:fa:0e:
                    e1:0e:b6:f8:fe:2c:6e:ee:56:d6:0f:82:58:6d:e5:
                    d1:ab:fd:17:2e:da:b0:40:4b:42:b5:1a:0a:19:c1:
                    0b:a6:49:90:d0:b1:79:e2:84:79:f6:b1:be:3a:fe:
                    e4:e5:b2:08:95:73:8f:1a:12:31:5d:87:26:2f:0f:
                    76:33:5f:44:42:94:fb:77:ad:25:62:a8:97:86:ec:
                    eb:e3:ba:12:33:09:22:d5:d4:6a:fe:74:9b:9d:92:
                    1f:3e:c3:1b:b1:29:2a:10:8c:f5:91:9d:eb:dd:be:
                    88:9e:ca:48:b4:e0:2c:d8:a5:93:1a:5f:ed:ec:70:
                    8a:65:a3:ea:55:b5:fc:a2:8f:e1:ad:3a:6a:93:39:
                    00:c1:8f:27:b4:33:a9:1e:46:0f:0f:db:59:02:75:
                    3f:ec:42:f0:00:5f:3a:2d:4f:b8:55:00:d4:f6:5d:
                    c4:58:29:13:dd:38:d1:4b:68:3b:3c:99:23:53:c0:
                    0f:d2:3b:77:bf:2b:9e:d0:57:9f:85:b8:81:12:31:
                    42:89:a1:80:ba:9d:e7:d3:0e:21:7f:1a:2d:5e:66:
                    bb:09:70:ef:b7:38:69:d2:af:e8:f0:5b:ff:cf:50:
                    de:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:6D:BF:ED:F0:89:ED:29:3A:7B:17:4A:A6:4C:D4:40:33:FE:71:14
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84bbcac6-59a8-4f46-8a0b-e28b00bc0b11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ce:79:f0:3d:42:a1:7f:87:cb:d2:7f:a4:55:31:40:d5:72:
         eb:4f:b9:cb:25:ed:7a:a6:f1:49:7f:0f:94:c7:e5:42:2f:1e:
         4c:7e:3a:5f:28:f4:ee:f6:5f:7d:f3:34:d4:ae:20:2a:76:c7:
         b3:09:4d:7a:85:ac:9f:db:62:4a:80:94:d6:ee:f1:d6:14:85:
         0f:18:dd:4e:2c:84:dd:f9:7a:8b:bb:7e:63:31:76:00:18:bd:
         ce:7b:fc:5e:cb:da:a3:6d:b6:e5:b6:8e:d3:94:b4:7c:ec:b1:
         a0:5c:a5:18:d7:1d:38:08:47:54:98:92:f7:60:dc:20:ac:e7:
         c2:d1:52:cf:4a:89:29:75:ec:10:f9:ba:eb:4d:78:8c:8d:49:
         3a:d7:be:8e:63:71:ee:38:1a:13:bf:68:35:3c:a9:c1:55:e5:
         53:62:b5:8e:96:ed:8d:dc:02:c1:a7:25:0a:83:09:3c:94:fa:
         9c:8f:18:66:90:ac:5a:67:b6:1b:97:2a:a4:26:62:af:8d:26:
         dc:8e:ce:b4:e0:98:47:ed:d7:0a:4e:20:d6:0d:06:61:78:21:
         93:5e:99:89:7c:00:a3:b0:eb:cb:1d:13:93:5d:af:d4:48:9b:
         d3:1e:e6:71:64:b8:65:45:fc:75:e9:14:9f:05:24:8b:39:f2:
         32:4e:86:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWEwUIEKUxTEftekiEnv77tmQPp0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDA5MDAwMDAwWhcNMjQxMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTc1ODdjMTA4NGZhMzJmOWZkOGY3MTJjMjJmMDdmZjNj
M2MyZmQwOWU5MWI1MWNhNGZjMzQzZDhjYjA1NDgyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDB7dhaZlFU8dp98dKEOKXIQlbSDK++yXm1JJf6DuEOtvj+
LG7uVtYPglht5dGr/Rcu2rBAS0K1GgoZwQumSZDQsXnihHn2sb46/uTlsgiVc48a
EjFdhyYvD3YzX0RClPt3rSViqJeG7OvjuhIzCSLV1Gr+dJudkh8+wxuxKSoQjPWR
nevdvoieyki04CzYpZMaX+3scIplo+pVtfyij+GtOmqTOQDBjye0M6keRg8P21kC
dT/sQvAAXzotT7hVANT2XcRYKRPdONFLaDs8mSNTwA/SO3e/K57QV5+FuIESMUKJ
oYC6nefTDiF/Gi1eZrsJcO+3OGnSr+jwW//PUN7LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxW2/7fCJ7Sk6exdKpkzUQDP+cRQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg0YmJjYWM2LTU5YTgtNGY0Ni04YTBiLWUyOGIwMGJjMGIxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEzOefA9QqF/h8vSf6RVMUDVcutP
ucsl7Xqm8Ul/D5TH5UIvHkx+Ol8o9O72X33zNNSuICp2x7MJTXqFrJ/bYkqAlNbu
8dYUhQ8Y3U4shN35eou7fmMxdgAYvc57/F7L2qNttuW2jtOUtHzssaBcpRjXHTgI
R1SYkvdg3CCs58LRUs9KiSl17BD5uutNeIyNSTrXvo5jce44GhO/aDU8qcFV5VNi
tY6W7Y3cAsGnJQqDCTyU+pyPGGaQrFpnthuXKqQmYq+NJtyOzrTgmEft1wpOINYN
BmF4IZNemYl8AKOw68sdE5Ndr9RIm9Me5nFkuGVF/HXpFJ8FJIs58jJOhhU=
-----END CERTIFICATE-----