Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84dbbc25-f1ed-43ec-85a9-6326752eecb7.roa
File:                     84dbbc25-f1ed-43ec-85a9-6326752eecb7.roa (raw, json)
Hash identifier:          bs8fEB46PAM5CRqdLRFfc1ZYORzJndcd+MMbDVUJWYo=
Subject key identifier:   E1:F1:AD:C0:67:C4:AC:C2:B5:39:B4:94:9D:80:3C:DF:6C:97:F7:26
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6BEF174C5BDC4D9EC29838C94B45D7FF1A94DA21
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84dbbc25-f1ed-43ec-85a9-6326752eecb7.roa
Signing time:             Tue 09 Apr 2024 00:00:00 +0000
ROA not before:           Tue 09 Apr 2024 00:00:00 +0000
ROA not after:            Tue 14 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:ef:17:4c:5b:dc:4d:9e:c2:98:38:c9:4b:45:d7:ff:1a:94:da:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  9 00:00:00 2024 GMT
            Not After : May 14 23:59:59 2024 GMT
        Subject: serialNumber=3e960ea2a1f7ac4c67b926e4e36937e8d0793fa13d3bcb6f8b59100701a3d08f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6d:e7:d9:68:7a:f2:81:b6:d5:02:dd:ec:8e:
                    ee:e6:10:f5:93:16:78:71:f9:e3:39:e6:62:b5:79:
                    cd:cb:cc:f2:a6:f7:e2:53:5e:e3:a5:6c:bb:46:be:
                    af:3e:75:d2:31:4f:86:af:01:ea:eb:8f:4c:bc:76:
                    04:c4:78:d9:fe:ec:f3:2b:ef:76:eb:4a:34:f6:51:
                    e3:b7:aa:a9:03:2a:e9:19:70:da:ab:b8:42:79:d9:
                    a2:6d:87:0b:15:61:66:5e:16:f9:67:27:8f:f1:cd:
                    81:3d:93:49:de:95:ec:de:ec:21:c4:97:d4:26:9f:
                    d5:76:f9:d6:5e:87:87:95:ae:63:37:74:13:4f:77:
                    75:3e:c7:2f:23:f5:7b:83:0f:3e:78:7e:1c:eb:3b:
                    36:6f:26:43:bf:b2:4f:ee:4d:87:e3:97:e8:72:84:
                    8b:17:5c:16:81:ed:20:c5:7a:17:25:aa:35:e1:c2:
                    6e:2a:ee:89:c9:8c:0a:6b:61:d8:d3:d9:d0:d9:ab:
                    96:50:54:7a:61:f5:b1:47:f0:29:4a:1a:10:dc:66:
                    1a:4c:12:c3:0e:81:f3:91:d4:2f:89:0c:83:5e:64:
                    c0:f3:01:c0:1d:88:a8:58:14:78:d2:2d:99:0a:0d:
                    b8:71:35:45:23:d5:d1:41:70:bb:b1:e9:c7:b2:a2:
                    34:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:F1:AD:C0:67:C4:AC:C2:B5:39:B4:94:9D:80:3C:DF:6C:97:F7:26
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/84dbbc25-f1ed-43ec-85a9-6326752eecb7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:eb:35:1a:aa:db:9c:01:2e:bd:2a:9f:60:3d:ed:5c:e6:e9:
         bf:7e:26:11:4f:91:ab:05:40:af:88:ba:59:4c:84:7c:cb:c3:
         a6:42:60:2f:88:5e:b1:04:a7:29:46:4d:6e:47:7e:91:dd:6d:
         24:ca:45:58:d0:f8:cd:e5:80:4e:b1:b2:61:5e:f0:16:0d:7c:
         13:eb:72:00:57:d5:e7:ce:59:9b:52:69:7d:38:f9:79:4a:f0:
         d1:fe:61:e8:64:66:dc:d1:30:e8:71:ba:bb:94:34:e9:83:b0:
         82:ef:55:11:61:69:69:7e:ab:1c:17:93:25:56:f3:c2:03:b2:
         44:f9:af:fc:c6:85:e1:07:60:c6:06:55:bb:44:6b:30:5c:9b:
         ff:a0:e2:e2:37:42:f9:da:6f:3d:29:fb:e4:27:af:70:4f:44:
         ec:62:45:f1:a3:b1:16:25:bf:07:bb:b7:76:7a:47:dd:1d:d7:
         66:7b:bf:d1:cf:b2:bd:5a:ce:d0:48:d8:c4:92:7e:49:ca:e0:
         da:e8:8b:cf:46:09:6e:5f:1f:06:d6:21:98:19:02:ce:87:27:
         f7:a9:8d:f3:87:80:de:7b:26:e7:b9:d9:9b:4b:01:5c:36:4a:
         77:93:12:d8:c2:77:86:7b:cf:af:a8:ce:a5:51:6b:34:44:dd:
         7c:17:62:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa+8XTFvcTZ7CmDjJS0XX/xqU2iEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDA5MDAwMDAwWhcNMjQwNTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZTk2MGVhMmExZjdhYzRjNjdiOTI2ZTRlMzY5MzdlOGQw
NzkzZmExM2QzYmNiNmY4YjU5MTAwNzAxYTNkMDhmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqbefZaHrygbbVAt3sju7mEPWTFnhx+eM55mK1ec3LzPKm
9+JTXuOlbLtGvq8+ddIxT4avAerrj0y8dgTEeNn+7PMr73brSjT2UeO3qqkDKukZ
cNqruEJ52aJthwsVYWZeFvlnJ4/xzYE9k0neleze7CHEl9Qmn9V2+dZeh4eVrmM3
dBNPd3U+xy8j9XuDDz54fhzrOzZvJkO/sk/uTYfjl+hyhIsXXBaB7SDFehclqjXh
wm4q7onJjAprYdjT2dDZq5ZQVHph9bFH8ClKGhDcZhpMEsMOgfOR1C+JDINeZMDz
AcAdiKhYFHjSLZkKDbhxNUUj1dFBcLux6ceyojShAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4fGtwGfErMK1ObSUnYA832yX9yYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg0ZGJiYzI1LWYxZWQtNDNlYy04NWE5LTYzMjY3NTJlZWNiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHDrNRqq25wBLr0qn2A97Vzm6b9+
JhFPkasFQK+IullMhHzLw6ZCYC+IXrEEpylGTW5HfpHdbSTKRVjQ+M3lgE6xsmFe
8BYNfBPrcgBX1efOWZtSaX04+XlK8NH+YehkZtzRMOhxuruUNOmDsILvVRFhaWl+
qxwXkyVW88IDskT5r/zGheEHYMYGVbtEazBcm/+g4uI3Qvnabz0p++Qnr3BPROxi
RfGjsRYlvwe7t3Z6R90d12Z7v9HPsr1aztBI2MSSfknK4Nroi89GCW5fHwbWIZgZ
As6HJ/epjfOHgN57Jue52ZtLAVw2SneTEtjCd4Z7z6+ozqVRazRE3XwXYq4=
-----END CERTIFICATE-----