Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/88bacae5-6b66-4a8f-8eec-ced672a47a45.roa
File:                     88bacae5-6b66-4a8f-8eec-ced672a47a45.roa (raw, json)
Hash identifier:          nogDmPOP+TeLu2JVffKHvYaqwfeN6+v7sZRSckuH20E=
Subject key identifier:   84:7A:E1:32:3C:EC:65:4A:02:8F:39:09:BA:37:7C:EE:39:84:5C:D1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       15BE5984AF0BBB4DDA13E9C98F3E2FF99B01FF8A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/88bacae5-6b66-4a8f-8eec-ced672a47a45.roa
Signing time:             Fri 15 Mar 2024 00:00:00 +0000
ROA not before:           Fri 15 Mar 2024 00:00:00 +0000
ROA not after:            Fri 19 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:be:59:84:af:0b:bb:4d:da:13:e9:c9:8f:3e:2f:f9:9b:01:ff:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 15 00:00:00 2024 GMT
            Not After : Apr 19 23:59:59 2024 GMT
        Subject: serialNumber=1bceab7a7185c6be6875d630892335176e1f2ff7baf888e75fc45a6ad16913f4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cb:5e:94:d5:ab:04:2a:6e:f0:0b:78:19:4a:
                    46:dc:e3:50:5b:5f:6b:c9:fa:fc:4b:a4:ab:ab:b4:
                    37:c9:d1:f9:87:c4:16:f1:10:cf:ac:bf:ab:b2:8a:
                    e5:fd:3f:61:ab:0c:fa:cd:04:b5:07:d1:ca:41:7f:
                    e2:85:f8:1c:d3:e5:52:1f:a6:66:44:47:54:81:6e:
                    91:e4:84:8b:3e:3e:81:bd:4d:3f:96:23:c0:1b:c5:
                    5f:50:b2:f6:9a:67:b7:9d:6c:b8:2a:f3:7b:f8:5e:
                    ba:b9:57:29:65:5c:6e:2c:bd:46:c2:e4:a9:25:8c:
                    a9:19:91:1b:cd:fb:09:c3:87:bc:85:6f:e8:a8:7f:
                    ae:48:10:de:b3:17:cc:2f:49:be:4c:df:10:30:f6:
                    c4:fc:1d:67:3a:16:a5:ef:49:7a:88:87:b5:33:2b:
                    7b:f8:ce:0f:50:de:c2:fd:c4:18:8c:5b:97:7c:83:
                    cc:6f:06:d3:91:3e:ee:f4:81:0f:a5:4a:e9:b7:4f:
                    73:85:21:34:81:cb:e4:b2:da:4b:b9:e5:88:e8:51:
                    24:a0:37:19:62:4d:5f:24:4a:2f:dc:91:64:d6:8f:
                    42:45:c8:3c:fc:bf:bf:8c:38:c5:d6:1a:a9:6d:b7:
                    40:27:a7:10:d3:8f:a0:85:94:a6:c9:b9:d1:94:2d:
                    03:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:7A:E1:32:3C:EC:65:4A:02:8F:39:09:BA:37:7C:EE:39:84:5C:D1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/88bacae5-6b66-4a8f-8eec-ced672a47a45.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:e4:cc:9a:2e:80:0e:04:79:ef:f9:13:8d:39:52:30:96:3d:
         c1:06:32:52:81:64:21:d4:f8:2f:d5:c6:a2:97:08:50:e8:c8:
         9d:d3:bd:51:18:79:f7:9d:2a:17:4a:5e:5f:60:a2:df:b7:e6:
         ef:98:37:f0:b4:e8:ec:7a:fa:f4:14:2a:20:dd:02:25:f1:26:
         7a:fd:81:d2:03:78:27:22:a6:30:d5:d0:b0:e5:97:a1:91:c3:
         cf:f6:a4:c0:59:f8:74:e7:e3:c6:7d:99:e9:be:78:9a:29:4f:
         a6:d9:97:23:b6:1c:af:60:00:71:54:e8:0b:13:1d:f8:ed:4e:
         1b:f2:f8:c9:af:d8:83:7f:6d:6a:7b:1c:f9:0e:08:f4:2f:80:
         0e:13:62:d7:dc:0d:06:1c:17:f7:95:36:74:be:21:fa:00:86:
         09:d1:f9:ca:e0:d3:62:53:7e:e4:fa:a7:75:6e:37:9d:7a:a0:
         76:c5:5e:75:46:b8:a6:ad:8b:b0:6a:59:d2:04:e5:02:06:1f:
         42:08:ff:04:52:a4:3b:af:80:77:26:1a:1c:fd:4e:05:5b:16:
         83:17:8d:06:17:c4:77:f4:56:55:bc:17:84:0c:29:62:68:f9:
         2f:bf:a1:bc:d7:91:64:6e:9d:f9:63:86:8e:5b:21:c4:fc:9e:
         14:07:0e:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFb5ZhK8Lu03aE+nJjz4v+ZsB/4owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzE1MDAwMDAwWhcNMjQwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYmNlYWI3YTcxODVjNmJlNjg3NWQ2MzA4OTIzMzUxNzZl
MWYyZmY3YmFmODg4ZTc1ZmM0NWE2YWQxNjkxM2Y0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTy16U1asEKm7wC3gZSkbc41BbX2vJ+vxLpKurtDfJ0fmH
xBbxEM+sv6uyiuX9P2GrDPrNBLUH0cpBf+KF+BzT5VIfpmZER1SBbpHkhIs+PoG9
TT+WI8AbxV9QsvaaZ7edbLgq83v4Xrq5VyllXG4svUbC5KkljKkZkRvN+wnDh7yF
b+iof65IEN6zF8wvSb5M3xAw9sT8HWc6FqXvSXqIh7UzK3v4zg9Q3sL9xBiMW5d8
g8xvBtORPu70gQ+lSum3T3OFITSBy+Sy2ku55YjoUSSgNxliTV8kSi/ckWTWj0JF
yDz8v7+MOMXWGqltt0AnpxDTj6CFlKbJudGULQMHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhHrhMjzsZUoCjzkJujd87jmEXNEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg4YmFjYWU1LTZiNjYtNGE4Zi04ZWVjLWNlZDY3MmE0N2E0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA3kzJougA4Eee/5E405UjCWPcEG
MlKBZCHU+C/VxqKXCFDoyJ3TvVEYefedKhdKXl9got+35u+YN/C06Ox6+vQUKiDd
AiXxJnr9gdIDeCcipjDV0LDll6GRw8/2pMBZ+HTn48Z9mem+eJopT6bZlyO2HK9g
AHFU6AsTHfjtThvy+Mmv2IN/bWp7HPkOCPQvgA4TYtfcDQYcF/eVNnS+IfoAhgnR
+crg02JTfuT6p3VuN516oHbFXnVGuKati7BqWdIE5QIGH0II/wRSpDuvgHcmGhz9
TgVbFoMXjQYXxHf0VlW8F4QMKWJo+S+/obzXkWRunfljho5bIcT8nhQHDgg=
-----END CERTIFICATE-----