Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/89474949-eeb6-4f2e-be65-91399c0a98f9.roa
File:                     89474949-eeb6-4f2e-be65-91399c0a98f9.roa (raw, json)
Hash identifier:          onJqDeZUHUe8aEU+PDz0AwVIVvyMDIY4eX4R9DR2MDM=
Subject key identifier:   0B:70:B5:58:64:2C:59:63:CD:AE:5E:83:C8:A4:88:E9:33:C1:D0:C1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       50F2D59877B75F8CA08009B24115ACBCF8FC3AA3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/89474949-eeb6-4f2e-be65-91399c0a98f9.roa
Signing time:             Thu 28 Nov 2024 00:00:00 +0000
ROA not before:           Thu 28 Nov 2024 00:00:00 +0000
ROA not after:            Thu 02 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:f2:d5:98:77:b7:5f:8c:a0:80:09:b2:41:15:ac:bc:f8:fc:3a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 28 00:00:00 2024 GMT
            Not After : Jan  2 23:59:59 2025 GMT
        Subject: serialNumber=843b897bb00ac11561653e4979595f014b506d0967d598ba03b0d13900e67275, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b7:df:bb:32:fc:dc:91:d9:02:c7:07:ea:77:
                    41:19:5c:16:af:b6:ad:a4:b3:78:9a:9c:8b:8b:47:
                    b2:41:05:ca:bf:d8:05:25:fb:09:b8:02:e8:12:8b:
                    09:6f:9f:52:46:f1:6b:4f:ba:e5:02:fe:b0:00:ab:
                    42:b0:3a:79:6a:73:56:65:fb:57:72:60:b8:63:d0:
                    0e:29:83:57:86:d4:72:52:91:2f:90:98:4a:f6:ab:
                    88:96:fe:8b:e0:4f:91:08:22:62:8e:49:4b:44:9c:
                    1e:81:bb:b5:16:59:66:2c:03:68:14:9e:f2:97:b7:
                    9e:3e:51:85:f1:db:db:ac:84:af:51:3e:b9:d0:07:
                    0a:53:28:ee:1f:6a:04:cb:5f:92:26:00:09:8e:8a:
                    f6:9a:2b:a0:88:89:ff:92:79:24:d6:e3:11:83:43:
                    10:4a:69:bd:d6:7b:ba:cc:2f:79:46:0c:e8:be:0c:
                    fb:be:f1:2e:c1:96:a2:2d:37:04:51:ef:5c:ad:1c:
                    ec:6a:f1:03:88:0f:71:23:29:e9:9e:5e:1d:21:c1:
                    13:97:77:ce:f6:ce:34:81:18:f8:27:4e:9e:77:f5:
                    5e:0d:a5:d3:88:36:26:76:9b:ee:39:d4:86:e0:65:
                    ea:34:5a:25:a1:63:21:16:9d:ad:b9:5e:c8:f3:e6:
                    5f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:70:B5:58:64:2C:59:63:CD:AE:5E:83:C8:A4:88:E9:33:C1:D0:C1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/89474949-eeb6-4f2e-be65-91399c0a98f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ed:56:44:39:ba:33:11:bf:a9:9d:47:11:af:bb:f5:93:c3:
         29:e7:43:a9:52:e1:a8:b8:f2:cb:7c:4f:44:36:62:0e:4b:44:
         6f:db:ba:a0:54:46:d9:c2:cb:fe:f2:cd:68:d2:e8:b4:09:4c:
         10:3d:85:d8:e0:5f:98:f1:c3:b1:9c:0c:5a:18:42:72:98:2b:
         13:c9:ce:68:36:79:f8:75:2e:9d:1c:01:d4:6a:00:3e:dc:d7:
         b2:12:1a:00:5c:f4:5a:76:2d:ef:be:21:a6:dd:5c:56:bc:9d:
         f5:f4:15:4f:9a:71:11:ad:65:56:fe:b0:89:39:b2:97:db:0c:
         f0:6b:d5:74:0d:e9:d3:38:77:96:42:31:28:65:61:b6:51:6e:
         e2:9e:2a:82:40:f5:73:f4:fb:39:25:81:ed:3c:f9:f2:48:2d:
         d2:bb:13:ed:df:be:b4:6f:25:fe:a2:a9:6b:4d:b5:9f:35:fd:
         47:d6:b6:b2:f6:2e:c3:8c:87:be:d6:38:e8:9d:97:65:63:3d:
         3e:dd:d5:e0:c9:e5:d6:09:52:39:d2:00:51:62:9c:db:e9:26:
         b4:55:2b:15:27:a5:05:ca:60:f7:31:d5:56:94:20:4a:bb:8c:
         9a:0a:64:7f:a3:60:bf:70:31:c7:3c:ac:b5:84:02:74:2a:28:
         7f:61:2a:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUPLVmHe3X4yggAmyQRWsvPj8OqMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTI4MDAwMDAwWhcNMjUwMTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NDNiODk3YmIwMGFjMTE1NjE2NTNlNDk3OTU5NWYwMTRi
NTA2ZDA5NjdkNTk4YmEwM2IwZDEzOTAwZTY3Mjc1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzt9+7MvzckdkCxwfqd0EZXBavtq2ks3ianIuLR7JBBcq/
2AUl+wm4AugSiwlvn1JG8WtPuuUC/rAAq0KwOnlqc1Zl+1dyYLhj0A4pg1eG1HJS
kS+QmEr2q4iW/ovgT5EIImKOSUtEnB6Bu7UWWWYsA2gUnvKXt54+UYXx29ushK9R
PrnQBwpTKO4fagTLX5ImAAmOivaaK6CIif+SeSTW4xGDQxBKab3We7rML3lGDOi+
DPu+8S7BlqItNwRR71ytHOxq8QOID3EjKemeXh0hwROXd872zjSBGPgnTp539V4N
pdOINiZ2m+451IbgZeo0WiWhYyEWna25Xsjz5l+9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUC3C1WGQsWWPNrl6DyKSI6TPB0MEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg5NDc0OTQ5LWVlYjYtNGYyZS1iZTY1LTkxMzk5YzBhOThmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJLtVkQ5ujMRv6mdRxGvu/WTwynn
Q6lS4ai48st8T0Q2Yg5LRG/buqBURtnCy/7yzWjS6LQJTBA9hdjgX5jxw7GcDFoY
QnKYKxPJzmg2efh1Lp0cAdRqAD7c17ISGgBc9Fp2Le++IabdXFa8nfX0FU+acRGt
ZVb+sIk5spfbDPBr1XQN6dM4d5ZCMShlYbZRbuKeKoJA9XP0+zklge08+fJILdK7
E+3fvrRvJf6iqWtNtZ81/UfWtrL2LsOMh77WOOidl2VjPT7d1eDJ5dYJUjnSAFFi
nNvpJrRVKxUnpQXKYPcx1VaUIEq7jJoKZH+jYL9wMcc8rLWEAnQqKH9hKqE=
-----END CERTIFICATE-----