Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8ef994a8-6487-404b-894b-e6912f02863f.roa
File:                     8ef994a8-6487-404b-894b-e6912f02863f.roa (raw, json)
Hash identifier:          z0L9zgXrCtxtgf/ApcBt1kNvUy2pmjp2HTHsk3NW33Y=
Subject key identifier:   CB:BF:F7:48:E4:20:24:85:C7:DC:F2:50:DB:B8:2B:99:EA:D4:6B:A6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0F083210B0501967D74E19406590BDBFB091CB78
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8ef994a8-6487-404b-894b-e6912f02863f.roa
Signing time:             Wed 11 Dec 2024 00:00:00 +0000
ROA not before:           Wed 11 Dec 2024 00:00:00 +0000
ROA not after:            Wed 15 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:08:32:10:b0:50:19:67:d7:4e:19:40:65:90:bd:bf:b0:91:cb:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 11 00:00:00 2024 GMT
            Not After : Jan 15 23:59:59 2025 GMT
        Subject: serialNumber=d7666b00998987a1e5fc8e4f55c6d05addd712d167d850042a0a17e6ba2c5dd8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9d:a2:d6:a2:0f:fa:95:c2:44:1d:d0:80:0d:
                    61:de:38:d3:cd:5d:ca:d0:e1:14:a4:cc:94:8b:0c:
                    2f:dc:4c:a4:44:07:41:68:cf:0e:ae:52:78:20:6b:
                    35:ba:69:09:5a:93:ab:0e:98:25:6d:a8:c4:e6:4d:
                    c8:3d:21:2f:42:c5:a2:c5:46:b9:db:6b:84:6d:46:
                    7d:9d:a8:e9:cd:f1:f1:f1:ec:83:86:8c:77:c3:d0:
                    1f:c8:55:ee:90:8c:03:76:d2:61:3d:ad:26:55:59:
                    a8:6f:75:ca:5b:b8:a9:99:99:d7:7a:08:77:77:dc:
                    0b:eb:d9:7d:20:87:0e:d5:5c:44:fe:b0:98:97:a7:
                    d5:35:ff:42:be:e0:e6:ec:78:e6:27:6f:e1:2a:be:
                    20:7c:53:79:26:35:a0:e5:86:67:7f:a1:42:fa:b7:
                    b8:22:58:8c:c3:3e:3e:07:23:32:d2:ad:fd:9a:a3:
                    cd:fe:74:66:73:c7:1e:90:03:51:06:7a:a9:9e:c0:
                    b0:f3:11:4b:17:74:d9:9d:6d:9e:85:f9:64:dd:d3:
                    7d:94:65:fb:61:f0:60:8f:de:f1:74:d7:19:6f:12:
                    c8:4a:3b:67:13:4a:98:c4:6d:ed:a8:2f:24:9a:8e:
                    ad:48:d3:90:20:76:27:ce:80:8e:65:64:6d:d4:08:
                    88:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:BF:F7:48:E4:20:24:85:C7:DC:F2:50:DB:B8:2B:99:EA:D4:6B:A6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8ef994a8-6487-404b-894b-e6912f02863f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:59:7d:e2:f1:d5:84:9a:05:26:68:e0:fa:1e:61:c5:e3:9d:
         92:d8:41:3f:77:6b:30:16:cc:0c:97:5c:24:d5:81:46:23:d7:
         8c:b3:2a:df:40:68:4b:15:94:a3:15:5d:a8:70:28:b3:d4:ba:
         8a:9b:82:f9:2b:19:68:9f:f4:fc:f8:f5:51:b6:78:9b:8a:61:
         77:ca:a4:8b:8d:b1:18:29:f6:3c:f8:ca:05:42:81:77:fc:3b:
         3e:5b:84:9c:09:3d:0a:39:c7:ef:49:53:1d:95:43:25:e2:63:
         33:0c:9f:df:37:70:2e:78:a0:14:bc:9a:8d:60:ed:80:ae:31:
         c2:57:ec:40:63:14:37:15:cd:24:87:5c:65:d1:68:f6:ed:d3:
         74:7b:a7:85:71:2e:72:db:03:3e:94:24:98:74:86:e8:55:7d:
         18:c2:b5:a5:1c:50:fe:78:1f:71:7d:ae:c8:c4:62:e0:f2:de:
         af:33:fd:65:a2:0a:b6:b9:c0:67:55:a6:e4:52:e0:de:8b:ec:
         ca:de:63:ed:e1:66:e5:21:43:e4:ba:46:df:3d:ba:3b:7c:53:
         71:34:21:aa:fd:26:98:e9:8c:f9:74:d9:de:a9:18:6e:db:c6:
         e8:9b:5d:4b:32:5f:4a:d6:3f:eb:e1:cd:1a:ee:06:f5:e6:75:
         09:2d:cf:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDwgyELBQGWfXThlAZZC9v7CRy3gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjExMDAwMDAwWhcNMjUwMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzY2NmIwMDk5ODk4N2ExZTVmYzhlNGY1NWM2ZDA1YWRk
ZDcxMmQxNjdkODUwMDQyYTBhMTdlNmJhMmM1ZGQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrnaLWog/6lcJEHdCADWHeONPNXcrQ4RSkzJSLDC/cTKRE
B0Fozw6uUnggazW6aQlak6sOmCVtqMTmTcg9IS9CxaLFRrnba4RtRn2dqOnN8fHx
7IOGjHfD0B/IVe6QjAN20mE9rSZVWahvdcpbuKmZmdd6CHd33Avr2X0ghw7VXET+
sJiXp9U1/0K+4ObseOYnb+EqviB8U3kmNaDlhmd/oUL6t7giWIzDPj4HIzLSrf2a
o83+dGZzxx6QA1EGeqmewLDzEUsXdNmdbZ6F+WTd032UZfth8GCP3vF01xlvEshK
O2cTSpjEbe2oLySajq1I05AgdifOgI5lZG3UCIi1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUy7/3SOQgJIXH3PJQ27grmerUa6YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhlZjk5NGE4LTY0ODctNDA0Yi04OTRiLWU2OTEyZjAyODYzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAABZfeLx1YSaBSZo4PoeYcXjnZLY
QT93azAWzAyXXCTVgUYj14yzKt9AaEsVlKMVXahwKLPUuoqbgvkrGWif9Pz49VG2
eJuKYXfKpIuNsRgp9jz4ygVCgXf8Oz5bhJwJPQo5x+9JUx2VQyXiYzMMn983cC54
oBS8mo1g7YCuMcJX7EBjFDcVzSSHXGXRaPbt03R7p4VxLnLbAz6UJJh0huhVfRjC
taUcUP54H3F9rsjEYuDy3q8z/WWiCra5wGdVpuRS4N6L7MreY+3hZuUhQ+S6Rt89
ujt8U3E0Iar9JpjpjPl02d6pGG7bxuibXUsyX0rWP+vhzRruBvXmdQktz1I=
-----END CERTIFICATE-----