Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8f6dbc2e-c9ea-46ba-af3c-4e3a6ba45c8f.roa
File:                     8f6dbc2e-c9ea-46ba-af3c-4e3a6ba45c8f.roa (raw, json)
Hash identifier:          oRXLWTaqpIuBdTYcFERgfFprgZZqBTp3f+FgN441yuY=
Subject key identifier:   5A:2D:BF:8B:27:A7:F2:E3:99:82:75:D3:82:CD:62:8F:6B:F5:69:BC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7919DA64B141ABD9F58B3A829149DB17009E742C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8f6dbc2e-c9ea-46ba-af3c-4e3a6ba45c8f.roa
Signing time:             Mon 08 Apr 2024 00:00:00 +0000
ROA not before:           Mon 08 Apr 2024 00:00:00 +0000
ROA not after:            Mon 13 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:19:da:64:b1:41:ab:d9:f5:8b:3a:82:91:49:db:17:00:9e:74:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  8 00:00:00 2024 GMT
            Not After : May 13 23:59:59 2024 GMT
        Subject: serialNumber=caba9a8c046ab206489d28b642fb4c83d8621bdf5452beb04f41951550931436, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bc:30:73:86:1f:d7:4c:49:ec:23:b1:12:da:
                    64:cc:42:33:31:be:a8:b2:0c:ae:8c:0f:c5:59:13:
                    06:05:ea:88:a9:ac:d4:ee:84:73:c0:84:26:62:29:
                    5f:a8:85:f6:a4:b1:92:d7:3a:60:73:c5:a3:03:55:
                    8e:56:92:40:30:72:03:74:f4:16:23:86:a8:cf:84:
                    e6:60:ef:ca:4c:a5:16:d9:e6:ac:25:42:51:aa:23:
                    13:5d:31:4f:bf:09:cc:03:2b:ec:4d:cc:50:19:2d:
                    14:d8:5e:91:b3:96:96:37:af:02:be:d2:94:70:c9:
                    d1:df:c2:bc:a3:75:50:09:72:e3:92:5f:10:c4:ee:
                    4e:95:14:a9:8f:7d:ef:e6:e0:a7:9c:79:23:cb:af:
                    d5:a8:13:c5:cb:db:a3:3c:9e:32:14:1d:42:8d:03:
                    b5:81:18:fd:a7:d4:7a:1f:21:e1:76:89:93:8d:e0:
                    dd:cf:3a:70:1b:ca:b9:26:44:22:60:2d:b2:11:4e:
                    3c:1a:44:03:c3:f1:03:25:50:00:d0:e0:f6:c7:eb:
                    a7:29:28:49:eb:bc:a5:26:d1:79:32:22:23:13:e6:
                    32:81:c5:81:ce:77:21:36:5f:ff:48:10:26:26:7b:
                    20:cf:31:da:25:58:e0:a9:08:ce:d6:8f:49:c9:83:
                    2a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:2D:BF:8B:27:A7:F2:E3:99:82:75:D3:82:CD:62:8F:6B:F5:69:BC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8f6dbc2e-c9ea-46ba-af3c-4e3a6ba45c8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:26:93:a3:34:ce:f4:d1:7f:23:4a:cc:75:bf:85:12:01:5d:
         2a:d3:5e:0e:e3:e0:7c:2d:d5:09:f6:de:df:31:53:07:13:c8:
         6a:83:38:91:57:44:07:06:66:60:ec:6a:d7:2e:11:cb:46:34:
         3e:d2:f2:4f:f2:44:10:c2:b4:b0:42:87:16:aa:cf:fd:12:8b:
         83:8e:45:04:cc:03:01:d4:c1:62:d5:88:d8:99:75:16:ce:4d:
         85:39:17:68:79:03:43:18:1e:30:29:d8:9b:b0:5c:b6:1a:85:
         e3:84:e2:3b:f5:11:ef:cd:af:0b:72:24:02:5b:4f:e9:e4:d9:
         98:6d:82:14:92:64:ce:de:dd:55:57:f4:e8:9f:4d:31:ce:e7:
         42:7a:6f:6d:1e:6b:75:32:23:05:9a:64:60:b4:47:d1:ae:a2:
         37:1a:06:d8:af:d3:25:fd:52:73:c0:28:52:2b:17:b5:41:e4:
         99:f4:aa:2a:2e:55:38:9b:f4:02:a3:ce:42:8a:cb:44:b3:c5:
         e3:10:61:54:57:3f:15:9d:2a:c5:fe:b6:82:e4:f3:4b:65:05:
         2f:98:a4:e8:94:fb:66:f9:c5:72:8b:59:d2:54:20:22:0d:6b:
         06:d1:de:0e:d7:88:a7:67:04:4a:b2:33:15:ef:aa:24:7a:a4:
         ce:71:53:ed
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeRnaZLFBq9n1izqCkUnbFwCedCwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDA4MDAwMDAwWhcNMjQwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYWJhOWE4YzA0NmFiMjA2NDg5ZDI4YjY0MmZiNGM4M2Q4
NjIxYmRmNTQ1MmJlYjA0ZjQxOTUxNTUwOTMxNDM2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfvDBzhh/XTEnsI7ES2mTMQjMxvqiyDK6MD8VZEwYF6oip
rNTuhHPAhCZiKV+ohfaksZLXOmBzxaMDVY5WkkAwcgN09BYjhqjPhOZg78pMpRbZ
5qwlQlGqIxNdMU+/CcwDK+xNzFAZLRTYXpGzlpY3rwK+0pRwydHfwryjdVAJcuOS
XxDE7k6VFKmPfe/m4KeceSPLr9WoE8XL26M8njIUHUKNA7WBGP2n1HofIeF2iZON
4N3POnAbyrkmRCJgLbIRTjwaRAPD8QMlUADQ4PbH66cpKEnrvKUm0XkyIiMT5jKB
xYHOdyE2X/9IECYmeyDPMdolWOCpCM7Wj0nJgyo3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWi2/iyen8uOZgnXTgs1ij2v1abwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhmNmRiYzJlLWM5ZWEtNDZiYS1hZjNjLTRlM2E2YmE0NWM4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEomk6M0zvTRfyNKzHW/hRIBXSrT
Xg7j4Hwt1Qn23t8xUwcTyGqDOJFXRAcGZmDsatcuEctGND7S8k/yRBDCtLBChxaq
z/0Si4OORQTMAwHUwWLViNiZdRbOTYU5F2h5A0MYHjAp2JuwXLYaheOE4jv1Ee/N
rwtyJAJbT+nk2ZhtghSSZM7e3VVX9OifTTHO50J6b20ea3UyIwWaZGC0R9Guojca
Btiv0yX9UnPAKFIrF7VB5Jn0qiouVTib9AKjzkKKy0SzxeMQYVRXPxWdKsX+toLk
80tlBS+YpOiU+2b5xXKLWdJUICINawbR3g7XiKdnBEqyMxXvqiR6pM5xU+0=
-----END CERTIFICATE-----