Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/936e6bbf-1eab-49c6-8e69-1b21d8db5d3c.roa
File:                     936e6bbf-1eab-49c6-8e69-1b21d8db5d3c.roa (raw, json)
Hash identifier:          e582/I0TLs2XBK8Eyo1uPBbIIhWyQb+2C7PaUVz4wjQ=
Subject key identifier:   1F:54:56:52:C1:E8:32:28:62:C8:2B:2C:C8:B0:34:3B:18:7F:B3:80
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       19B3F60A0D422E96EA16B431699C5D76C8F16696
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/936e6bbf-1eab-49c6-8e69-1b21d8db5d3c.roa
Signing time:             Wed 20 Mar 2024 00:00:00 +0000
ROA not before:           Wed 20 Mar 2024 00:00:00 +0000
ROA not after:            Wed 24 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:b3:f6:0a:0d:42:2e:96:ea:16:b4:31:69:9c:5d:76:c8:f1:66:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 20 00:00:00 2024 GMT
            Not After : Apr 24 23:59:59 2024 GMT
        Subject: serialNumber=3ce72ea4d2c2fef05a92dd5c88b2f57837c29d8123969d855ae0d586e9228637, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ee:3f:b8:9b:b3:fc:5e:74:5e:4a:bb:60:af:
                    83:e1:1b:3a:25:30:aa:89:df:12:6e:f5:ed:3a:48:
                    31:ac:88:51:a7:9e:2b:bd:7e:d1:fd:35:e3:09:0b:
                    e7:09:71:6f:89:8c:64:96:bb:8c:75:7f:19:b2:4e:
                    0c:f1:a6:8f:c5:69:81:33:1c:54:0a:7f:56:74:2b:
                    c2:7d:c1:94:ba:85:db:d3:27:11:b5:5e:a0:39:0e:
                    9f:64:37:92:15:43:7c:22:6a:b8:ba:26:23:e3:d2:
                    96:fa:9b:40:90:68:9a:de:24:69:67:67:1b:4e:2b:
                    a1:c9:f2:17:f8:a2:b8:d2:f7:a3:d5:41:b4:ce:ac:
                    3a:76:4c:68:0d:cc:d0:d4:d2:d8:5c:a2:0f:0a:0b:
                    08:70:77:43:e7:ac:80:2c:51:6f:a1:74:77:9d:03:
                    94:be:e0:8f:4c:71:ee:01:0f:7e:62:42:a7:e4:bb:
                    ed:49:8e:5e:c1:0c:bb:44:84:3d:5b:ad:da:a2:98:
                    bf:e1:f0:f9:8b:6d:fc:8f:59:92:e4:e3:ac:a9:18:
                    d8:58:d9:db:64:51:3e:8a:16:57:31:f9:a0:c8:a9:
                    8b:90:d5:71:d7:44:b1:c8:c2:bb:72:d6:5c:7a:28:
                    89:2b:e2:c4:30:06:c9:18:cb:2a:05:3b:06:dd:6b:
                    03:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:54:56:52:C1:E8:32:28:62:C8:2B:2C:C8:B0:34:3B:18:7F:B3:80
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/936e6bbf-1eab-49c6-8e69-1b21d8db5d3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:28:81:08:83:49:ba:9c:6a:71:93:2d:c8:f3:cd:5a:af:7f:
         d4:b9:08:0c:78:f4:f0:43:b9:e8:24:89:b5:e0:fe:3c:f9:48:
         0c:60:db:4c:3b:f4:9a:57:10:30:6c:a4:5b:f6:bc:99:c2:ec:
         bf:0d:5b:f5:0a:b3:d8:59:a1:42:b4:61:f2:fa:85:96:4f:30:
         21:99:fe:e9:59:08:d0:ac:50:66:dc:fe:68:7e:86:2a:23:2c:
         de:f9:97:77:85:30:24:1e:8a:9f:4c:3a:3e:fa:0b:95:7a:7c:
         37:25:58:ae:f5:33:56:5e:02:4e:90:f0:b6:20:1e:3d:b7:a7:
         8e:2b:44:bb:bd:7f:3c:b6:30:3b:fd:22:53:13:7e:4b:9b:30:
         c3:1a:7f:78:eb:14:e1:b2:0b:69:2f:35:be:ee:74:7e:e0:53:
         f9:0e:69:51:3a:6b:98:a1:d9:35:ab:de:fc:9f:af:3c:98:c3:
         1f:8b:78:71:35:e7:71:f9:d3:95:42:cc:50:f1:d2:54:9e:76:
         c2:20:e0:b8:27:13:47:c6:5f:3b:41:55:f7:a7:b6:77:6c:5e:
         be:5a:ec:9f:cc:7d:bd:41:f9:87:20:4c:96:93:75:d1:55:83:
         20:89:66:8b:36:6a:77:f6:55:0e:b6:a7:4b:fb:8a:39:72:94:
         8c:39:97:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGbP2Cg1CLpbqFrQxaZxddsjxZpYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzIwMDAwMDAwWhcNMjQwNDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzY2U3MmVhNGQyYzJmZWYwNWE5MmRkNWM4OGIyZjU3ODM3
YzI5ZDgxMjM5NjlkODU1YWUwZDU4NmU5MjI4NjM3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz7j+4m7P8XnReSrtgr4PhGzolMKqJ3xJu9e06SDGsiFGn
niu9ftH9NeMJC+cJcW+JjGSWu4x1fxmyTgzxpo/FaYEzHFQKf1Z0K8J9wZS6hdvT
JxG1XqA5Dp9kN5IVQ3wiari6JiPj0pb6m0CQaJreJGlnZxtOK6HJ8hf4orjS96PV
QbTOrDp2TGgNzNDU0thcog8KCwhwd0PnrIAsUW+hdHedA5S+4I9Mce4BD35iQqfk
u+1Jjl7BDLtEhD1brdqimL/h8PmLbfyPWZLk46ypGNhY2dtkUT6KFlcx+aDIqYuQ
1XHXRLHIwrty1lx6KIkr4sQwBskYyyoFOwbdawMVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUH1RWUsHoMihiyCssyLA0Oxh/s4AwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzkzNmU2YmJmLTFlYWItNDljNi04ZTY5LTFiMjFkOGRiNWQzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADIogQiDSbqcanGTLcjzzVqvf9S5
CAx49PBDuegkibXg/jz5SAxg20w79JpXEDBspFv2vJnC7L8NW/UKs9hZoUK0YfL6
hZZPMCGZ/ulZCNCsUGbc/mh+hiojLN75l3eFMCQeip9MOj76C5V6fDclWK71M1Ze
Ak6Q8LYgHj23p44rRLu9fzy2MDv9IlMTfkubMMMaf3jrFOGyC2kvNb7udH7gU/kO
aVE6a5ih2TWr3vyfrzyYwx+LeHE153H505VCzFDx0lSedsIg4LgnE0fGXztBVfen
tndsXr5a7J/Mfb1B+YcgTJaTddFVgyCJZos2anf2VQ62p0v7ijlylIw5lwA=
-----END CERTIFICATE-----