Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/96ec631c-140f-48fd-8012-eda796251687.roa
File:                     96ec631c-140f-48fd-8012-eda796251687.roa (raw, json)
Hash identifier:          R9DeQq1gMbQClf8Bn/IqueHKENQ9xJTj2/zARrxxAYA=
Subject key identifier:   30:C6:7D:51:D2:3D:90:22:6A:25:C8:20:13:A5:FF:B1:38:36:3A:6A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3F741BBC69B0E0E0C37AE6F5887852003BEA3F52
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/96ec631c-140f-48fd-8012-eda796251687.roa
Signing time:             Wed 21 Feb 2024 00:00:00 +0000
ROA not before:           Wed 21 Feb 2024 00:00:00 +0000
ROA not after:            Wed 27 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:74:1b:bc:69:b0:e0:e0:c3:7a:e6:f5:88:78:52:00:3b:ea:3f:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 21 00:00:00 2024 GMT
            Not After : Mar 27 23:59:59 2024 GMT
        Subject: serialNumber=4b8eb39c6d14f958ff4d32fcc51bd5a1e6b18a761e19b0d4ffd31a7bfc341e53, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b3:9d:bf:81:5a:ab:38:ce:b2:49:83:e3:e2:
                    17:b2:96:0b:6e:67:b7:69:87:d0:ba:e3:3d:1d:80:
                    18:af:9f:cb:e2:7f:04:7f:e4:f9:25:95:ae:62:a5:
                    63:34:6f:a8:27:0f:94:f7:96:0e:94:19:11:de:0b:
                    b0:1e:1e:fc:1a:34:97:e1:b2:a9:58:cb:d5:0b:10:
                    b3:75:6e:ae:68:f3:ef:cb:e9:c4:1a:c8:63:33:83:
                    98:b5:32:87:70:fe:5e:7d:05:06:69:f7:0a:49:6f:
                    92:9d:e6:20:3e:13:6a:45:da:e8:53:32:d6:7f:dc:
                    b9:e9:97:fa:6f:dd:1a:11:f2:95:d9:89:ba:f6:2b:
                    2b:54:b5:d9:33:da:26:1c:04:fe:b2:35:7c:b4:e4:
                    4d:84:e5:63:ef:81:e6:ea:9a:d4:bb:95:3e:73:dd:
                    df:04:63:57:27:25:c9:d6:52:16:86:4f:87:2c:ec:
                    48:0b:99:54:38:8e:ce:98:a0:14:8a:1b:b8:f3:dc:
                    37:12:6c:d1:dc:5c:63:88:77:3a:a8:c9:c0:a9:f2:
                    49:1d:f9:a9:37:69:aa:f7:ed:7d:c8:cb:b8:23:7a:
                    45:15:70:bc:3d:ac:a8:b5:22:a3:e8:95:90:22:91:
                    6a:77:23:93:b5:ae:91:44:2b:98:46:f6:7c:44:3e:
                    ba:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:C6:7D:51:D2:3D:90:22:6A:25:C8:20:13:A5:FF:B1:38:36:3A:6A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/96ec631c-140f-48fd-8012-eda796251687.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:4c:50:b8:57:78:e5:6d:80:99:d5:db:ef:06:b0:52:5d:59:
         1e:4b:f4:4e:18:d7:04:36:b1:eb:61:99:fd:62:9b:4e:40:30:
         b1:9e:f0:0f:c5:ac:1e:cf:a2:02:b9:c4:3a:9c:72:58:cc:c9:
         ba:29:c4:2b:4b:32:42:97:65:e9:5c:fe:0e:81:b1:7d:8f:6e:
         31:3f:76:93:4a:bc:9a:91:b4:d1:c1:75:31:a0:08:ed:6d:23:
         69:92:75:3e:57:a2:cf:61:90:86:f8:00:3e:c5:09:e4:5c:bb:
         ee:f6:bc:29:33:be:f6:fb:5d:4f:d6:00:57:20:51:4e:89:93:
         8f:b5:92:9f:5e:81:c8:ce:fd:5e:c9:3d:fb:4e:f2:3b:90:93:
         7d:03:d1:32:a9:4d:b8:58:ff:40:1c:91:19:31:fd:a7:6a:8c:
         84:42:01:12:99:ad:a9:6a:ce:3c:18:9f:c7:a5:8b:db:0d:8e:
         1b:b6:fa:e1:31:61:10:55:1f:b5:87:e6:ae:51:bb:ee:a9:a4:
         fb:b9:a7:ed:66:7b:6c:ab:46:2d:2a:dc:d7:b7:81:62:74:52:
         f9:a4:b8:84:79:11:34:99:39:48:df:03:a7:93:f9:02:2e:6e:
         3f:df:dd:5c:0d:0f:71:12:18:c2:4e:38:85:0e:14:14:18:a2:
         94:e1:6f:3e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP3QbvGmw4ODDeub1iHhSADvqP1IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjIxMDAwMDAwWhcNMjQwMzI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YjhlYjM5YzZkMTRmOTU4ZmY0ZDMyZmNjNTFiZDVhMWU2
YjE4YTc2MWUxOWIwZDRmZmQzMWE3YmZjMzQxZTUzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqs52/gVqrOM6ySYPj4heylgtuZ7dph9C64z0dgBivn8vi
fwR/5Pklla5ipWM0b6gnD5T3lg6UGRHeC7AeHvwaNJfhsqlYy9ULELN1bq5o8+/L
6cQayGMzg5i1Modw/l59BQZp9wpJb5Kd5iA+E2pF2uhTMtZ/3Lnpl/pv3RoR8pXZ
ibr2KytUtdkz2iYcBP6yNXy05E2E5WPvgebqmtS7lT5z3d8EY1cnJcnWUhaGT4cs
7EgLmVQ4js6YoBSKG7jz3DcSbNHcXGOIdzqoycCp8kkd+ak3aar37X3Iy7gjekUV
cLw9rKi1IqPolZAikWp3I5O1rpFEK5hG9nxEPrqpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMMZ9UdI9kCJqJcggE6X/sTg2OmowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk2ZWM2MzFjLTE0MGYtNDhmZC04MDEyLWVkYTc5NjI1MTY4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGRMULhXeOVtgJnV2+8GsFJdWR5L
9E4Y1wQ2sethmf1im05AMLGe8A/FrB7PogK5xDqccljMybopxCtLMkKXZelc/g6B
sX2PbjE/dpNKvJqRtNHBdTGgCO1tI2mSdT5Xos9hkIb4AD7FCeRcu+72vCkzvvb7
XU/WAFcgUU6Jk4+1kp9egcjO/V7JPftO8juQk30D0TKpTbhY/0AckRkx/adqjIRC
ARKZralqzjwYn8eli9sNjhu2+uExYRBVH7WH5q5Ru+6ppPu5p+1me2yrRi0q3Ne3
gWJ0UvmkuIR5ETSZOUjfA6eT+QIubj/f3VwND3ESGMJOOIUOFBQYopThbz4=
-----END CERTIFICATE-----