Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/974fafc0-9ebb-448c-a43e-ab536994835d.roa
File:                     974fafc0-9ebb-448c-a43e-ab536994835d.roa (raw, json)
Hash identifier:          MqkLgPCzNcHylChy6DDQ5uiqXIfKNSpRq0OkQdWnLRo=
Subject key identifier:   9F:4A:7B:03:F3:91:6F:A0:BD:7B:C1:3A:28:B8:9A:F5:1B:DB:7D:B7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3DD72A70382D3A0FCBEBE7CFC21C27A954B88D4A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/974fafc0-9ebb-448c-a43e-ab536994835d.roa
Signing time:             Fri 15 Mar 2024 00:00:00 +0000
ROA not before:           Fri 15 Mar 2024 00:00:00 +0000
ROA not after:            Fri 19 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:d7:2a:70:38:2d:3a:0f:cb:eb:e7:cf:c2:1c:27:a9:54:b8:8d:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 15 00:00:00 2024 GMT
            Not After : Apr 19 23:59:59 2024 GMT
        Subject: serialNumber=cd5def5b9938a7462eb7f0e2663dd830d66e2f0411c8e984c342a5452b8c186c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:65:67:5b:1d:ec:ff:0e:f9:68:2c:08:68:e4:
                    4b:83:ff:44:c1:cc:8b:e1:43:43:f1:89:2c:83:ef:
                    53:d9:09:4b:f6:2e:a7:50:a7:02:26:c8:cb:30:84:
                    32:72:1f:68:83:19:14:69:42:02:75:da:aa:5a:9a:
                    e3:fa:84:05:cc:5a:15:1a:64:6c:d8:37:6b:0c:d8:
                    eb:90:a7:63:11:19:12:92:66:f8:be:59:56:e4:5f:
                    2a:09:b5:61:9d:87:34:99:30:8f:85:b3:03:0d:20:
                    de:ab:2c:18:a3:db:31:b7:b5:66:b6:1c:43:1c:a8:
                    8f:6c:58:6e:39:a8:90:e0:48:38:70:24:2b:07:37:
                    4b:0f:21:11:3b:79:a9:38:eb:b2:e5:33:33:33:c8:
                    dd:a4:f4:90:b6:51:cb:33:71:57:68:d2:af:19:70:
                    59:56:91:2d:59:c2:ac:6c:cd:70:a4:a5:e4:39:38:
                    32:37:2f:5b:93:a0:5d:76:34:70:cc:c2:c1:84:22:
                    65:f0:44:5d:54:c9:77:24:26:e7:d9:8a:00:b6:14:
                    f5:d7:bd:37:f0:60:77:f4:2c:0d:aa:5b:3a:dd:1d:
                    2d:f8:b7:e3:a9:2c:f9:01:8d:ef:29:b6:8c:aa:f5:
                    14:48:00:ec:0b:38:fe:4a:22:e6:77:14:fc:9d:c2:
                    79:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:4A:7B:03:F3:91:6F:A0:BD:7B:C1:3A:28:B8:9A:F5:1B:DB:7D:B7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/974fafc0-9ebb-448c-a43e-ab536994835d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:4e:b1:b5:af:81:fb:0e:34:2f:45:3f:5f:83:50:5d:ee:77:
         69:e6:55:23:80:c4:6d:7a:f8:28:50:d1:34:88:05:13:21:18:
         6b:55:8c:31:b9:da:0a:35:53:7c:27:b7:8b:a5:34:60:3c:65:
         50:cf:4f:2e:8f:e0:c2:1b:66:84:4e:9b:62:08:c3:8e:d5:51:
         dd:b8:43:5c:00:43:60:3b:58:36:2e:cb:77:45:4a:51:19:33:
         2b:cf:8d:a8:64:95:4b:68:d8:cc:f9:9a:71:42:a6:c6:43:85:
         c1:17:ed:60:1f:e6:c7:7b:2a:77:c7:63:44:46:f6:41:2f:b5:
         09:19:5a:ef:52:a5:14:b7:99:28:34:5a:a5:02:42:92:31:00:
         47:1d:1d:04:ec:e9:f6:bb:c5:e6:56:e4:0c:88:53:40:62:16:
         87:d5:99:39:14:80:37:bf:a9:5e:93:ed:21:57:94:e0:39:f9:
         e6:49:f0:5b:2b:60:df:68:1e:03:43:98:d4:ea:78:71:e1:2f:
         f6:32:e9:a7:57:b6:3d:14:8e:3b:3a:01:7e:17:8a:c4:30:04:
         e7:7f:7f:90:49:c0:01:e5:8e:da:a6:dd:ec:a5:ef:2a:8b:6f:
         fc:7d:a9:ea:11:a1:41:90:7b:01:d5:c9:9a:12:0b:c1:52:7d:
         eb:8a:8c:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPdcqcDgtOg/L6+fPwhwnqVS4jUowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzE1MDAwMDAwWhcNMjQwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZDVkZWY1Yjk5MzhhNzQ2MmViN2YwZTI2NjNkZDgzMGQ2
NmUyZjA0MTFjOGU5ODRjMzQyYTU0NTJiOGMxODZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZZWdbHez/DvloLAho5EuD/0TBzIvhQ0PxiSyD71PZCUv2
LqdQpwImyMswhDJyH2iDGRRpQgJ12qpamuP6hAXMWhUaZGzYN2sM2OuQp2MRGRKS
Zvi+WVbkXyoJtWGdhzSZMI+FswMNIN6rLBij2zG3tWa2HEMcqI9sWG45qJDgSDhw
JCsHN0sPIRE7eak467LlMzMzyN2k9JC2UcszcVdo0q8ZcFlWkS1ZwqxszXCkpeQ5
ODI3L1uToF12NHDMwsGEImXwRF1UyXckJufZigC2FPXXvTfwYHf0LA2qWzrdHS34
t+OpLPkBje8ptoyq9RRIAOwLOP5KIuZ3FPydwnkHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn0p7A/ORb6C9e8E6KLia9RvbfbcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk3NGZhZmMwLTllYmItNDQ4Yy1hNDNlLWFiNTM2OTk0ODM1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ9OsbWvgfsONC9FP1+DUF3ud2nm
VSOAxG16+ChQ0TSIBRMhGGtVjDG52go1U3wnt4ulNGA8ZVDPTy6P4MIbZoROm2II
w47VUd24Q1wAQ2A7WDYuy3dFSlEZMyvPjahklUto2Mz5mnFCpsZDhcEX7WAf5sd7
KnfHY0RG9kEvtQkZWu9SpRS3mSg0WqUCQpIxAEcdHQTs6fa7xeZW5AyIU0BiFofV
mTkUgDe/qV6T7SFXlOA5+eZJ8FsrYN9oHgNDmNTqeHHhL/Yy6adXtj0Ujjs6AX4X
isQwBOd/f5BJwAHljtqm3eyl7yqLb/x9qeoRoUGQewHVyZoSC8FSfeuKjKQ=
-----END CERTIFICATE-----