Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/989b4448-27d7-4000-9d7e-0b7d11b04268.roa
File:                     989b4448-27d7-4000-9d7e-0b7d11b04268.roa (raw, json)
Hash identifier:          /l2M3wrpH2Vb1sibHynEc5jrBR2WRKxE9Kgupv/S4Bs=
Subject key identifier:   BD:74:91:06:42:2F:4F:E6:A3:E4:AE:8F:5F:A9:53:DB:3A:AC:AB:1A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1FBF1F431D5712E01CA5618A6670C3CCA7F53585
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/989b4448-27d7-4000-9d7e-0b7d11b04268.roa
Signing time:             Mon 15 Jul 2024 00:00:00 +0000
ROA not before:           Mon 15 Jul 2024 00:00:00 +0000
ROA not after:            Mon 19 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:bf:1f:43:1d:57:12:e0:1c:a5:61:8a:66:70:c3:cc:a7:f5:35:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 15 00:00:00 2024 GMT
            Not After : Aug 19 23:59:59 2024 GMT
        Subject: serialNumber=d16a5a3f96a55c58b3b61ed39c736439e3e323627e3e8549b3f794a2dee33c11, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ea:16:a5:71:56:08:29:1a:38:af:1f:12:66:
                    42:7c:c8:31:9c:a0:d7:d9:9d:61:02:0e:fb:03:88:
                    e6:3b:67:e7:7c:87:bf:57:bd:66:85:63:21:51:47:
                    ab:ba:f9:3d:30:d4:a2:fd:91:e9:38:68:7a:e8:d3:
                    96:84:87:d3:a1:61:41:73:1b:ed:15:4f:64:5e:bf:
                    42:a2:2c:1c:0e:56:e4:81:7b:ef:57:11:72:e7:f0:
                    95:b2:bd:36:3b:cf:13:c0:c4:9c:11:6d:5f:98:ec:
                    ce:9d:e1:68:cb:f0:6c:b3:ff:6c:d2:93:53:d8:11:
                    ce:c8:11:e5:06:3f:4b:28:4d:f4:5c:a1:91:7e:2c:
                    b0:db:eb:3e:7e:89:f7:5b:1d:3f:58:a3:1b:ce:77:
                    2b:36:b8:08:a9:8b:17:ec:c3:1c:dc:3a:98:ff:ec:
                    d6:30:f3:c3:5d:7f:73:50:fb:ee:c4:6e:e4:a2:c2:
                    9e:12:0b:7d:65:89:6d:d5:c1:da:13:69:42:aa:8e:
                    a9:cd:92:ae:0d:3b:68:9a:d1:ad:f1:a0:db:ca:8b:
                    29:97:03:93:37:85:dd:d6:8b:4f:fc:76:9d:37:66:
                    78:76:9e:31:b5:8c:6d:bd:1a:d9:b1:b4:1f:08:fa:
                    b7:16:38:ae:7d:a0:de:78:46:85:fb:08:d5:0f:f3:
                    b3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:74:91:06:42:2F:4F:E6:A3:E4:AE:8F:5F:A9:53:DB:3A:AC:AB:1A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/989b4448-27d7-4000-9d7e-0b7d11b04268.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:26:69:ca:34:30:e1:5a:36:31:dd:8d:89:3f:4e:f2:3a:18:
         8d:fd:bc:80:95:6b:f8:aa:b2:9a:20:b7:11:35:b2:cd:f9:65:
         43:db:c3:3e:57:51:98:05:97:07:f1:c4:66:c7:5d:dc:72:21:
         b4:47:ee:dd:c0:dc:75:79:07:e5:72:c3:3f:d5:c6:4d:73:27:
         b6:03:38:2b:f6:d2:74:a2:6f:14:ea:53:77:fa:db:fa:88:f1:
         89:e6:17:1d:ec:7b:9f:e8:0c:89:89:e1:2d:45:51:69:f6:be:
         b0:82:8c:dd:05:48:8f:6a:56:6e:9c:dd:ed:7f:ad:6d:6b:a0:
         9c:24:c5:9b:29:b2:7d:93:cb:83:f4:7b:21:12:2f:9e:c8:18:
         fd:20:e3:0a:bd:15:3e:fd:34:21:7a:fe:41:d3:40:44:a6:2f:
         55:ba:78:63:bf:6f:88:9c:45:23:15:b9:5d:96:90:aa:8a:1b:
         81:17:19:23:57:9c:a5:fb:57:8f:e5:a8:b0:b2:3e:84:e9:69:
         c4:b7:6d:c3:b2:e0:17:f7:d7:28:34:25:fb:82:6c:8f:57:d4:
         29:4a:57:41:cc:45:b6:78:4d:7d:8f:f2:28:43:f2:49:44:24:
         be:95:b7:b9:d7:ae:f2:20:e1:48:01:5f:f1:19:a6:28:1c:61:
         76:8f:3c:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH78fQx1XEuAcpWGKZnDDzKf1NYUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE1MDAwMDAwWhcNMjQwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTZhNWEzZjk2YTU1YzU4YjNiNjFlZDM5YzczNjQzOWUz
ZTMyMzYyN2UzZTg1NDliM2Y3OTRhMmRlZTMzYzExMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC46halcVYIKRo4rx8SZkJ8yDGcoNfZnWECDvsDiOY7Z+d8
h79XvWaFYyFRR6u6+T0w1KL9kek4aHro05aEh9OhYUFzG+0VT2Rev0KiLBwOVuSB
e+9XEXLn8JWyvTY7zxPAxJwRbV+Y7M6d4WjL8Gyz/2zSk1PYEc7IEeUGP0soTfRc
oZF+LLDb6z5+ifdbHT9YoxvOdys2uAipixfswxzcOpj/7NYw88Ndf3NQ++7EbuSi
wp4SC31liW3VwdoTaUKqjqnNkq4NO2ia0a3xoNvKiymXA5M3hd3Wi0/8dp03Znh2
njG1jG29GtmxtB8I+rcWOK59oN54RoX7CNUP87ONAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvXSRBkIvT+aj5K6PX6lT2zqsqxowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk4OWI0NDQ4LTI3ZDctNDAwMC05ZDdlLTBiN2QxMWIwNDI2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFMmaco0MOFaNjHdjYk/TvI6GI39
vICVa/iqspogtxE1ss35ZUPbwz5XUZgFlwfxxGbHXdxyIbRH7t3A3HV5B+Vywz/V
xk1zJ7YDOCv20nSibxTqU3f62/qI8YnmFx3se5/oDImJ4S1FUWn2vrCCjN0FSI9q
Vm6c3e1/rW1roJwkxZspsn2Ty4P0eyESL57IGP0g4wq9FT79NCF6/kHTQESmL1W6
eGO/b4icRSMVuV2WkKqKG4EXGSNXnKX7V4/lqLCyPoTpacS3bcOy4Bf31yg0JfuC
bI9X1ClKV0HMRbZ4TX2P8ihD8klEJL6Vt7nXrvIg4UgBX/EZpigcYXaPPOA=
-----END CERTIFICATE-----