Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/98a69414-1b90-4634-b173-478e2be6e70a.roa
File:                     98a69414-1b90-4634-b173-478e2be6e70a.roa (raw, json)
Hash identifier:          pDL13ARMsnIn5KpdH1C9He7YplFwxsNsGw5QQlCshPM=
Subject key identifier:   85:1A:A9:73:EF:4B:FF:16:6F:31:2F:E1:8C:6C:60:E2:54:03:9E:57
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       359E33BB815C78D6A6DF8262CD5EEEAE4E29C80E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/98a69414-1b90-4634-b173-478e2be6e70a.roa
Signing time:             Mon 29 Jan 2024 00:00:00 +0000
ROA not before:           Mon 29 Jan 2024 00:00:00 +0000
ROA not after:            Mon 04 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:9e:33:bb:81:5c:78:d6:a6:df:82:62:cd:5e:ee:ae:4e:29:c8:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 29 00:00:00 2024 GMT
            Not After : Mar  4 23:59:59 2024 GMT
        Subject: serialNumber=b688abc2e9891a89d75498aaa34b8ebfa6220d501fae9ae60176698c9789b266, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:03:8c:06:d9:4f:e0:66:74:72:a4:12:4c:59:
                    e9:35:dd:dd:19:c0:74:ab:6a:79:df:82:ee:8a:de:
                    01:7f:88:b6:1b:90:bb:ee:1a:3b:b9:41:33:b2:4c:
                    5c:c0:96:1c:80:a3:00:0e:b9:15:61:d4:d8:b5:b1:
                    95:83:bc:78:31:fe:b6:b2:1b:62:cf:97:a2:23:38:
                    19:95:51:f7:ab:d0:f3:43:bf:cc:f4:13:c8:20:6d:
                    9b:4e:92:de:c6:82:c6:05:bd:dc:88:be:13:39:05:
                    ad:5c:2e:aa:8e:4b:96:28:31:f2:3b:4d:86:63:75:
                    6c:79:01:db:81:6e:fe:be:c6:92:30:56:d3:47:f6:
                    66:73:a0:bc:c6:8f:5a:3b:12:22:06:26:06:17:5d:
                    3d:bc:a4:8f:fd:27:fd:31:ee:d6:6e:fa:0d:e7:97:
                    ba:8c:39:01:c9:25:9f:9c:59:9d:9c:49:64:ac:e8:
                    45:1d:50:e8:4b:be:b4:d2:42:49:de:cf:72:9e:76:
                    9f:02:4f:ac:5c:2a:c9:d3:cb:48:36:c0:66:6d:81:
                    e9:c4:21:c0:a0:69:87:ae:7b:7e:96:df:dd:3f:38:
                    5e:72:f5:d1:03:02:b9:97:f1:d9:e7:03:c1:2a:99:
                    84:75:fe:ed:43:01:75:4b:d9:66:11:7a:6a:d9:2a:
                    ba:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:1A:A9:73:EF:4B:FF:16:6F:31:2F:E1:8C:6C:60:E2:54:03:9E:57
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/98a69414-1b90-4634-b173-478e2be6e70a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:36:89:b9:d1:04:2e:92:8e:4e:ee:59:1c:39:e7:cb:cd:3a:
         e1:d5:fd:ee:c7:84:77:75:1d:39:01:86:e8:c5:82:97:c7:91:
         fd:cc:16:54:ee:74:d7:35:03:40:c4:48:85:14:a9:ff:0a:3e:
         68:a8:8c:1a:d1:f5:5a:78:d8:f5:61:81:b7:b8:d6:7b:3a:b5:
         ed:24:90:43:2f:f7:fa:e5:c2:32:e7:f7:ea:de:5b:2e:58:74:
         c4:e5:bf:e9:62:6b:b4:f1:d2:fa:3a:b9:d5:c4:4d:fc:17:39:
         ba:20:9e:9a:73:54:05:f1:91:c2:55:06:bb:19:b5:b6:d1:48:
         e4:43:6b:90:1c:9a:ad:93:d6:db:d7:50:04:5d:1e:20:e0:96:
         47:b3:ea:33:26:9d:23:bf:c7:26:4c:a4:58:0c:26:26:52:e1:
         dd:a1:e7:b7:06:01:e6:a2:46:08:72:3f:0c:79:e2:18:b6:38:
         b2:64:9f:35:1d:98:99:e9:f5:05:a4:9a:db:9d:27:f4:49:a3:
         56:3b:07:3f:ff:ad:25:17:6a:88:94:0e:7a:8b:4d:93:fc:11:
         2b:5b:52:5c:82:b8:a6:83:3c:a0:b5:45:9c:50:78:95:21:8f:
         ba:0f:93:b8:6a:ee:52:72:30:a6:18:ff:b1:cd:a3:9a:f1:cf:
         2d:bd:3c:20
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNZ4zu4FceNam34JizV7urk4pyA4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTI5MDAwMDAwWhcNMjQwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNjg4YWJjMmU5ODkxYTg5ZDc1NDk4YWFhMzRiOGViZmE2
MjIwZDUwMWZhZTlhZTYwMTc2Njk4Yzk3ODliMjY2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKA4wG2U/gZnRypBJMWek13d0ZwHSrannfgu6K3gF/iLYb
kLvuGju5QTOyTFzAlhyAowAOuRVh1Ni1sZWDvHgx/rayG2LPl6IjOBmVUfer0PND
v8z0E8ggbZtOkt7GgsYFvdyIvhM5Ba1cLqqOS5YoMfI7TYZjdWx5AduBbv6+xpIw
VtNH9mZzoLzGj1o7EiIGJgYXXT28pI/9J/0x7tZu+g3nl7qMOQHJJZ+cWZ2cSWSs
6EUdUOhLvrTSQknez3Kedp8CT6xcKsnTy0g2wGZtgenEIcCgaYeue36W390/OF5y
9dEDArmX8dnnA8EqmYR1/u1DAXVL2WYRemrZKroLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhRqpc+9L/xZvMS/hjGxg4lQDnlcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk4YTY5NDE0LTFiOTAtNDYzNC1iMTczLTQ3OGUyYmU2ZTcwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALA2ibnRBC6Sjk7uWRw558vNOuHV
/e7HhHd1HTkBhujFgpfHkf3MFlTudNc1A0DESIUUqf8KPmiojBrR9Vp42PVhgbe4
1ns6te0kkEMv9/rlwjLn9+reWy5YdMTlv+lia7Tx0vo6udXETfwXObognppzVAXx
kcJVBrsZtbbRSORDa5Acmq2T1tvXUARdHiDglkez6jMmnSO/xyZMpFgMJiZS4d2h
57cGAeaiRghyPwx54hi2OLJknzUdmJnp9QWkmtudJ/RJo1Y7Bz//rSUXaoiUDnqL
TZP8EStbUlyCuKaDPKC1RZxQeJUhj7oPk7hq7lJyMKYY/7HNo5rxzy29PCA=
-----END CERTIFICATE-----