Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9ad84d8d-ab56-44ed-8e11-d362e9e55ee2.roa
File:                     9ad84d8d-ab56-44ed-8e11-d362e9e55ee2.roa (raw, json)
Hash identifier:          urd+bEoAWZm4shFyz9m00Jqlhx9so88fYn5rqtbpT10=
Subject key identifier:   2D:79:D3:7A:46:90:01:17:72:C8:42:B9:F5:A2:3C:E3:B1:27:BF:06
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3253C6F21043D0F242739FF47526CF0C01DC052F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9ad84d8d-ab56-44ed-8e11-d362e9e55ee2.roa
Signing time:             Sat 10 Aug 2024 00:00:00 +0000
ROA not before:           Sat 10 Aug 2024 00:00:00 +0000
ROA not after:            Sat 14 Sep 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:53:c6:f2:10:43:d0:f2:42:73:9f:f4:75:26:cf:0c:01:dc:05:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 10 00:00:00 2024 GMT
            Not After : Sep 14 23:59:59 2024 GMT
        Subject: serialNumber=d91a256e8d1d8fd8e59efc31e2b4e7c94e7d29072976b98d4a862fdd50b047e6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:af:18:36:7f:54:2a:aa:90:19:f8:b3:31:30:
                    b8:7a:86:c8:5c:73:62:51:d9:a9:d7:18:32:03:80:
                    4e:13:aa:57:6d:61:f8:b4:dc:fe:34:82:d4:8f:92:
                    00:aa:c9:3b:c7:d4:01:1e:e3:10:7f:f2:0c:65:5e:
                    c6:94:26:fe:fa:90:7b:61:5a:3e:20:96:a1:90:76:
                    c4:02:21:34:39:bf:d3:74:d2:ef:60:07:c1:d2:c3:
                    1e:c7:74:c0:f5:6e:44:3a:dc:e0:39:37:56:42:e5:
                    01:03:81:19:fb:5e:38:14:3b:76:5c:c1:1a:af:6f:
                    d3:3e:44:fd:d1:28:cd:f6:2b:48:ad:fc:7b:5f:b1:
                    c5:e3:93:f0:76:1c:bb:63:79:bd:03:a4:6d:2b:9d:
                    6d:4a:d0:71:b5:a7:1e:91:96:58:cb:7e:33:69:2a:
                    f7:77:dd:2d:28:92:5b:3e:29:2b:e1:19:80:3b:8d:
                    74:80:3c:e7:59:65:03:b3:9b:22:f7:a0:e1:a8:52:
                    7e:12:8a:44:41:a2:03:92:fe:ea:c8:e4:fa:65:ca:
                    3a:5a:2f:6d:92:3f:5a:d4:47:79:fe:ec:7b:bd:1f:
                    be:9e:06:f6:c2:ae:ef:88:b7:0f:27:95:14:e2:dc:
                    84:52:c5:5f:56:16:bd:e2:8b:08:8e:d7:09:87:f5:
                    a4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:79:D3:7A:46:90:01:17:72:C8:42:B9:F5:A2:3C:E3:B1:27:BF:06
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9ad84d8d-ab56-44ed-8e11-d362e9e55ee2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:bf:72:f2:b4:23:35:b8:04:8f:01:53:76:60:57:8f:38:cb:
         97:c7:bb:e2:8f:1c:47:a2:d0:ea:b1:0c:12:48:14:77:93:a8:
         4a:2a:6d:49:d8:b6:f4:78:cf:96:81:e8:c7:f6:d6:50:e9:8d:
         fb:9d:d2:64:eb:b5:0b:96:05:05:ac:46:2e:38:1a:b4:0e:1d:
         a7:37:b0:da:c1:e4:3e:12:9e:52:84:23:78:a7:4c:f7:61:74:
         3f:23:bd:3a:5b:b4:71:c2:8e:02:33:aa:f0:9e:a8:aa:b4:62:
         28:a5:4c:88:eb:3a:a7:20:75:f6:02:82:fa:0f:79:ea:ae:75:
         b6:19:66:e4:e0:a9:60:2d:9a:c9:03:97:68:d6:db:a9:f2:b6:
         69:91:d3:fb:71:d6:38:53:e6:43:ab:25:a9:b7:2c:ee:be:46:
         19:6c:5c:bd:33:62:5f:e7:d7:b5:79:40:07:cd:70:2d:15:f2:
         77:fe:36:80:91:9e:f3:b9:f3:86:bb:20:9e:11:ab:e7:7d:5b:
         8e:c0:cf:e6:76:da:bc:f1:a9:1c:7f:16:d8:01:9f:48:35:91:
         a5:a2:c0:af:3f:e8:68:88:f3:fa:9d:b5:37:12:51:bc:0d:0e:
         7f:8a:da:94:40:a8:52:66:a2:6f:69:7a:85:70:aa:41:a0:e4:
         fb:3e:22:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMlPG8hBD0PJCc5/0dSbPDAHcBS8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODEwMDAwMDAwWhcNMjQwOTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTFhMjU2ZThkMWQ4ZmQ4ZTU5ZWZjMzFlMmI0ZTdjOTRl
N2QyOTA3Mjk3NmI5OGQ0YTg2MmZkZDUwYjA0N2U2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZrxg2f1QqqpAZ+LMxMLh6hshcc2JR2anXGDIDgE4Tqldt
Yfi03P40gtSPkgCqyTvH1AEe4xB/8gxlXsaUJv76kHthWj4glqGQdsQCITQ5v9N0
0u9gB8HSwx7HdMD1bkQ63OA5N1ZC5QEDgRn7XjgUO3ZcwRqvb9M+RP3RKM32K0it
/HtfscXjk/B2HLtjeb0DpG0rnW1K0HG1px6RlljLfjNpKvd33S0okls+KSvhGYA7
jXSAPOdZZQOzmyL3oOGoUn4SikRBogOS/urI5PplyjpaL22SP1rUR3n+7Hu9H76e
BvbCru+Itw8nlRTi3IRSxV9WFr3iiwiO1wmH9aTXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULXnTekaQARdyyEK59aI847EnvwYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlhZDg0ZDhkLWFiNTYtNDRlZC04ZTExLWQzNjJlOWU1NWVlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAm/cvK0IzW4BI8BU3ZgV484y5fH
u+KPHEei0OqxDBJIFHeTqEoqbUnYtvR4z5aB6Mf21lDpjfud0mTrtQuWBQWsRi44
GrQOHac3sNrB5D4SnlKEI3inTPdhdD8jvTpbtHHCjgIzqvCeqKq0YiilTIjrOqcg
dfYCgvoPeequdbYZZuTgqWAtmskDl2jW26nytmmR0/tx1jhT5kOrJam3LO6+Rhls
XL0zYl/n17V5QAfNcC0V8nf+NoCRnvO584a7IJ4Rq+d9W47Az+Z22rzxqRx/FtgB
n0g1kaWiwK8/6GiI8/qdtTcSUbwNDn+K2pRAqFJmom9peoVwqkGg5Ps+Ik0=
-----END CERTIFICATE-----