Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9add97f2-0e5c-4b50-9039-59f9257ecf39.roa
File:                     9add97f2-0e5c-4b50-9039-59f9257ecf39.roa (raw, json)
Hash identifier:          IrPwqkOKPWA/O4SmCb/UICzJGF0l6SOGXfIIAcY6B8M=
Subject key identifier:   DD:20:03:7E:8F:39:49:0E:16:7E:7B:3C:83:50:7F:E2:A0:58:70:65
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3DF588B08DABF758AD8278E0C3C68C8FE6D4A989
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9add97f2-0e5c-4b50-9039-59f9257ecf39.roa
Signing time:             Mon 22 Jul 2024 00:00:00 +0000
ROA not before:           Mon 22 Jul 2024 00:00:00 +0000
ROA not after:            Mon 26 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:f5:88:b0:8d:ab:f7:58:ad:82:78:e0:c3:c6:8c:8f:e6:d4:a9:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 22 00:00:00 2024 GMT
            Not After : Aug 26 23:59:59 2024 GMT
        Subject: serialNumber=0eb2bb338b23cdadd50d78f3cd5f82dc8cd6d188a32d344139173decd26b2bc6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9f:a7:2e:24:33:65:22:12:e0:87:f5:f6:30:
                    22:01:00:14:3d:d6:50:b5:ce:92:d7:0a:33:19:ba:
                    03:ba:22:e1:ef:80:9d:f1:a2:53:74:85:09:32:09:
                    9f:d4:8d:13:2a:d0:b6:98:f1:58:81:d3:15:e3:08:
                    b2:61:ad:0f:ed:18:39:b0:f5:07:2b:9a:28:7e:4f:
                    95:df:61:d3:3b:29:6b:87:a1:ae:0f:42:52:5e:85:
                    48:0f:72:84:55:ea:0a:1f:25:3e:4a:69:29:53:2d:
                    33:a3:54:b7:48:2b:a4:4b:50:53:00:23:b8:6e:d0:
                    9e:83:dc:df:06:76:44:fa:a9:a1:77:02:ca:9a:33:
                    80:0e:82:27:36:55:a4:1c:ef:40:17:18:52:7c:53:
                    59:82:4f:b7:7c:3e:25:26:1f:ec:96:1b:72:09:28:
                    ad:ee:b8:d8:f8:a9:fe:e1:37:61:3f:ff:26:08:53:
                    fe:78:2f:6b:84:38:08:63:d9:ec:28:e4:9a:29:e5:
                    83:91:13:2e:24:53:c0:84:c1:cd:7d:a7:6e:6c:5b:
                    0a:24:7e:bf:dc:68:13:17:bf:a6:13:07:78:93:b5:
                    fc:79:e4:65:56:bd:ed:1b:53:b1:29:95:17:65:87:
                    4e:f9:48:7f:6d:2c:10:71:a5:16:d2:81:31:96:9c:
                    f6:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:20:03:7E:8F:39:49:0E:16:7E:7B:3C:83:50:7F:E2:A0:58:70:65
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9add97f2-0e5c-4b50-9039-59f9257ecf39.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:d5:f0:bf:1d:8d:58:07:53:62:39:c7:da:e7:ac:2f:2a:6a:
         2e:15:0b:5e:06:63:9a:f5:02:80:c5:e8:7d:96:75:84:12:05:
         16:48:5a:0b:a4:aa:05:74:57:92:47:7b:7a:3d:48:10:8f:05:
         31:a9:7b:83:2e:7e:05:88:fc:c3:8f:83:20:4b:b5:0f:80:8e:
         eb:f3:54:95:3d:e2:97:96:2f:b1:2f:5d:98:e3:8e:82:d5:7e:
         7a:85:1c:5b:82:a2:29:94:71:37:c2:6d:ae:25:a4:1f:15:ca:
         36:94:d6:72:b6:c8:e9:3c:1d:64:ce:80:97:86:67:82:2f:24:
         b8:54:96:05:74:32:68:4a:c0:c2:30:20:a1:7c:52:04:9f:6e:
         1a:1e:52:a1:99:ea:d1:73:22:31:7e:03:1a:5e:44:0a:82:f0:
         1e:35:30:1c:37:eb:54:5d:41:49:4b:69:46:ed:20:3a:92:13:
         f1:6b:1a:e1:d7:ab:fc:e0:23:67:eb:5e:46:e5:13:e9:d3:b2:
         8e:93:d1:97:60:47:ca:8c:84:56:69:28:00:67:c4:b0:bb:03:
         88:52:f7:09:c6:d5:c7:e4:36:0e:f6:78:60:30:c3:ac:15:53:
         05:22:f5:97:03:3e:b4:f7:64:73:68:a2:36:31:bd:f9:87:af:
         4a:78:21:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPfWIsI2r91itgnjgw8aMj+bUqYkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzIyMDAwMDAwWhcNMjQwODI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZWIyYmIzMzhiMjNjZGFkZDUwZDc4ZjNjZDVmODJkYzhj
ZDZkMTg4YTMyZDM0NDEzOTE3M2RlY2QyNmIyYmM2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgn6cuJDNlIhLgh/X2MCIBABQ91lC1zpLXCjMZugO6IuHv
gJ3xolN0hQkyCZ/UjRMq0LaY8ViB0xXjCLJhrQ/tGDmw9Qcrmih+T5XfYdM7KWuH
oa4PQlJehUgPcoRV6gofJT5KaSlTLTOjVLdIK6RLUFMAI7hu0J6D3N8GdkT6qaF3
AsqaM4AOgic2VaQc70AXGFJ8U1mCT7d8PiUmH+yWG3IJKK3uuNj4qf7hN2E//yYI
U/54L2uEOAhj2ewo5Jop5YOREy4kU8CEwc19p25sWwokfr/caBMXv6YTB3iTtfx5
5GVWve0bU7EplRdlh075SH9tLBBxpRbSgTGWnPZjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3SADfo85SQ4Wfns8g1B/4qBYcGUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlhZGQ5N2YyLTBlNWMtNGI1MC05MDM5LTU5ZjkyNTdlY2YzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA7V8L8djVgHU2I5x9rnrC8qai4V
C14GY5r1AoDF6H2WdYQSBRZIWgukqgV0V5JHe3o9SBCPBTGpe4MufgWI/MOPgyBL
tQ+AjuvzVJU94peWL7EvXZjjjoLVfnqFHFuCoimUcTfCba4lpB8VyjaU1nK2yOk8
HWTOgJeGZ4IvJLhUlgV0MmhKwMIwIKF8UgSfbhoeUqGZ6tFzIjF+AxpeRAqC8B41
MBw361RdQUlLaUbtIDqSE/FrGuHXq/zgI2frXkblE+nTso6T0ZdgR8qMhFZpKABn
xLC7A4hS9wnG1cfkNg72eGAww6wVUwUi9ZcDPrT3ZHNoojYxvfmHr0p4ISY=
-----END CERTIFICATE-----