Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d741ac8-45da-43fc-a0e9-981e894376c2.roa
File:                     9d741ac8-45da-43fc-a0e9-981e894376c2.roa (raw, json)
Hash identifier:          cOkhwn9YNYtTZmk2s4cZvlAEYF1haZ5LsgsssPclo0c=
Subject key identifier:   67:5F:C5:8E:56:2B:3F:50:67:3B:AC:4E:2B:5B:FF:9F:D8:F2:01:CA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6DD18C865C0DBA700A7EF1EC4E4B221432E55765
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d741ac8-45da-43fc-a0e9-981e894376c2.roa
Signing time:             Thu 21 Nov 2024 00:00:00 +0000
ROA not before:           Thu 21 Nov 2024 00:00:00 +0000
ROA not after:            Thu 26 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:d1:8c:86:5c:0d:ba:70:0a:7e:f1:ec:4e:4b:22:14:32:e5:57:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 21 00:00:00 2024 GMT
            Not After : Dec 26 23:59:59 2024 GMT
        Subject: serialNumber=f1e063387602a91b61578a9a2a551b99440325dcaffa5efaa635cf5f53bc4556, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:63:66:b1:58:d9:38:b5:ea:cd:cd:68:f2:8b:
                    14:1c:a5:75:93:e9:71:22:0d:dc:bd:de:3a:65:62:
                    f8:67:f2:c9:76:17:b1:a1:96:c2:b9:89:71:26:32:
                    0b:e2:c0:0d:92:52:37:e4:8a:49:54:7a:13:16:90:
                    dc:9f:39:f2:fa:eb:65:ff:e6:cd:b9:2c:45:9a:39:
                    10:9a:b0:8d:69:de:df:e3:58:79:e4:23:e6:54:97:
                    b0:fb:81:d0:7e:63:d1:41:bd:e7:7a:99:90:5a:61:
                    4b:5c:3a:72:16:0e:3a:11:f5:94:cf:e6:c3:0f:f6:
                    cf:22:7f:ff:25:80:bd:a2:bb:11:a8:5d:8b:8d:e7:
                    a0:56:f7:d9:56:d1:31:bf:e6:02:98:1c:97:3d:7f:
                    3e:9e:7c:98:1d:65:87:8b:c1:86:71:e5:2e:0f:a7:
                    00:3e:4b:56:55:a7:ec:68:8e:d6:c4:6b:9b:54:b6:
                    f4:4e:36:85:c3:4e:78:bb:7a:37:d8:0c:cd:94:93:
                    ad:4a:01:11:99:3a:54:ad:96:7b:33:f7:eb:3b:ee:
                    0d:77:fb:0d:ef:d1:84:39:81:08:9e:e7:e4:cf:8e:
                    52:96:6d:99:05:3a:db:30:d1:14:59:9b:2f:50:47:
                    ff:45:f3:37:ab:be:b3:f3:b4:ca:3e:a6:d9:59:ce:
                    b8:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:5F:C5:8E:56:2B:3F:50:67:3B:AC:4E:2B:5B:FF:9F:D8:F2:01:CA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9d741ac8-45da-43fc-a0e9-981e894376c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:2a:44:d7:5f:d0:c0:0e:87:44:67:2b:f1:55:81:ee:58:3d:
         8f:b6:67:45:78:bd:94:9b:ea:10:58:e9:b4:cf:25:f6:40:6d:
         1f:f0:a7:4d:c9:f5:c0:3a:b4:15:1c:9a:09:d2:11:33:20:45:
         00:0e:21:52:d2:31:e3:53:85:a2:74:b0:6b:3e:cc:17:59:88:
         72:99:88:46:f5:a3:24:87:c0:c3:b2:04:c9:84:2e:84:59:45:
         e1:3f:a5:8c:4b:c7:10:e2:9d:18:0b:c4:e8:ec:e4:95:e9:af:
         38:de:4b:1a:5a:6c:bb:0e:0e:63:cb:16:d1:57:26:24:08:d6:
         ca:a3:0e:67:fc:21:7c:5a:8b:57:87:00:32:4e:56:62:77:8f:
         80:c9:9a:64:a1:89:f9:41:44:b4:a5:28:b4:df:e6:5c:1f:eb:
         73:f1:e4:64:f9:f0:39:f1:4b:d5:11:0d:58:3f:74:7d:70:f9:
         e4:7e:a3:62:dd:ba:33:3b:8a:0d:ec:f4:97:25:d2:3e:b7:f2:
         bf:06:6d:1d:15:00:f1:a3:b6:4a:68:3e:24:e8:92:68:47:21:
         12:ba:ac:83:db:ed:c7:01:c9:0d:78:f4:42:f7:fe:cf:98:de:
         b8:22:59:12:fa:7d:40:4c:8b:3b:f6:1f:ec:b8:c4:28:1e:d9:
         bb:d7:c8:dc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbdGMhlwNunAKfvHsTksiFDLlV2UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTIxMDAwMDAwWhcNMjQxMjI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMWUwNjMzODc2MDJhOTFiNjE1NzhhOWEyYTU1MWI5OTQ0
MDMyNWRjYWZmYTVlZmFhNjM1Y2Y1ZjUzYmM0NTU2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChY2axWNk4terNzWjyixQcpXWT6XEiDdy93jplYvhn8sl2
F7GhlsK5iXEmMgviwA2SUjfkiklUehMWkNyfOfL662X/5s25LEWaORCasI1p3t/j
WHnkI+ZUl7D7gdB+Y9FBved6mZBaYUtcOnIWDjoR9ZTP5sMP9s8if/8lgL2iuxGo
XYuN56BW99lW0TG/5gKYHJc9fz6efJgdZYeLwYZx5S4PpwA+S1ZVp+xojtbEa5tU
tvRONoXDTni7ejfYDM2Uk61KARGZOlStlnsz9+s77g13+w3v0YQ5gQie5+TPjlKW
bZkFOtsw0RRZmy9QR/9F8zervrPztMo+ptlZzrh1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ1/FjlYrP1BnO6xOK1v/n9jyAcowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlkNzQxYWM4LTQ1ZGEtNDNmYy1hMGU5LTk4MWU4OTQzNzZjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJsqRNdf0MAOh0RnK/FVge5YPY+2
Z0V4vZSb6hBY6bTPJfZAbR/wp03J9cA6tBUcmgnSETMgRQAOIVLSMeNThaJ0sGs+
zBdZiHKZiEb1oySHwMOyBMmELoRZReE/pYxLxxDinRgLxOjs5JXprzjeSxpabLsO
DmPLFtFXJiQI1sqjDmf8IXxai1eHADJOVmJ3j4DJmmShiflBRLSlKLTf5lwf63Px
5GT58DnxS9URDVg/dH1w+eR+o2LdujM7ig3s9Jcl0j638r8GbR0VAPGjtkpoPiTo
kmhHIRK6rIPb7ccByQ149EL3/s+Y3rgiWRL6fUBMizv2H+y4xCge2bvXyNw=
-----END CERTIFICATE-----