Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9ef06381-3bf2-4fff-95b0-da13b7bb2f0a.roa
File:                     9ef06381-3bf2-4fff-95b0-da13b7bb2f0a.roa (raw, json)
Hash identifier:          63Vnk6r5QR0jfrCYAX62gURBDSWnZQEVz63d053tE9s=
Subject key identifier:   CE:F6:EE:A5:E2:71:A0:A0:4F:F2:85:A9:E6:1C:47:A5:3F:FB:C6:49
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       42B5E08EC6A0B2679741DC36E7D2F493371A21E6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9ef06381-3bf2-4fff-95b0-da13b7bb2f0a.roa
Signing time:             Fri 05 Jul 2024 00:00:00 +0000
ROA not before:           Fri 05 Jul 2024 00:00:00 +0000
ROA not after:            Fri 09 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:b5:e0:8e:c6:a0:b2:67:97:41:dc:36:e7:d2:f4:93:37:1a:21:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  5 00:00:00 2024 GMT
            Not After : Aug  9 23:59:59 2024 GMT
        Subject: serialNumber=b6e88abe0ab4466ad46740299c97a316d7a8a545be1a8f69f7c51035fdcbc093, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:af:b2:7c:2f:a2:47:35:42:69:ec:10:77:e7:
                    2e:d5:3a:3d:ed:47:2d:71:fb:43:ba:ec:60:1d:97:
                    6d:86:fb:a4:44:ab:86:c6:58:4a:91:53:26:3d:07:
                    7a:24:16:c4:b0:67:68:8b:92:2f:1e:a8:f6:de:91:
                    19:02:ea:8e:0b:56:07:8b:e2:0d:37:e1:85:24:b4:
                    e3:84:64:86:c9:68:42:c0:59:e6:7f:fe:eb:6f:ee:
                    1a:ec:52:2e:f6:61:05:d7:68:d2:a4:90:ca:20:da:
                    1d:d2:6f:8a:90:35:79:f4:bb:40:67:8a:cd:d3:c0:
                    12:ca:85:36:ff:81:c9:b1:f1:4f:43:50:ef:f5:43:
                    73:40:e0:41:38:bd:20:3a:32:e0:52:2d:af:fa:ee:
                    3c:44:54:39:f2:29:61:a7:87:69:8b:63:83:07:2d:
                    21:31:b9:93:93:e0:ae:a4:73:2b:ce:30:80:68:10:
                    3a:9e:b0:ca:74:4a:57:46:5a:2c:ae:04:c3:1e:9b:
                    36:9a:8c:bb:0f:c4:fd:a9:b9:6a:e5:5c:51:cd:77:
                    58:8d:3d:87:62:de:bc:f4:f9:33:ea:04:9f:d6:de:
                    50:98:57:14:48:5e:d3:45:4b:e3:1b:4e:25:96:bf:
                    74:e6:7c:b4:c2:a1:28:88:22:66:85:10:12:34:54:
                    b1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F6:EE:A5:E2:71:A0:A0:4F:F2:85:A9:E6:1C:47:A5:3F:FB:C6:49
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9ef06381-3bf2-4fff-95b0-da13b7bb2f0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:ef:3e:14:d7:02:61:65:d9:1f:b6:20:c9:1d:41:74:a1:dc:
         44:b4:1a:29:4b:66:0f:3d:9e:fc:ee:67:6f:d7:eb:31:b4:27:
         94:80:d3:73:61:f3:6e:7d:dc:04:e1:ae:3f:79:93:66:7e:2c:
         28:35:7e:9d:b3:ed:22:34:66:a6:06:b1:34:b1:96:7d:09:e9:
         54:25:ea:01:37:04:05:b3:d3:1c:a9:11:f6:6c:e9:07:00:1d:
         20:34:e7:02:cb:c8:9f:ca:5d:2e:72:3e:2a:57:c0:99:81:8c:
         04:88:30:9b:85:ae:1f:de:a8:54:83:24:31:2c:bd:d2:52:31:
         28:35:3e:d6:15:d9:bf:3b:7b:26:e3:4e:43:ee:7d:55:ce:26:
         48:63:f2:89:e9:1e:f0:eb:9f:1d:19:07:24:86:40:ed:c8:14:
         5c:31:0c:57:87:52:31:e1:6a:c9:9f:21:a1:80:ac:87:b6:e9:
         a9:45:d4:58:a1:be:83:e2:cd:d8:41:91:67:dd:04:2d:29:39:
         60:ea:2d:a3:0c:5c:9d:f7:9c:c6:1f:05:15:c8:aa:aa:2c:fb:
         20:a2:7e:cb:a2:f6:27:33:20:86:bc:f8:e4:42:db:97:21:b6:
         a6:62:6b:e2:96:42:e3:5a:13:94:c7:9a:da:7e:6c:18:7a:31:
         bd:ad:21:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQrXgjsagsmeXQdw259L0kzcaIeYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzA1MDAwMDAwWhcNMjQwODA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNmU4OGFiZTBhYjQ0NjZhZDQ2NzQwMjk5Yzk3YTMxNmQ3
YThhNTQ1YmUxYThmNjlmN2M1MTAzNWZkY2JjMDkzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyr7J8L6JHNUJp7BB35y7VOj3tRy1x+0O67GAdl22G+6RE
q4bGWEqRUyY9B3okFsSwZ2iLki8eqPbekRkC6o4LVgeL4g034YUktOOEZIbJaELA
WeZ//utv7hrsUi72YQXXaNKkkMog2h3Sb4qQNXn0u0Bnis3TwBLKhTb/gcmx8U9D
UO/1Q3NA4EE4vSA6MuBSLa/67jxEVDnyKWGnh2mLY4MHLSExuZOT4K6kcyvOMIBo
EDqesMp0SldGWiyuBMMemzaajLsPxP2puWrlXFHNd1iNPYdi3rz0+TPqBJ/W3lCY
VxRIXtNFS+MbTiWWv3TmfLTCoSiIImaFEBI0VLEJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzvbupeJxoKBP8oWp5hxHpT/7xkkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzllZjA2MzgxLTNiZjItNGZmZi05NWIwLWRhMTNiN2JiMmYwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHjvPhTXAmFl2R+2IMkdQXSh3ES0
GilLZg89nvzuZ2/X6zG0J5SA03Nh82593AThrj95k2Z+LCg1fp2z7SI0ZqYGsTSx
ln0J6VQl6gE3BAWz0xypEfZs6QcAHSA05wLLyJ/KXS5yPipXwJmBjASIMJuFrh/e
qFSDJDEsvdJSMSg1PtYV2b87eybjTkPufVXOJkhj8onpHvDrnx0ZBySGQO3IFFwx
DFeHUjHhasmfIaGArIe26alF1FihvoPizdhBkWfdBC0pOWDqLaMMXJ33nMYfBRXI
qqos+yCifsui9iczIIa8+ORC25chtqZia+KWQuNaE5THmtp+bBh6Mb2tIdM=
-----END CERTIFICATE-----