Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9f1ac486-901a-470c-a140-0ef846773bca.roa
File:                     9f1ac486-901a-470c-a140-0ef846773bca.roa (raw, json)
Hash identifier:          ZVQNWBLVNSZ443rnr35d7rxJhGDYYFl5LcyHW//omy8=
Subject key identifier:   72:DD:CF:1B:01:55:D8:3F:D7:7F:51:92:D2:D6:FE:5A:7F:44:17:CC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1CB6426CDE6A49250DA3B97974693728C2A192A3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9f1ac486-901a-470c-a140-0ef846773bca.roa
Signing time:             Sun 11 Feb 2024 00:00:00 +0000
ROA not before:           Sun 11 Feb 2024 00:00:00 +0000
ROA not after:            Sun 17 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:b6:42:6c:de:6a:49:25:0d:a3:b9:79:74:69:37:28:c2:a1:92:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 11 00:00:00 2024 GMT
            Not After : Mar 17 23:59:59 2024 GMT
        Subject: serialNumber=127518a45a6e78cc0da6642697ddb60dac04a12b87d22618fd877cda7108ae46, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c0:fe:46:d8:7e:d3:91:1d:d0:f8:7f:1d:00:
                    2b:b6:55:05:15:f3:20:b2:ef:dd:14:2f:1f:1b:59:
                    45:b6:9e:e8:20:52:0b:aa:cd:82:66:70:10:b8:40:
                    9a:15:8c:cc:a9:18:cc:48:57:23:59:f6:1e:58:99:
                    0c:c9:f7:40:ee:c5:95:44:27:19:c8:fb:fd:e4:13:
                    1e:d0:69:ea:10:62:db:21:6a:62:a6:2e:1f:49:df:
                    5d:12:87:8c:a9:b7:c8:b7:57:10:a2:b8:99:58:cb:
                    88:dd:e0:54:0d:e4:04:45:a1:74:08:95:fa:74:1f:
                    72:8c:d3:01:cd:46:46:71:e8:27:08:c1:2a:08:c0:
                    9a:22:cd:8a:82:0d:f6:83:3c:83:3f:c0:61:88:4e:
                    b8:62:8a:7a:71:fc:9c:24:12:d8:61:aa:ab:4d:fe:
                    4c:d2:47:63:86:11:26:ca:5a:94:1d:61:0c:e0:43:
                    03:b3:57:15:0c:d6:5a:f3:25:e7:0c:2b:38:a5:b9:
                    fe:43:24:ce:25:2f:a4:b4:fc:f2:8e:f3:ed:a1:ef:
                    22:c8:3d:f2:80:a2:10:4a:5c:2e:a8:f8:05:f0:60:
                    61:ea:77:41:90:a2:3a:52:71:2c:67:16:36:af:b7:
                    1a:03:58:03:b4:b0:d9:b2:51:22:88:54:0c:10:36:
                    bc:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:DD:CF:1B:01:55:D8:3F:D7:7F:51:92:D2:D6:FE:5A:7F:44:17:CC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9f1ac486-901a-470c-a140-0ef846773bca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:c6:bc:c7:66:5e:4a:ff:06:08:05:c7:91:86:6a:a4:fb:9d:
         81:25:fe:3a:3b:ff:3d:e6:22:4e:a8:49:ce:f8:36:68:81:7f:
         52:62:54:ee:32:b7:0c:88:1c:5c:57:51:f8:4f:c3:6f:58:f3:
         88:4d:4e:93:bb:63:79:97:91:bf:83:b5:97:16:5c:99:98:3d:
         18:92:84:22:04:68:5a:a9:d9:af:00:4c:4a:6c:0a:b5:79:27:
         d5:7d:bf:a5:f7:5b:13:c1:d5:b8:6b:18:80:a4:17:e7:a2:09:
         9f:84:1f:41:fb:76:82:a4:b4:c8:ec:15:c8:75:3a:2c:8d:34:
         23:f6:95:1a:25:7a:e8:b7:35:5f:2f:00:a5:f9:b3:60:72:eb:
         c9:9a:fc:68:40:42:57:52:b8:08:19:d7:7d:8d:c6:44:01:92:
         1d:99:2e:35:4c:1f:15:75:18:4d:e6:f3:e2:80:4a:84:21:37:
         78:20:1d:d2:12:05:88:a6:e8:b0:6c:5c:53:8e:5b:60:29:d7:
         9d:1f:1c:51:48:e6:f1:8b:1e:a8:a3:ad:e9:7d:e4:a7:bf:21:
         31:af:bc:f8:bd:ea:70:57:3d:7c:24:bd:d0:97:66:4d:8d:b4:
         90:b9:e8:6f:fa:59:98:33:b8:9a:1d:f0:88:6f:73:f4:54:61:
         d6:b9:06:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHLZCbN5qSSUNo7l5dGk3KMKhkqMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjExMDAwMDAwWhcNMjQwMzE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMjc1MThhNDVhNmU3OGNjMGRhNjY0MjY5N2RkYjYwZGFj
MDRhMTJiODdkMjI2MThmZDg3N2NkYTcxMDhhZTQ2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxwP5G2H7TkR3Q+H8dACu2VQUV8yCy790ULx8bWUW2nugg
UguqzYJmcBC4QJoVjMypGMxIVyNZ9h5YmQzJ90DuxZVEJxnI+/3kEx7QaeoQYtsh
amKmLh9J310Sh4ypt8i3VxCiuJlYy4jd4FQN5ARFoXQIlfp0H3KM0wHNRkZx6CcI
wSoIwJoizYqCDfaDPIM/wGGITrhiinpx/JwkEthhqqtN/kzSR2OGESbKWpQdYQzg
QwOzVxUM1lrzJecMKziluf5DJM4lL6S0/PKO8+2h7yLIPfKAohBKXC6o+AXwYGHq
d0GQojpScSxnFjavtxoDWAO0sNmyUSKIVAwQNryvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUct3PGwFV2D/Xf1GS0tb+Wn9EF8wwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlmMWFjNDg2LTkwMWEtNDcwYy1hMTQwLTBlZjg0Njc3M2JjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI/GvMdmXkr/BggFx5GGaqT7nYEl
/jo7/z3mIk6oSc74NmiBf1JiVO4ytwyIHFxXUfhPw29Y84hNTpO7Y3mXkb+DtZcW
XJmYPRiShCIEaFqp2a8ATEpsCrV5J9V9v6X3WxPB1bhrGICkF+eiCZ+EH0H7doKk
tMjsFch1OiyNNCP2lRoleui3NV8vAKX5s2By68ma/GhAQldSuAgZ132NxkQBkh2Z
LjVMHxV1GE3m8+KASoQhN3ggHdISBYim6LBsXFOOW2Ap150fHFFI5vGLHqijrel9
5Ke/ITGvvPi96nBXPXwkvdCXZk2NtJC56G/6WZgzuJod8Ihvc/RUYda5BsQ=
-----END CERTIFICATE-----