Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9f84f637-a9e7-4690-9014-0c2b237878c0.roa
File:                     9f84f637-a9e7-4690-9014-0c2b237878c0.roa (raw, json)
Hash identifier:          2RjrD90bhhUxDJASAHy7J7ay2fmCgjUNJvcvt7b2Dwg=
Subject key identifier:   78:9F:07:3B:26:7A:16:34:34:A4:FA:DB:DB:8C:D4:41:92:76:90:B0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       27163A021D3B9562D07CAE818A181EFF70E5051F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9f84f637-a9e7-4690-9014-0c2b237878c0.roa
Signing time:             Sun 11 Aug 2024 00:00:00 +0000
ROA not before:           Sun 11 Aug 2024 00:00:00 +0000
ROA not after:            Sun 15 Sep 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:16:3a:02:1d:3b:95:62:d0:7c:ae:81:8a:18:1e:ff:70:e5:05:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 11 00:00:00 2024 GMT
            Not After : Sep 15 23:59:59 2024 GMT
        Subject: serialNumber=fded32bf7983d888bf174207c15b7acd9bd698367bcf024a4bd64a58e3b80c96, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cd:58:18:f6:49:ab:d6:58:e0:99:74:46:fc:
                    25:21:9e:44:39:83:80:d0:5b:31:cd:4d:23:a7:72:
                    44:75:f3:f2:ba:b3:2f:fc:0d:b1:a9:41:9a:0f:63:
                    e6:22:1e:45:97:f8:32:fe:75:6b:f2:d1:96:63:fa:
                    fe:39:a7:ff:b6:34:1e:9c:c9:3e:6b:33:cb:0c:e6:
                    ed:0f:e1:f1:f0:39:22:b3:35:7e:22:95:13:65:e9:
                    71:09:98:11:c8:04:55:9a:c6:a7:02:96:6d:8a:ee:
                    02:05:7a:d9:4e:2a:4e:60:0c:b4:c9:98:76:cc:f9:
                    ed:ac:32:a2:fd:82:3d:51:79:89:09:d4:0c:a2:fd:
                    0e:4d:70:e3:5b:9f:61:27:d0:07:45:bb:0f:9f:eb:
                    af:cb:41:2d:68:b5:ff:db:eb:c1:4b:6f:c5:39:d6:
                    3b:d7:fe:c2:7a:e2:c1:b7:f8:4b:34:e1:47:24:6e:
                    f4:13:16:0c:d9:62:05:93:47:6f:91:18:be:b0:fe:
                    48:9f:08:9b:61:22:85:95:ac:ed:53:58:7c:b3:ef:
                    96:51:f2:1d:be:25:2a:39:89:ec:98:64:bc:8f:3b:
                    27:d0:a7:4f:e8:74:22:76:60:39:95:be:4e:60:84:
                    ae:c5:04:f9:c1:ad:d3:48:9f:2e:8b:98:4e:7b:d3:
                    d7:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:9F:07:3B:26:7A:16:34:34:A4:FA:DB:DB:8C:D4:41:92:76:90:B0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9f84f637-a9e7-4690-9014-0c2b237878c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:2f:d3:92:a5:8f:52:eb:3a:20:f1:12:5d:e5:e1:47:e2:a3:
         49:ab:7b:25:ae:f8:2b:a2:94:96:c4:e0:69:6f:2e:68:c7:7f:
         b5:ef:46:3c:18:14:34:dd:b6:a7:54:87:96:d2:74:fc:3b:26:
         91:9c:31:3f:de:f8:1c:c5:14:10:f4:4c:7f:7e:be:8e:a5:51:
         da:d3:5a:03:2d:e6:35:c0:0f:d3:5b:33:76:68:92:c4:6b:fc:
         cf:bf:1a:2a:b4:d5:d9:54:1b:47:dd:de:e1:de:26:96:de:72:
         a3:50:60:68:ec:fb:58:24:82:c8:16:7d:62:4d:4a:52:8b:c8:
         67:21:5a:90:02:f6:c3:af:1e:1f:51:4f:8c:12:08:be:c4:4f:
         ac:47:6a:d1:c3:2f:5c:fc:01:cf:0a:b3:7f:93:a2:f6:56:bd:
         7f:d9:7a:2e:58:b8:d2:7c:de:b7:f3:e8:76:e6:12:d5:99:84:
         75:57:a5:09:8b:a3:13:c6:ed:66:8a:c4:d7:4b:50:34:4c:df:
         fb:8e:66:93:35:02:2a:bf:87:c9:4d:2b:f9:4e:d1:48:e5:13:
         09:c6:87:a4:c8:94:c3:5c:86:0e:7a:1b:0a:2b:99:4b:c4:97:
         dd:32:a9:da:77:e3:cf:81:35:d2:be:86:45:f8:e9:57:c0:10:
         13:61:5e:0e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJxY6Ah07lWLQfK6Bihge/3DlBR8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODExMDAwMDAwWhcNMjQwOTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZGVkMzJiZjc5ODNkODg4YmYxNzQyMDdjMTViN2FjZDli
ZDY5ODM2N2JjZjAyNGE0YmQ2NGE1OGUzYjgwYzk2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfzVgY9kmr1ljgmXRG/CUhnkQ5g4DQWzHNTSOnckR18/K6
sy/8DbGpQZoPY+YiHkWX+DL+dWvy0ZZj+v45p/+2NB6cyT5rM8sM5u0P4fHwOSKz
NX4ilRNl6XEJmBHIBFWaxqcClm2K7gIFetlOKk5gDLTJmHbM+e2sMqL9gj1ReYkJ
1Ayi/Q5NcONbn2En0AdFuw+f66/LQS1otf/b68FLb8U51jvX/sJ64sG3+Es04Uck
bvQTFgzZYgWTR2+RGL6w/kifCJthIoWVrO1TWHyz75ZR8h2+JSo5ieyYZLyPOyfQ
p0/odCJ2YDmVvk5ghK7FBPnBrdNIny6LmE5709efAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeJ8HOyZ6FjQ0pPrb24zUQZJ2kLAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzlmODRmNjM3LWE5ZTctNDY5MC05MDE0LTBjMmIyMzc4NzhjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH4v05Klj1LrOiDxEl3l4Ufio0mr
eyWu+CuilJbE4GlvLmjHf7XvRjwYFDTdtqdUh5bSdPw7JpGcMT/e+BzFFBD0TH9+
vo6lUdrTWgMt5jXAD9NbM3ZoksRr/M+/Giq01dlUG0fd3uHeJpbecqNQYGjs+1gk
gsgWfWJNSlKLyGchWpAC9sOvHh9RT4wSCL7ET6xHatHDL1z8Ac8Ks3+TovZWvX/Z
ei5YuNJ83rfz6HbmEtWZhHVXpQmLoxPG7WaKxNdLUDRM3/uOZpM1Aiq/h8lNK/lO
0UjlEwnGh6TIlMNchg56GwormUvEl90yqdp348+BNdK+hkX46VfAEBNhXg4=
-----END CERTIFICATE-----