Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a0cdec20-9546-467b-aa98-54aafb450fb0.roa
File:                     a0cdec20-9546-467b-aa98-54aafb450fb0.roa (raw, json)
Hash identifier:          8Hiij84MqDG9OOf9ISeW/JHfyxgQGG7F96LWfnmQHtk=
Subject key identifier:   6A:33:97:25:0B:B2:11:08:FF:16:90:CC:B9:9B:BC:4E:0E:26:FD:50
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0BF5DF919402F0B424DB9BAC0CF3B77A84A40D05
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a0cdec20-9546-467b-aa98-54aafb450fb0.roa
Signing time:             Fri 29 Dec 2023 00:00:00 +0000
ROA not before:           Fri 29 Dec 2023 00:00:00 +0000
ROA not after:            Fri 02 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:f5:df:91:94:02:f0:b4:24:db:9b:ac:0c:f3:b7:7a:84:a4:0d:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 29 00:00:00 2023 GMT
            Not After : Feb  2 23:59:59 2024 GMT
        Subject: serialNumber=a00edf7f97a147498e332d7f2634f4841145621ad49a3dc6f79f06a8346a0a64, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:01:98:c6:1b:00:8f:25:3c:43:87:b8:36:ea:
                    2f:99:ac:29:63:cd:0c:ee:e0:2f:03:1d:9b:08:47:
                    10:a6:7b:30:55:df:5f:1c:21:1b:53:80:73:e3:bf:
                    4e:ea:94:fe:3a:18:2d:c3:2d:f8:2d:7c:be:41:fd:
                    2c:fd:a5:c7:54:7c:be:4a:26:c6:eb:43:e5:74:df:
                    6f:b3:37:0c:91:0e:aa:be:98:e5:a5:e7:a0:c9:45:
                    39:b1:fd:9f:be:f9:e2:21:e4:03:0a:35:ad:0a:98:
                    1a:8d:f7:53:b4:c5:02:72:85:a6:53:9f:c7:58:bc:
                    e6:7f:ff:35:0d:16:2f:7a:48:74:ed:82:25:88:3a:
                    e8:92:7b:f1:93:ee:ec:fe:10:c6:b3:f6:25:39:7d:
                    92:2f:61:20:d5:21:93:f0:56:00:df:a7:d1:1a:ae:
                    cc:bc:ed:b1:d4:c7:e6:cc:0a:04:a9:8e:d7:0a:bc:
                    0e:fa:96:77:0e:1a:10:11:7a:9b:28:1a:65:0c:16:
                    5c:ed:4f:db:9e:40:e7:5f:69:de:50:73:e6:75:de:
                    0a:be:a5:d5:4a:5d:cd:5e:3d:34:50:6d:22:2e:fc:
                    a0:e4:2d:65:3c:62:8b:c0:78:4b:39:aa:11:d2:0e:
                    7b:4f:ad:04:6d:f1:a2:0f:6d:67:c3:9f:70:4f:79:
                    ab:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:33:97:25:0B:B2:11:08:FF:16:90:CC:B9:9B:BC:4E:0E:26:FD:50
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a0cdec20-9546-467b-aa98-54aafb450fb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:b3:06:e1:f3:70:7a:10:c7:b1:33:2d:75:b5:79:09:7d:fe:
         e4:cc:c1:35:b6:81:38:c9:b4:f1:d4:a0:e8:d4:9a:87:c9:53:
         12:55:97:90:33:12:bf:df:2e:ba:ea:e4:d0:c8:dc:83:81:42:
         80:f4:fe:f2:7c:02:79:4b:e8:0d:01:32:8b:59:8e:8a:91:5e:
         c1:6c:fa:02:cb:41:5d:f0:43:c6:06:e4:83:fb:85:a4:66:23:
         e3:b6:31:b7:0a:4f:a2:73:32:ac:bc:6f:53:c0:ec:01:ce:7d:
         7f:78:c5:2b:a2:cd:df:68:18:a8:1c:9d:f3:3a:c7:49:84:c6:
         74:97:69:82:30:92:b7:2e:6c:bf:8d:b9:33:1f:28:b9:7d:00:
         4e:65:45:db:c2:82:f1:09:77:38:40:db:4d:bb:14:38:7c:7c:
         13:c1:29:c1:8e:59:42:15:9e:0b:54:04:4e:5b:36:cb:b8:ae:
         98:1e:11:55:a8:b9:84:72:a8:50:21:2e:8f:e8:30:a6:f5:ca:
         80:02:87:07:3a:a0:a2:34:21:f6:12:c2:78:13:97:7b:06:a2:
         6a:2e:5d:f5:1d:0a:e0:b9:2a:c9:a9:22:f4:5c:45:65:32:65:
         2a:1f:3b:1a:eb:61:88:28:d6:c5:a5:12:79:05:ae:fc:6e:f0:
         3e:ca:61:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC/XfkZQC8LQk25usDPO3eoSkDQUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjI5MDAwMDAwWhcNMjQwMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMDBlZGY3Zjk3YTE0NzQ5OGUzMzJkN2YyNjM0ZjQ4NDEx
NDU2MjFhZDQ5YTNkYzZmNzlmMDZhODM0NmEwYTY0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFAZjGGwCPJTxDh7g26i+ZrCljzQzu4C8DHZsIRxCmezBV
318cIRtTgHPjv07qlP46GC3DLfgtfL5B/Sz9pcdUfL5KJsbrQ+V032+zNwyRDqq+
mOWl56DJRTmx/Z+++eIh5AMKNa0KmBqN91O0xQJyhaZTn8dYvOZ//zUNFi96SHTt
giWIOuiSe/GT7uz+EMaz9iU5fZIvYSDVIZPwVgDfp9Earsy87bHUx+bMCgSpjtcK
vA76lncOGhARepsoGmUMFlztT9ueQOdfad5Qc+Z13gq+pdVKXc1ePTRQbSIu/KDk
LWU8YovAeEs5qhHSDntPrQRt8aIPbWfDn3BPeatRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUajOXJQuyEQj/FpDMuZu8Tg4m/VAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2EwY2RlYzIwLTk1NDYtNDY3Yi1hYTk4LTU0YWFmYjQ1MGZiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHyzBuHzcHoQx7EzLXW1eQl9/uTM
wTW2gTjJtPHUoOjUmofJUxJVl5AzEr/fLrrq5NDI3IOBQoD0/vJ8AnlL6A0BMotZ
joqRXsFs+gLLQV3wQ8YG5IP7haRmI+O2MbcKT6JzMqy8b1PA7AHOfX94xSuizd9o
GKgcnfM6x0mExnSXaYIwkrcubL+NuTMfKLl9AE5lRdvCgvEJdzhA2027FDh8fBPB
KcGOWUIVngtUBE5bNsu4rpgeEVWouYRyqFAhLo/oMKb1yoAChwc6oKI0IfYSwngT
l3sGomouXfUdCuC5KsmpIvRcRWUyZSofOxrrYYgo1sWlEnkFrvxu8D7KYdM=
-----END CERTIFICATE-----