Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a197af81-27b9-4c15-bcc4-b24deb85f106.roa
File:                     a197af81-27b9-4c15-bcc4-b24deb85f106.roa (raw, json)
Hash identifier:          i4sOKkDbEwD00QZCRwg5gUBUtubmpfNQHvW9zAIIdWU=
Subject key identifier:   B9:6C:7F:9C:7B:EB:3B:E2:82:4B:3B:26:17:96:4D:EB:D3:A8:C8:74
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7479CEE5B2EA88BDE8C47F8273F221B34C98EEBF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a197af81-27b9-4c15-bcc4-b24deb85f106.roa
Signing time:             Thu 30 May 2024 00:00:00 +0000
ROA not before:           Thu 30 May 2024 00:00:00 +0000
ROA not after:            Thu 04 Jul 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:79:ce:e5:b2:ea:88:bd:e8:c4:7f:82:73:f2:21:b3:4c:98:ee:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 30 00:00:00 2024 GMT
            Not After : Jul  4 23:59:59 2024 GMT
        Subject: serialNumber=3201121a1b19b88433c9b060ea600f898b464e167b37f5929b3c26b6d77b369e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:a2:e3:69:45:e0:12:5d:b6:11:9d:07:d8:a0:
                    d9:89:64:47:2a:23:81:b9:02:96:34:77:59:be:76:
                    7a:8e:97:b5:31:96:4d:59:c7:08:83:14:5d:0b:60:
                    ee:fc:75:c6:bf:f1:6e:91:b7:cb:93:ee:eb:03:8d:
                    17:fb:c0:50:e7:12:8f:24:0e:51:4d:d1:ca:13:90:
                    29:7b:a2:8a:fe:2a:1f:ce:4b:f4:e5:40:ee:69:68:
                    3e:94:0e:2b:79:64:24:90:b7:c3:2f:cb:56:8a:59:
                    b8:2f:fa:df:eb:ff:c8:f6:48:56:43:2d:97:c2:ba:
                    ad:80:a2:dc:0a:00:79:e3:01:f7:e8:91:e8:e6:ee:
                    cf:50:d5:a8:e3:19:68:9a:42:da:58:ef:fe:91:35:
                    ae:6c:ba:bb:4b:10:80:66:e6:35:2f:7c:ba:4e:a5:
                    3d:48:3e:b8:73:cf:2f:c0:31:5c:09:b1:0e:3a:f9:
                    b1:93:00:a1:44:34:bd:f0:36:3a:04:7f:44:b8:67:
                    cc:83:a4:9f:c4:51:fa:b2:d9:93:76:e3:7a:9a:a5:
                    f1:f4:81:94:61:92:d4:97:b7:94:40:d3:70:ab:6b:
                    08:68:f6:7d:09:f7:fb:3a:4d:20:56:d2:e7:d8:60:
                    30:c0:8f:ce:a1:68:6e:59:4c:8c:33:a0:0e:3a:bd:
                    27:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:6C:7F:9C:7B:EB:3B:E2:82:4B:3B:26:17:96:4D:EB:D3:A8:C8:74
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a197af81-27b9-4c15-bcc4-b24deb85f106.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:08:e9:2e:65:9b:45:89:32:82:71:14:e8:33:36:30:0c:70:
         c7:6b:22:a4:b4:b9:95:24:17:5a:31:f0:d1:43:0d:81:80:42:
         b0:53:2d:f2:75:37:30:6c:9f:90:93:73:6c:ee:ff:07:41:bb:
         c6:c4:bf:e5:b8:19:cf:7e:bd:ed:53:98:f8:ea:15:5b:2a:88:
         6a:90:63:d9:db:7a:e1:e3:ac:d9:55:da:fb:ce:51:14:6c:58:
         ad:28:4d:5b:8d:6d:62:9b:f1:9a:e0:20:74:7e:4c:5d:45:8f:
         5b:df:1e:07:85:32:68:88:57:90:7b:ff:df:0e:5b:bc:da:ff:
         fe:08:c9:b5:86:07:9e:f4:2a:be:3b:13:9f:51:c1:31:4c:29:
         f8:cf:5c:75:c6:a7:25:d5:52:04:40:1e:ab:a8:0d:19:8e:b2:
         74:f3:68:ce:65:c6:48:f9:65:bb:73:ec:2b:93:bc:9b:4a:89:
         51:94:38:ea:af:22:c6:27:2d:72:33:63:1c:c6:78:8c:e3:bd:
         3b:c4:44:76:95:95:90:f8:6b:a6:10:35:9e:63:71:e2:47:86:
         d4:fd:35:1f:a2:05:3c:54:2e:1d:af:5f:cd:c1:8b:24:e7:e8:
         b1:44:5e:46:f4:16:47:e2:ea:e9:e0:88:35:53:93:c0:e7:39:
         b4:0b:15:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdHnO5bLqiL3oxH+Cc/Ihs0yY7r8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTMwMDAwMDAwWhcNMjQwNzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjAxMTIxYTFiMTliODg0MzNjOWIwNjBlYTYwMGY4OThi
NDY0ZTE2N2IzN2Y1OTI5YjNjMjZiNmQ3N2IzNjllMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoouNpReASXbYRnQfYoNmJZEcqI4G5ApY0d1m+dnqOl7Ux
lk1ZxwiDFF0LYO78dca/8W6Rt8uT7usDjRf7wFDnEo8kDlFN0coTkCl7oor+Kh/O
S/TlQO5paD6UDit5ZCSQt8Mvy1aKWbgv+t/r/8j2SFZDLZfCuq2AotwKAHnjAffo
kejm7s9Q1ajjGWiaQtpY7/6RNa5surtLEIBm5jUvfLpOpT1IPrhzzy/AMVwJsQ46
+bGTAKFENL3wNjoEf0S4Z8yDpJ/EUfqy2ZN243qapfH0gZRhktSXt5RA03Crawho
9n0J9/s6TSBW0ufYYDDAj86haG5ZTIwzoA46vSetAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuWx/nHvrO+KCSzsmF5ZN69OoyHQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ExOTdhZjgxLTI3YjktNGMxNS1iY2M0LWIyNGRlYjg1ZjEwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB0I6S5lm0WJMoJxFOgzNjAMcMdr
IqS0uZUkF1ox8NFDDYGAQrBTLfJ1NzBsn5CTc2zu/wdBu8bEv+W4Gc9+ve1TmPjq
FVsqiGqQY9nbeuHjrNlV2vvOURRsWK0oTVuNbWKb8ZrgIHR+TF1Fj1vfHgeFMmiI
V5B7/98OW7za//4IybWGB570Kr47E59RwTFMKfjPXHXGpyXVUgRAHquoDRmOsnTz
aM5lxkj5Zbtz7CuTvJtKiVGUOOqvIsYnLXIzYxzGeIzjvTvERHaVlZD4a6YQNZ5j
ceJHhtT9NR+iBTxULh2vX83BiyTn6LFEXkb0Fkfi6ungiDVTk8DnObQLFSY=
-----END CERTIFICATE-----