Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a226c29d-a1ca-44cf-9091-08d25f3968db.roa
File:                     a226c29d-a1ca-44cf-9091-08d25f3968db.roa (raw, json)
Hash identifier:          HHQunDbz5b+eNQWSu3f1CE3Qxo5uXODoRgT2bfWzvsk=
Subject key identifier:   95:68:42:F7:C8:E3:85:D6:C3:5F:71:E7:FA:19:FF:3C:68:D3:AB:8F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       60ECCDB180371BACDE919823F32730900AD43245
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a226c29d-a1ca-44cf-9091-08d25f3968db.roa
Signing time:             Sat 18 May 2024 00:00:00 +0000
ROA not before:           Sat 18 May 2024 00:00:00 +0000
ROA not after:            Sat 22 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:ec:cd:b1:80:37:1b:ac:de:91:98:23:f3:27:30:90:0a:d4:32:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 18 00:00:00 2024 GMT
            Not After : Jun 22 23:59:59 2024 GMT
        Subject: serialNumber=f1ba7d73b737fa1c008361f8fef420dccaf428762728bd03192e5f6d9b9b9c4f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:2b:89:07:e0:e5:fa:96:df:07:85:d8:ae:fa:
                    06:3a:5d:3b:6c:13:a7:d0:bb:70:92:be:89:fa:96:
                    32:cf:62:dc:d9:07:50:04:77:6e:34:2f:71:8e:1e:
                    d3:41:9d:23:71:98:f0:bb:f9:31:35:6d:b4:53:18:
                    6e:90:97:ff:81:b4:10:00:c0:4a:0a:a2:91:94:49:
                    3c:48:3c:7b:5a:1c:0b:7c:7c:8c:df:0c:7d:d2:30:
                    49:75:d6:ed:51:2a:3f:24:f7:1c:c2:d6:35:41:04:
                    b3:64:56:3a:05:20:63:eb:25:0b:8e:da:8e:a3:c1:
                    c8:4d:35:ce:29:ce:f8:ee:3d:d2:45:31:28:63:18:
                    c8:1e:03:ea:00:dc:01:11:00:43:f0:bb:b6:50:fa:
                    e0:93:07:ed:ec:6d:a5:02:0e:0e:20:c3:59:e4:44:
                    06:a5:58:6b:68:a2:1c:da:6f:da:42:e1:55:20:c8:
                    2a:15:de:e2:4d:43:a3:46:8a:0b:07:f6:03:a1:6e:
                    1e:06:5c:26:bb:c9:88:55:4a:b2:a8:dc:cd:b2:49:
                    00:7a:95:98:50:e4:25:44:33:a9:c4:e9:46:86:12:
                    89:b0:c7:7e:e1:e4:a4:b9:22:31:ae:ad:91:27:09:
                    50:2b:51:02:0c:21:96:1c:e8:b1:4a:6d:ac:d7:5d:
                    f6:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:68:42:F7:C8:E3:85:D6:C3:5F:71:E7:FA:19:FF:3C:68:D3:AB:8F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a226c29d-a1ca-44cf-9091-08d25f3968db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:4b:38:cb:71:aa:57:d1:d0:e1:7c:fa:92:49:ca:12:1d:24:
         21:bb:bd:5a:4e:72:30:da:5f:2a:c6:5f:8e:38:e0:bf:b8:f6:
         a2:09:5b:2c:32:c0:44:7d:af:3a:78:6a:55:93:13:c1:95:19:
         7a:71:c8:70:85:7a:7d:27:13:33:ad:5c:3d:43:09:38:33:65:
         ae:0d:aa:be:7a:87:69:9c:86:c3:44:af:26:05:1e:2c:cb:0b:
         9d:10:2c:a2:31:9c:75:16:a6:b1:c5:cd:fb:5e:aa:1b:26:d6:
         20:02:b6:57:0e:92:80:7a:2d:23:53:38:7f:c7:66:83:e0:83:
         7c:87:f6:1f:fa:e7:89:16:43:59:66:40:d9:6a:f2:a4:09:6c:
         fe:e9:e2:dc:08:98:33:af:f0:23:11:be:2a:c2:0d:a7:7f:e5:
         ea:87:75:a2:8b:d3:72:ef:94:a0:ee:09:1c:df:c9:b6:ea:42:
         f9:23:89:c8:f6:af:ab:a0:09:a0:4c:2b:8c:2d:54:6c:1f:68:
         00:df:5c:da:d3:06:22:c6:ed:0c:07:c1:1b:f1:05:4b:5c:a3:
         46:95:79:f4:f3:de:e4:7b:9f:27:3e:a6:c0:73:8a:22:5c:f8:
         65:d2:b2:b5:b0:b0:58:f7:d5:12:ad:f1:f3:43:75:f2:8b:45:
         b9:d0:97:bb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYOzNsYA3G6zekZgj8ycwkArUMkUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTE4MDAwMDAwWhcNMjQwNjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMWJhN2Q3M2I3MzdmYTFjMDA4MzYxZjhmZWY0MjBkY2Nh
ZjQyODc2MjcyOGJkMDMxOTJlNWY2ZDliOWI5YzRmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYK4kH4OX6lt8Hhdiu+gY6XTtsE6fQu3CSvon6ljLPYtzZ
B1AEd240L3GOHtNBnSNxmPC7+TE1bbRTGG6Ql/+BtBAAwEoKopGUSTxIPHtaHAt8
fIzfDH3SMEl11u1RKj8k9xzC1jVBBLNkVjoFIGPrJQuO2o6jwchNNc4pzvjuPdJF
MShjGMgeA+oA3AERAEPwu7ZQ+uCTB+3sbaUCDg4gw1nkRAalWGtoohzab9pC4VUg
yCoV3uJNQ6NGigsH9gOhbh4GXCa7yYhVSrKo3M2ySQB6lZhQ5CVEM6nE6UaGEomw
x37h5KS5IjGurZEnCVArUQIMIZYc6LFKbazXXfb7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlWhC98jjhdbDX3Hn+hn/PGjTq48wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2EyMjZjMjlkLWExY2EtNDRjZi05MDkxLTA4ZDI1ZjM5NjhkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFdLOMtxqlfR0OF8+pJJyhIdJCG7
vVpOcjDaXyrGX4444L+49qIJWywywER9rzp4alWTE8GVGXpxyHCFen0nEzOtXD1D
CTgzZa4Nqr56h2mchsNEryYFHizLC50QLKIxnHUWprHFzfteqhsm1iACtlcOkoB6
LSNTOH/HZoPgg3yH9h/654kWQ1lmQNlq8qQJbP7p4twImDOv8CMRvirCDad/5eqH
daKL03LvlKDuCRzfybbqQvkjicj2r6ugCaBMK4wtVGwfaADfXNrTBiLG7QwHwRvx
BUtco0aVefTz3uR7nyc+psBziiJc+GXSsrWwsFj31RKt8fNDdfKLRbnQl7s=
-----END CERTIFICATE-----