Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a396abb8-b42d-4ce1-b82e-2c1c8182adb4.roa
File:                     a396abb8-b42d-4ce1-b82e-2c1c8182adb4.roa (raw, json)
Hash identifier:          pVMU3dK1dQBJWrgjtGS2mig8cuGrVNc/x/+jOlaIEdI=
Subject key identifier:   AE:03:96:E0:FB:C8:3B:E3:67:20:CA:D2:DE:E0:B7:5A:BA:F0:60:A1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       428FDBB20D048C7B7C93D6D856F92C71277333A3
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a396abb8-b42d-4ce1-b82e-2c1c8182adb4.roa
Signing time:             Thu 28 Mar 2024 00:00:00 +0000
ROA not before:           Thu 28 Mar 2024 00:00:00 +0000
ROA not after:            Thu 02 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:8f:db:b2:0d:04:8c:7b:7c:93:d6:d8:56:f9:2c:71:27:73:33:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 28 00:00:00 2024 GMT
            Not After : May  2 23:59:59 2024 GMT
        Subject: serialNumber=5fc6f0cb0d0df5445966ee0feb70a58d25e4be0ee50322f87dec321881c08a7d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:84:35:f1:bc:47:4d:e8:25:35:0f:01:c7:9c:
                    c9:88:34:d7:20:05:b9:ad:f9:80:22:ca:bb:12:04:
                    bb:71:2c:3f:02:a1:a9:c3:25:fc:51:6b:80:f6:82:
                    0d:6c:8c:dd:cf:47:ea:a8:87:e1:b4:75:1e:d4:16:
                    38:ae:49:1e:c2:50:eb:58:74:80:bd:c5:80:48:50:
                    62:24:d4:7f:45:9a:75:8f:94:22:96:a3:ab:2b:c6:
                    05:bb:bc:5e:27:f2:a6:b6:03:68:00:7f:af:f7:e5:
                    fb:a2:35:6b:53:52:a2:da:45:e0:3d:d7:77:a0:41:
                    04:ae:87:af:c9:e0:df:18:28:1d:1e:c2:42:3e:51:
                    67:79:84:21:19:e2:bb:3d:d0:fd:45:bb:df:a9:1d:
                    94:dc:eb:dd:d7:2b:79:25:d6:ce:69:7a:0d:a2:59:
                    40:94:c9:ac:21:b2:bd:57:92:bf:a9:5b:a5:5e:d0:
                    d1:52:da:4e:0a:4c:63:24:93:17:18:09:bf:a4:c5:
                    ea:34:39:bb:de:e7:56:c5:1f:30:7b:eb:37:12:a4:
                    d0:2a:0e:11:a1:da:23:04:49:56:17:6a:40:20:47:
                    7f:99:09:74:14:5f:67:78:07:b9:4c:b4:7f:d5:06:
                    57:71:bc:cb:dc:da:6f:a6:5f:6c:fa:c0:a8:42:66:
                    3d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:03:96:E0:FB:C8:3B:E3:67:20:CA:D2:DE:E0:B7:5A:BA:F0:60:A1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a396abb8-b42d-4ce1-b82e-2c1c8182adb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:c4:ca:ff:b6:39:fb:90:ee:07:d6:58:be:ef:0a:4d:ab:82:
         8b:8f:70:78:1c:23:ef:79:84:69:c3:38:d1:1a:cf:12:d5:6e:
         bc:70:85:4c:b3:dd:bd:ac:c4:db:e5:a1:b0:b7:39:55:61:b8:
         3c:13:21:45:ee:31:4b:a3:28:68:cc:ea:9e:79:8f:5f:eb:cb:
         d3:d6:16:53:04:de:f5:35:49:f8:34:68:b7:f8:01:5f:74:27:
         33:c7:d6:2a:17:7b:2b:74:03:6d:6d:2c:bb:97:e1:91:64:8c:
         9a:43:ff:b6:a4:e0:36:2f:fe:20:8f:a8:fa:08:5f:7e:7a:9e:
         b1:48:8d:4c:4c:6d:f2:4c:7b:7e:bc:13:37:ba:4d:14:ae:12:
         bc:6b:d9:d8:bc:56:8f:93:63:07:d9:cc:5c:e6:a3:db:c9:0b:
         c4:4e:48:fb:55:54:d1:e0:b3:54:e6:4c:51:3c:ce:00:18:f2:
         79:2c:d0:20:1b:62:19:0e:a6:7a:4e:fc:7f:9d:39:5a:be:c5:
         bb:49:59:bc:b5:ec:fb:22:ef:af:cb:d9:ec:b2:ef:e3:93:15:
         c3:9f:d3:0f:09:6b:92:e6:95:91:87:5c:c1:5e:f0:df:ff:4e:
         b2:be:98:92:3d:88:58:9a:0b:50:d8:b0:3d:25:e9:5e:5f:9f:
         56:02:f5:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQo/bsg0EjHt8k9bYVvkscSdzM6MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzI4MDAwMDAwWhcNMjQwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZmM2ZjBjYjBkMGRmNTQ0NTk2NmVlMGZlYjcwYTU4ZDI1
ZTRiZTBlZTUwMzIyZjg3ZGVjMzIxODgxYzA4YTdkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7hDXxvEdN6CU1DwHHnMmINNcgBbmt+YAiyrsSBLtxLD8C
oanDJfxRa4D2gg1sjN3PR+qoh+G0dR7UFjiuSR7CUOtYdIC9xYBIUGIk1H9FmnWP
lCKWo6srxgW7vF4n8qa2A2gAf6/35fuiNWtTUqLaReA913egQQSuh6/J4N8YKB0e
wkI+UWd5hCEZ4rs90P1Fu9+pHZTc693XK3kl1s5peg2iWUCUyawhsr1Xkr+pW6Ve
0NFS2k4KTGMkkxcYCb+kxeo0Obve51bFHzB76zcSpNAqDhGh2iMESVYXakAgR3+Z
CXQUX2d4B7lMtH/VBldxvMvc2m+mX2z6wKhCZj01AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrgOW4PvIO+NnIMrS3uC3WrrwYKEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2EzOTZhYmI4LWI0MmQtNGNlMS1iODJlLTJjMWM4MTgyYWRiNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGvEyv+2OfuQ7gfWWL7vCk2rgouP
cHgcI+95hGnDONEazxLVbrxwhUyz3b2sxNvlobC3OVVhuDwTIUXuMUujKGjM6p55
j1/ry9PWFlME3vU1Sfg0aLf4AV90JzPH1ioXeyt0A21tLLuX4ZFkjJpD/7ak4DYv
/iCPqPoIX356nrFIjUxMbfJMe368Eze6TRSuErxr2di8Vo+TYwfZzFzmo9vJC8RO
SPtVVNHgs1TmTFE8zgAY8nks0CAbYhkOpnpO/H+dOVq+xbtJWby17Psi76/L2eyy
7+OTFcOf0w8Ja5LmlZGHXMFe8N//TrK+mJI9iFiaC1DYsD0l6V5fn1YC9YI=
-----END CERTIFICATE-----