Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a4ae45da-dfe8-4b20-a572-8e0c700d11aa.roa
File:                     a4ae45da-dfe8-4b20-a572-8e0c700d11aa.roa (raw, json)
Hash identifier:          KoyuG2eOUIMt25Hj6h4wKfGgaqlk3Jw0/So39y2QB1Q=
Subject key identifier:   F4:0D:51:01:CB:74:10:99:A2:20:25:AC:C9:A8:74:61:99:85:EF:43
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       41C163502691B5302E8636C386F0C0A8F4329EC4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a4ae45da-dfe8-4b20-a572-8e0c700d11aa.roa
Signing time:             Fri 13 Sep 2024 00:00:00 +0000
ROA not before:           Fri 13 Sep 2024 00:00:00 +0000
ROA not after:            Fri 18 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:c1:63:50:26:91:b5:30:2e:86:36:c3:86:f0:c0:a8:f4:32:9e:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 13 00:00:00 2024 GMT
            Not After : Oct 18 23:59:59 2024 GMT
        Subject: serialNumber=dd820d02500b087c7428f8c0d8691d89411991f30f61ba894e9d26033e18db2b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:24:73:d5:42:10:c4:ad:6b:f4:d9:6a:1e:d5:
                    44:89:8b:a4:28:b3:fd:87:bf:a6:43:dd:7d:25:4d:
                    56:d2:a8:22:8e:96:9a:bf:25:83:e8:7e:b7:fa:f4:
                    98:22:4d:92:5a:c3:2d:d2:23:cf:51:56:e0:dc:0b:
                    26:a6:25:ea:d3:7c:5f:e9:22:31:54:67:c5:dd:c7:
                    4e:e8:8c:63:5b:a2:81:38:3a:b0:25:24:7a:d7:4b:
                    51:b4:c3:b8:9a:2a:08:55:89:d7:1c:8b:fa:30:60:
                    5a:c2:dc:f2:cd:8d:5a:87:49:be:0a:22:5b:5f:4c:
                    63:9f:46:be:b4:a2:51:53:fe:3a:b6:06:a1:f1:5f:
                    b5:c9:e2:23:3e:7b:97:98:71:c0:b4:dc:5b:83:3e:
                    34:a7:fd:94:e6:ea:c9:6c:73:67:f3:c7:20:54:1a:
                    27:cb:9e:fc:35:c3:71:2e:0b:17:9d:c6:b1:d4:93:
                    f8:9b:d7:d8:89:a7:25:15:7f:23:ac:ce:f0:49:4d:
                    60:e9:f9:63:d1:b2:92:cb:b5:9a:48:99:f8:7b:f1:
                    64:58:65:41:32:5e:7e:16:c7:e5:ee:89:bd:06:8e:
                    be:c3:ad:40:86:4f:6f:22:b2:6d:7f:6d:88:72:19:
                    a5:66:f8:48:b2:35:10:b6:78:8a:24:fd:b6:b9:25:
                    60:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:0D:51:01:CB:74:10:99:A2:20:25:AC:C9:A8:74:61:99:85:EF:43
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a4ae45da-dfe8-4b20-a572-8e0c700d11aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:e4:a4:6a:32:f1:79:a1:70:bc:7e:eb:96:2e:6b:cd:1b:48:
         37:87:31:f2:be:3c:7b:fe:23:8f:f2:79:50:1a:b5:c8:b5:f0:
         c9:52:53:4a:fd:68:4e:f0:aa:f0:6c:e2:fe:a7:e4:5b:cd:8b:
         6a:13:b9:a7:23:e3:33:ee:3f:7f:8f:7a:9c:f6:2b:53:70:06:
         97:fb:13:32:59:f8:3a:8c:9b:0d:66:d1:51:88:8a:c2:b5:1d:
         10:24:72:5a:3b:b0:81:ee:b2:18:b0:76:3c:1b:e4:40:5d:59:
         19:18:5a:6d:74:6a:db:9f:34:e0:51:37:da:49:30:e8:1e:d1:
         4b:02:bc:bf:6c:ea:1d:ec:79:c9:d8:05:58:b5:22:07:b8:48:
         3f:bd:d3:58:ed:90:28:b9:95:1d:06:1b:1c:f8:14:66:d3:b1:
         25:b7:cc:b2:76:c8:71:18:bb:59:8a:99:68:bd:77:04:30:db:
         ca:51:52:94:88:58:60:12:a4:b3:7b:cb:54:4e:3a:7b:6a:52:
         ca:24:a5:c2:01:92:5f:14:90:af:13:f1:ac:fa:07:3e:61:52:
         43:09:6a:a3:50:cc:68:69:f5:60:6e:f3:73:38:82:86:6e:8b:
         f0:50:93:ca:0b:4d:1b:1a:9a:1c:9c:47:3e:6e:56:ba:68:32:
         a0:1d:26:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQcFjUCaRtTAuhjbDhvDAqPQynsQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwOTEzMDAwMDAwWhcNMjQxMDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZDgyMGQwMjUwMGIwODdjNzQyOGY4YzBkODY5MWQ4OTQx
MTk5MWYzMGY2MWJhODk0ZTlkMjYwMzNlMThkYjJiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoJHPVQhDErWv02Woe1USJi6Qos/2Hv6ZD3X0lTVbSqCKO
lpq/JYPofrf69JgiTZJawy3SI89RVuDcCyamJerTfF/pIjFUZ8Xdx07ojGNbooE4
OrAlJHrXS1G0w7iaKghVidcci/owYFrC3PLNjVqHSb4KIltfTGOfRr60olFT/jq2
BqHxX7XJ4iM+e5eYccC03FuDPjSn/ZTm6slsc2fzxyBUGifLnvw1w3EuCxedxrHU
k/ib19iJpyUVfyOszvBJTWDp+WPRspLLtZpImfh78WRYZUEyXn4Wx+Xuib0Gjr7D
rUCGT28ism1/bYhyGaVm+EiyNRC2eIok/ba5JWDdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9A1RAct0EJmiICWsyah0YZmF70MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E0YWU0NWRhLWRmZTgtNGIyMC1hNTcyLThlMGM3MDBkMTFhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC/kpGoy8XmhcLx+65Yua80bSDeH
MfK+PHv+I4/yeVAatci18MlSU0r9aE7wqvBs4v6n5FvNi2oTuacj4zPuP3+Pepz2
K1NwBpf7EzJZ+DqMmw1m0VGIisK1HRAkclo7sIHushiwdjwb5EBdWRkYWm10atuf
NOBRN9pJMOge0UsCvL9s6h3secnYBVi1Ige4SD+901jtkCi5lR0GGxz4FGbTsSW3
zLJ2yHEYu1mKmWi9dwQw28pRUpSIWGASpLN7y1ROOntqUsokpcIBkl8UkK8T8az6
Bz5hUkMJaqNQzGhp9WBu83M4goZui/BQk8oLTRsamhycRz5uVrpoMqAdJt0=
-----END CERTIFICATE-----