Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a9cacdeb-0020-44e8-b042-f448de9cae99.roa
File:                     a9cacdeb-0020-44e8-b042-f448de9cae99.roa (raw, json)
Hash identifier:          utKzHiRC9HdTB38FFtnf6EAcuyy6wNN0QOhxOPYEIfM=
Subject key identifier:   17:54:7F:12:8A:1D:45:17:57:B0:1A:43:00:C0:AF:57:E4:5F:4A:DC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       589B3D95BEF6A5716535F076613259C18621CEBA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a9cacdeb-0020-44e8-b042-f448de9cae99.roa
Signing time:             Mon 15 Apr 2024 00:00:00 +0000
ROA not before:           Mon 15 Apr 2024 00:00:00 +0000
ROA not after:            Mon 20 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:9b:3d:95:be:f6:a5:71:65:35:f0:76:61:32:59:c1:86:21:ce:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 15 00:00:00 2024 GMT
            Not After : May 20 23:59:59 2024 GMT
        Subject: serialNumber=414a4c85e3c18b60c469eb4604ecd13d6fbd54d89e808dcf474bda70a88ceb8b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d2:25:08:46:80:a7:40:d6:0c:70:2b:2e:74:
                    3b:75:b9:c3:f0:04:ab:9d:18:cd:e9:cf:4a:21:b9:
                    9f:d8:02:6d:1a:f2:df:8e:2c:71:db:a7:b1:e8:95:
                    9f:48:7f:1f:71:63:d1:e7:22:e6:ce:c7:ca:b2:f9:
                    7d:34:4e:df:e4:e1:d0:a0:f1:6a:a9:3b:3c:ef:51:
                    2c:79:23:31:6d:b6:ea:1c:88:7a:87:ba:14:d2:cc:
                    50:2c:51:be:bf:eb:b6:0d:a4:a2:5c:e3:76:e7:0d:
                    bc:33:8e:ae:70:6d:38:f4:7b:de:ba:78:4a:7b:f9:
                    5b:ce:80:97:00:02:69:44:06:db:c7:52:b1:98:da:
                    6d:df:d3:54:40:f1:ec:ee:b7:fb:dd:04:d8:c9:0e:
                    1c:6f:16:a5:d5:84:3d:b8:db:7f:ad:96:2c:d4:04:
                    02:6c:38:73:a4:ae:b0:b7:89:a6:46:34:06:15:3a:
                    9b:38:34:24:d3:7f:79:cc:fd:d6:1c:ed:78:6f:e4:
                    92:f7:4b:ab:b0:5c:83:a0:3c:1c:57:5a:af:09:00:
                    3a:da:be:a1:0f:0c:af:b8:16:1b:ac:7c:de:ba:70:
                    15:20:7a:b7:bf:02:ad:f7:2d:b7:71:de:88:3b:7f:
                    b4:bb:a6:4f:8a:59:86:bf:22:e8:97:aa:ae:ad:fc:
                    f4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:54:7F:12:8A:1D:45:17:57:B0:1A:43:00:C0:AF:57:E4:5F:4A:DC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a9cacdeb-0020-44e8-b042-f448de9cae99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:35:8c:ee:98:c4:77:41:39:56:ea:42:e8:1b:03:77:08:2c:
         41:b9:29:2e:8e:e8:66:53:d7:13:c7:bb:00:84:29:12:16:b6:
         fa:84:a2:c4:0f:9e:8d:5f:8c:32:ee:93:75:82:1b:c9:bf:e0:
         6d:63:21:27:79:d5:7e:fc:88:6a:35:85:24:e8:c1:69:e8:bb:
         f5:d3:c1:5f:06:82:d6:97:f7:63:4a:44:36:cb:02:1f:8f:da:
         b0:ee:f7:38:1e:8a:4a:8f:fe:10:ca:90:f8:1d:42:84:61:0c:
         89:4a:6f:ad:37:6e:3e:12:c1:7c:cb:ee:cb:fd:a4:09:43:b0:
         09:26:f9:e3:c6:5a:fd:ce:05:73:16:44:34:8c:8e:30:91:a8:
         5c:32:8a:7b:6a:5c:77:bb:0b:69:08:0b:b1:3f:45:a3:55:46:
         47:59:2f:2d:b4:67:1e:6f:bb:76:89:33:bd:9d:6e:ac:04:d4:
         fd:dd:4b:3f:03:d0:b0:4a:96:a0:24:fa:e6:69:43:c4:83:62:
         8a:4e:c0:a7:3a:da:c3:f4:27:02:d1:d0:37:c5:01:96:9d:25:
         f3:6a:6a:e8:8b:76:4d:ab:80:8b:e1:45:02:d0:07:91:7a:76:
         b5:53:41:4f:d2:da:ab:62:24:dc:e8:71:85:a8:cc:b6:8b:a8:
         63:2e:6b:da
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWJs9lb72pXFlNfB2YTJZwYYhzrowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDE1MDAwMDAwWhcNMjQwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTRhNGM4NWUzYzE4YjYwYzQ2OWViNDYwNGVjZDEzZDZm
YmQ1NGQ4OWU4MDhkY2Y0NzRiZGE3MGE4OGNlYjhiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDa0iUIRoCnQNYMcCsudDt1ucPwBKudGM3pz0ohuZ/YAm0a
8t+OLHHbp7HolZ9Ifx9xY9HnIubOx8qy+X00Tt/k4dCg8WqpOzzvUSx5IzFttuoc
iHqHuhTSzFAsUb6/67YNpKJc43bnDbwzjq5wbTj0e966eEp7+VvOgJcAAmlEBtvH
UrGY2m3f01RA8ezut/vdBNjJDhxvFqXVhD2423+tlizUBAJsOHOkrrC3iaZGNAYV
Ops4NCTTf3nM/dYc7Xhv5JL3S6uwXIOgPBxXWq8JADravqEPDK+4FhusfN66cBUg
ere/Aq33Lbdx3og7f7S7pk+KWYa/IuiXqq6t/PRBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUF1R/EoodRRdXsBpDAMCvV+RfStwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E5Y2FjZGViLTAwMjAtNDRlOC1iMDQyLWY0NDhkZTljYWU5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHI1jO6YxHdBOVbqQugbA3cILEG5
KS6O6GZT1xPHuwCEKRIWtvqEosQPno1fjDLuk3WCG8m/4G1jISd51X78iGo1hSTo
wWnou/XTwV8GgtaX92NKRDbLAh+P2rDu9zgeikqP/hDKkPgdQoRhDIlKb603bj4S
wXzL7sv9pAlDsAkm+ePGWv3OBXMWRDSMjjCRqFwyintqXHe7C2kIC7E/RaNVRkdZ
Ly20Zx5vu3aJM72dbqwE1P3dSz8D0LBKlqAk+uZpQ8SDYopOwKc62sP0JwLR0DfF
AZadJfNqauiLdk2rgIvhRQLQB5F6drVTQU/S2qtiJNzocYWozLaLqGMua9o=
-----END CERTIFICATE-----