Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ae462d6c-6dda-4845-801f-6d0065b29fbe.roa
File:                     ae462d6c-6dda-4845-801f-6d0065b29fbe.roa (raw, json)
Hash identifier:          XjZkr7bTmKThiSConOO+Qy+NsU08eFUogx1RHQ8U70M=
Subject key identifier:   EF:85:47:E6:D7:3B:F0:68:11:E4:29:63:21:E5:E2:9E:A3:99:CF:04
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       13CF01597EE3BF797F637F88E6961987910C8DE1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ae462d6c-6dda-4845-801f-6d0065b29fbe.roa
Signing time:             Fri 29 Dec 2023 00:00:00 +0000
ROA not before:           Fri 29 Dec 2023 00:00:00 +0000
ROA not after:            Fri 02 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:cf:01:59:7e:e3:bf:79:7f:63:7f:88:e6:96:19:87:91:0c:8d:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 29 00:00:00 2023 GMT
            Not After : Feb  2 23:59:59 2024 GMT
        Subject: serialNumber=6d2ae627bc28cac54635c1c2d7eada682fc4e6559429fe38eb00dc7def8780ff, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:c2:9a:94:8c:ca:c0:cc:68:b9:0d:b5:a1:b3:
                    fd:f8:84:f3:c2:59:0f:fe:67:3b:a5:46:e5:3a:4e:
                    c8:e1:53:71:89:e6:14:ff:62:0c:ec:f2:ab:d0:3d:
                    69:ab:88:12:b3:98:1c:80:f8:25:35:01:9e:96:96:
                    7e:04:b0:4e:1a:40:42:de:c3:9d:28:61:93:77:ce:
                    c1:51:68:4d:b5:51:8e:89:17:5d:7b:b7:ea:38:e0:
                    6b:48:0f:55:7f:3a:4d:c1:95:58:2f:d2:08:12:20:
                    be:0d:6d:f0:b2:5b:74:0a:fb:ec:09:05:c3:21:8d:
                    0a:e5:ec:d5:cd:de:9b:45:31:76:2e:c3:39:cb:e8:
                    a6:cb:20:94:56:df:6c:b7:59:cb:a7:5f:b2:11:31:
                    f1:89:32:94:d8:20:9d:da:5d:9e:07:12:04:73:63:
                    d8:1d:89:28:99:a2:60:95:c1:ea:c1:8c:54:c8:f5:
                    9d:dd:33:91:3f:82:34:25:4b:60:35:a5:be:5d:d0:
                    de:6f:b8:f0:93:33:49:83:a9:7e:c8:6d:fb:f6:d7:
                    8d:fa:1e:01:2b:5b:41:40:2d:80:fa:40:73:f5:9b:
                    c1:d1:87:11:d6:58:dc:8d:9c:fb:5e:5b:d4:e8:86:
                    d6:98:99:16:22:61:76:92:64:6a:89:12:26:c5:38:
                    89:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:85:47:E6:D7:3B:F0:68:11:E4:29:63:21:E5:E2:9E:A3:99:CF:04
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ae462d6c-6dda-4845-801f-6d0065b29fbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:5c:1a:0a:79:c1:cc:da:85:96:ff:0b:18:08:50:7e:f5:db:
         66:19:a0:63:8d:55:c9:81:d3:c2:91:5e:20:aa:81:cd:f8:d3:
         a2:51:85:a6:39:40:b4:6a:48:30:bf:c3:e1:bd:a4:6c:d6:06:
         ae:54:c7:71:51:e2:f8:6a:55:51:34:86:8f:f3:3e:3f:b7:ea:
         00:4e:5e:78:5a:b9:ce:43:32:ad:9a:ca:24:80:c9:b8:29:64:
         da:cf:ab:6c:fa:80:b8:79:bf:90:c6:29:b3:1e:06:6b:15:59:
         5b:e0:8f:a8:42:73:60:bb:f8:22:f4:72:48:78:96:e6:57:a0:
         0f:d9:8b:20:08:e8:53:d8:c8:24:6d:8a:f1:f1:9f:4d:b1:1d:
         e9:36:7d:a6:85:7f:65:ec:c2:47:ad:c3:5c:0a:e0:4a:7b:5f:
         d6:98:4c:f4:2b:f9:da:1d:b7:33:88:46:84:18:d0:69:dc:23:
         15:d2:f7:cb:a2:77:5f:8d:87:42:aa:f5:f3:31:19:e2:0a:25:
         1e:27:db:43:4b:68:aa:f7:e2:86:22:f2:20:66:31:43:42:e1:
         f1:89:81:56:14:84:37:de:d8:48:d3:0a:59:4f:5a:2f:a2:96:
         6d:3a:7e:f6:c3:bb:6f:0c:38:98:33:7a:88:95:2c:9f:4a:34:
         54:e6:09:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE88BWX7jv3l/Y3+I5pYZh5EMjeEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjI5MDAwMDAwWhcNMjQwMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZDJhZTYyN2JjMjhjYWM1NDYzNWMxYzJkN2VhZGE2ODJm
YzRlNjU1OTQyOWZlMzhlYjAwZGM3ZGVmODc4MGZmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD0wpqUjMrAzGi5DbWhs/34hPPCWQ/+ZzulRuU6TsjhU3GJ
5hT/Ygzs8qvQPWmriBKzmByA+CU1AZ6Wln4EsE4aQELew50oYZN3zsFRaE21UY6J
F117t+o44GtID1V/Ok3BlVgv0ggSIL4NbfCyW3QK++wJBcMhjQrl7NXN3ptFMXYu
wznL6KbLIJRW32y3WcunX7IRMfGJMpTYIJ3aXZ4HEgRzY9gdiSiZomCVwerBjFTI
9Z3dM5E/gjQlS2A1pb5d0N5vuPCTM0mDqX7Ibfv21436HgErW0FALYD6QHP1m8HR
hxHWWNyNnPteW9TohtaYmRYiYXaSZGqJEibFOIlfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU74VH5tc78GgR5CljIeXinqOZzwQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FlNDYyZDZjLTZkZGEtNDg0NS04MDFmLTZkMDA2NWIyOWZiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHhcGgp5wczahZb/CxgIUH7122YZ
oGONVcmB08KRXiCqgc3406JRhaY5QLRqSDC/w+G9pGzWBq5Ux3FR4vhqVVE0ho/z
Pj+36gBOXnhauc5DMq2ayiSAybgpZNrPq2z6gLh5v5DGKbMeBmsVWVvgj6hCc2C7
+CL0ckh4luZXoA/ZiyAI6FPYyCRtivHxn02xHek2faaFf2Xswketw1wK4Ep7X9aY
TPQr+dodtzOIRoQY0GncIxXS98uid1+Nh0Kq9fMxGeIKJR4n20NLaKr34oYi8iBm
MUNC4fGJgVYUhDfe2EjTCllPWi+ilm06fvbDu28MOJgzeoiVLJ9KNFTmCaM=
-----END CERTIFICATE-----