Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aece8199-153c-48e4-9711-e09a4ff1ff40.roa
File:                     aece8199-153c-48e4-9711-e09a4ff1ff40.roa (raw, json)
Hash identifier:          BwgbezzUlcpAGKBWXbbOq/0olTirpXrZMYTYQ+SAN70=
Subject key identifier:   40:CC:36:CB:04:87:08:3E:C7:4D:DC:4F:3E:2A:F8:45:D4:64:43:96
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4F279E164E057D9182D1A0C7C816B40F57392ACA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aece8199-153c-48e4-9711-e09a4ff1ff40.roa
Signing time:             Mon 05 Aug 2024 00:00:00 +0000
ROA not before:           Mon 05 Aug 2024 00:00:00 +0000
ROA not after:            Mon 09 Sep 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:27:9e:16:4e:05:7d:91:82:d1:a0:c7:c8:16:b4:0f:57:39:2a:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  5 00:00:00 2024 GMT
            Not After : Sep  9 23:59:59 2024 GMT
        Subject: serialNumber=a262a545559dbf852559176aef10517bdb08a8bc807006416df18617c7156039, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:05:96:57:47:a8:f3:f6:5f:7a:a4:5c:84:99:
                    ea:d0:db:2c:0d:b6:5a:75:fe:66:a1:61:ed:09:4f:
                    5f:fa:f4:4b:54:68:dc:59:32:29:0a:a4:c8:92:c1:
                    22:6b:e2:ab:da:73:4e:a0:0b:c8:45:d1:ca:5f:24:
                    dd:23:89:9c:82:f1:23:96:03:41:45:80:71:ba:5d:
                    8f:8a:cd:04:1b:c9:66:bb:20:2e:73:08:cc:25:c9:
                    ea:25:3e:28:41:1f:13:9f:b0:f6:57:8a:87:16:23:
                    b7:18:1c:f0:a6:51:57:0b:6c:43:e4:4e:13:34:76:
                    d9:fe:79:2a:00:59:a3:91:83:f7:10:28:9b:0f:ea:
                    45:5f:28:35:19:c0:3f:58:38:8f:5a:7b:13:e8:48:
                    77:d9:5e:27:00:29:20:2c:d0:e0:62:70:86:42:e2:
                    fb:27:e8:4f:17:5a:86:32:b0:d8:17:91:c1:6f:b4:
                    1e:e4:7e:8c:1d:c6:40:08:c4:d7:37:74:5f:67:b9:
                    3e:ed:f0:8e:d1:2d:89:bb:01:38:67:8a:fa:17:3e:
                    a1:50:a6:fd:3b:45:4f:24:b1:f9:61:10:60:2a:5a:
                    95:46:42:5a:35:90:3d:cb:63:2d:44:be:ed:fb:08:
                    b2:7f:ce:06:13:a5:70:85:16:33:e2:4b:01:69:61:
                    fa:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:CC:36:CB:04:87:08:3E:C7:4D:DC:4F:3E:2A:F8:45:D4:64:43:96
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/aece8199-153c-48e4-9711-e09a4ff1ff40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:58:f5:4e:24:57:d8:75:23:d2:1d:ab:4f:2e:9d:d8:a7:00:
         61:6c:7c:34:bd:de:05:d2:8e:16:30:18:8b:18:05:47:c3:87:
         e4:20:14:7b:9d:e5:b6:98:66:1e:3b:7f:54:cc:ac:2b:06:27:
         ea:26:a8:b6:f7:83:9f:52:c8:c9:68:b9:48:60:d4:96:8f:ba:
         f2:d6:8c:a8:87:1e:85:4b:88:7c:b7:aa:91:b5:8c:af:df:a9:
         d8:f7:63:bd:b9:78:00:b0:ff:99:1d:ce:ec:1b:b5:3a:45:dd:
         52:1d:db:80:39:f6:d3:ee:7a:dd:59:6b:42:8d:c3:b7:8e:19:
         e0:29:c1:3c:9e:66:c2:4c:62:c1:7b:b4:20:a2:9f:a9:70:57:
         d8:ab:92:01:c5:38:d7:88:23:3f:8d:9b:3a:7f:e6:c2:e9:b5:
         4f:33:6a:63:ff:c6:5e:d1:2c:97:e1:9e:ea:cc:33:39:26:04:
         ee:59:cb:0a:69:03:d4:ff:28:26:56:b5:30:a4:58:0f:d3:4c:
         1c:04:07:7a:7b:fe:8f:6f:55:fb:c1:3a:a4:b9:a2:33:e5:2c:
         1b:df:c1:e0:3d:8f:63:ee:dc:81:73:60:37:e3:ff:a4:4e:91:
         16:da:77:39:c0:67:3f:5c:ca:4c:d9:67:84:f4:0f:0c:44:3d:
         d5:1a:60:dc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTyeeFk4FfZGC0aDHyBa0D1c5KsowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODA1MDAwMDAwWhcNMjQwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjYyYTU0NTU1OWRiZjg1MjU1OTE3NmFlZjEwNTE3YmRi
MDhhOGJjODA3MDA2NDE2ZGYxODYxN2M3MTU2MDM5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpBZZXR6jz9l96pFyEmerQ2ywNtlp1/mahYe0JT1/69EtU
aNxZMikKpMiSwSJr4qvac06gC8hF0cpfJN0jiZyC8SOWA0FFgHG6XY+KzQQbyWa7
IC5zCMwlyeolPihBHxOfsPZXiocWI7cYHPCmUVcLbEPkThM0dtn+eSoAWaORg/cQ
KJsP6kVfKDUZwD9YOI9aexPoSHfZXicAKSAs0OBicIZC4vsn6E8XWoYysNgXkcFv
tB7kfowdxkAIxNc3dF9nuT7t8I7RLYm7AThnivoXPqFQpv07RU8ksflhEGAqWpVG
Qlo1kD3LYy1Evu37CLJ/zgYTpXCFFjPiSwFpYfo/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQMw2ywSHCD7HTdxPPir4RdRkQ5YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FlY2U4MTk5LTE1M2MtNDhlNC05NzExLWUwOWE0ZmYxZmY0MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHtY9U4kV9h1I9Idq08undinAGFs
fDS93gXSjhYwGIsYBUfDh+QgFHud5baYZh47f1TMrCsGJ+omqLb3g59SyMlouUhg
1JaPuvLWjKiHHoVLiHy3qpG1jK/fqdj3Y725eACw/5kdzuwbtTpF3VId24A59tPu
et1Za0KNw7eOGeApwTyeZsJMYsF7tCCin6lwV9irkgHFONeIIz+Nmzp/5sLptU8z
amP/xl7RLJfhnurMMzkmBO5ZywppA9T/KCZWtTCkWA/TTBwEB3p7/o9vVfvBOqS5
ojPlLBvfweA9j2Pu3IFzYDfj/6ROkRbadznAZz9cykzZZ4T0DwxEPdUaYNw=
-----END CERTIFICATE-----