Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/af158d24-f6e6-46e1-9103-a0ed1ecb68f5.roa
File:                     af158d24-f6e6-46e1-9103-a0ed1ecb68f5.roa (raw, json)
Hash identifier:          97LYy9JAyLxlaSCfK0dAbC8oJwv/LYq0tLE8Mesk9ms=
Subject key identifier:   0F:B4:8C:B3:32:C9:FE:D7:46:83:85:37:DE:76:6B:1E:59:D5:B1:CF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4771B3984E9A2B527ACB0E7F5506374B787B59AB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/af158d24-f6e6-46e1-9103-a0ed1ecb68f5.roa
Signing time:             Fri 29 Mar 2024 00:00:00 +0000
ROA not before:           Fri 29 Mar 2024 00:00:00 +0000
ROA not after:            Fri 03 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:71:b3:98:4e:9a:2b:52:7a:cb:0e:7f:55:06:37:4b:78:7b:59:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 29 00:00:00 2024 GMT
            Not After : May  3 23:59:59 2024 GMT
        Subject: serialNumber=b32d183de53caa8dc1a2fd6106a5032f934c289a654afe550afb4f7778cd3262, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:1b:4c:7a:a6:2b:75:79:ec:8d:45:9d:2b:c8:
                    3f:d0:f2:6e:12:c1:da:02:bf:b3:ba:38:6b:36:45:
                    51:e8:77:7d:ae:42:58:47:e5:f2:fa:b4:d6:b1:2a:
                    3d:4c:3c:4c:3e:12:4f:a8:73:3f:40:3a:f5:96:5a:
                    11:14:c8:78:a8:16:81:4f:02:87:ce:da:af:b8:82:
                    cd:03:c7:bb:81:e3:2d:c6:25:d4:17:4a:61:de:76:
                    43:bc:3e:0b:46:7c:83:58:e4:5e:d9:b8:86:5b:e0:
                    9c:da:e2:f7:b9:22:da:1d:e5:5c:c6:1c:aa:96:41:
                    83:3d:c9:3d:84:1a:fb:a8:c6:52:a7:a0:47:1f:d0:
                    52:95:a1:3f:4b:17:a0:a9:a9:28:8d:63:35:0c:0f:
                    59:84:36:e8:45:bd:30:de:68:18:20:59:86:39:f7:
                    fe:07:25:fc:ad:52:24:f0:03:f0:b0:71:05:1a:ad:
                    04:70:04:95:3e:4e:77:a9:aa:90:9f:d7:a2:8e:7d:
                    fd:6d:08:d5:36:a6:58:45:3c:ab:22:b6:49:ca:c5:
                    7f:2e:a8:6a:33:65:0e:1c:4a:12:fd:94:2c:5d:f7:
                    a3:c4:05:b1:5c:fa:07:59:9c:4c:bf:0a:13:cf:06:
                    d6:aa:f4:52:5a:9f:8f:2b:d6:b3:c8:08:58:f7:7d:
                    e7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:B4:8C:B3:32:C9:FE:D7:46:83:85:37:DE:76:6B:1E:59:D5:B1:CF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/af158d24-f6e6-46e1-9103-a0ed1ecb68f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f5:b0:60:36:fe:b9:94:47:3f:4e:29:ea:49:11:31:f4:de:
         4a:9e:10:60:0c:a8:f0:06:c5:97:c7:4a:bb:ca:1e:29:a3:6b:
         f5:14:2f:1b:39:f2:95:ca:e3:d8:c8:ac:c2:7c:98:2a:e7:12:
         e5:24:64:3a:3f:68:e3:4e:14:a6:be:d7:83:c9:3f:d6:9a:63:
         f4:27:ad:c5:f0:38:4a:0f:99:96:06:ff:fe:16:15:ce:0d:7d:
         b1:d4:cb:3d:64:2a:cd:f3:82:08:15:69:45:c1:b7:c8:36:44:
         f8:5c:a3:bd:c9:5d:4a:49:7a:cc:e9:45:05:e0:2f:39:62:78:
         25:11:b9:fd:03:8c:96:68:1d:16:59:92:78:51:dd:5b:f9:3e:
         aa:8e:7a:b6:0f:22:26:4e:5f:ab:37:59:e6:d6:a9:57:2b:4d:
         f5:ce:05:9d:80:0e:e0:e7:9e:bc:6c:87:9f:a7:13:5a:39:fc:
         2c:df:bd:4c:23:c1:85:31:89:7a:87:c4:88:c2:ee:0f:52:64:
         0b:92:0f:48:fa:1a:43:b2:0d:f5:b3:c4:83:d7:8d:13:b6:3e:
         44:44:44:b2:b9:f7:f2:b1:83:48:30:84:a1:a6:90:ef:96:de:
         2f:49:bb:3f:07:ef:3d:39:74:9c:4e:be:44:cf:b8:8a:b1:e4:
         ef:77:fe:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR3GzmE6aK1J6yw5/VQY3S3h7WaswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzI5MDAwMDAwWhcNMjQwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMzJkMTgzZGU1M2NhYThkYzFhMmZkNjEwNmE1MDMyZjkz
NGMyODlhNjU0YWZlNTUwYWZiNGY3Nzc4Y2QzMjYyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnG0x6pit1eeyNRZ0ryD/Q8m4SwdoCv7O6OGs2RVHod32u
QlhH5fL6tNaxKj1MPEw+Ek+ocz9AOvWWWhEUyHioFoFPAofO2q+4gs0Dx7uB4y3G
JdQXSmHedkO8PgtGfINY5F7ZuIZb4Jza4ve5Itod5VzGHKqWQYM9yT2EGvuoxlKn
oEcf0FKVoT9LF6CpqSiNYzUMD1mENuhFvTDeaBggWYY59/4HJfytUiTwA/CwcQUa
rQRwBJU+TnepqpCf16KOff1tCNU2plhFPKsitknKxX8uqGozZQ4cShL9lCxd96PE
BbFc+gdZnEy/ChPPBtaq9FJan48r1rPICFj3feebAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUD7SMszLJ/tdGg4U33nZrHlnVsc8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FmMTU4ZDI0LWY2ZTYtNDZlMS05MTAzLWEwZWQxZWNiNjhmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAr1sGA2/rmURz9OKepJETH03kqe
EGAMqPAGxZfHSrvKHimja/UULxs58pXK49jIrMJ8mCrnEuUkZDo/aONOFKa+14PJ
P9aaY/QnrcXwOEoPmZYG//4WFc4NfbHUyz1kKs3zgggVaUXBt8g2RPhco73JXUpJ
eszpRQXgLzlieCURuf0DjJZoHRZZknhR3Vv5PqqOerYPIiZOX6s3WebWqVcrTfXO
BZ2ADuDnnrxsh5+nE1o5/CzfvUwjwYUxiXqHxIjC7g9SZAuSD0j6GkOyDfWzxIPX
jRO2PkRERLK59/Kxg0gwhKGmkO+W3i9Juz8H7z05dJxOvkTPuIqx5O93/jc=
-----END CERTIFICATE-----