Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b1e51da1-d362-4e01-9af7-707ecb299274.roa
File:                     b1e51da1-d362-4e01-9af7-707ecb299274.roa (raw, json)
Hash identifier:          vHo6GPI/SbbYqPS8y+NwT/bzV2t76XVBM/WpYkGdzaw=
Subject key identifier:   7F:E3:1E:B4:BC:F9:A0:F5:B9:7B:65:63:A9:27:99:87:07:51:01:F2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2D0C529672833E5A52861F0080916FC323490B4C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b1e51da1-d362-4e01-9af7-707ecb299274.roa
Signing time:             Sun 24 Mar 2024 00:00:00 +0000
ROA not before:           Sun 24 Mar 2024 00:00:00 +0000
ROA not after:            Sun 28 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:0c:52:96:72:83:3e:5a:52:86:1f:00:80:91:6f:c3:23:49:0b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 24 00:00:00 2024 GMT
            Not After : Apr 28 23:59:59 2024 GMT
        Subject: serialNumber=e84699bb62bc58455685a999d8f4810e9a7b2610fe4114934524ab4c089d8951, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3c:79:d8:6a:1f:00:6c:92:85:74:49:b9:9c:
                    5f:ff:19:6b:e3:7c:8c:e4:6b:f6:e8:8e:30:de:f5:
                    1f:7b:f8:1f:1d:ba:09:43:1f:9a:73:d7:94:c6:56:
                    89:d8:10:c5:f8:b8:da:17:b6:78:34:e8:9b:af:c4:
                    2f:cf:63:18:8a:f2:d0:97:a4:6d:53:dc:c2:57:83:
                    4a:ba:97:b6:58:e4:5d:51:41:19:8c:ec:a9:9f:99:
                    57:c3:6b:79:7c:26:f7:b8:5d:30:f7:73:98:cc:7c:
                    d4:fe:e8:48:6a:05:2b:ff:7c:82:bc:d2:44:be:83:
                    14:e3:1e:b1:f4:d8:63:53:9c:5d:a7:ee:46:bb:8e:
                    d4:32:8d:cf:4d:a2:16:28:e0:91:18:39:f6:fa:71:
                    3d:15:64:78:b9:e8:9c:30:65:97:ec:67:8b:f3:2a:
                    9a:a7:f1:f9:08:b0:8b:a6:cc:a4:a4:ba:db:fb:f2:
                    5c:1a:dd:b3:8d:31:2a:53:1b:c0:51:20:ea:c7:e7:
                    9e:16:61:2d:ce:6b:3b:4f:46:73:89:4a:aa:4c:6a:
                    01:4d:23:ed:04:6b:eb:01:fa:ac:60:da:46:9c:43:
                    17:f0:0c:b2:63:1c:45:d4:8b:2d:38:1a:2b:73:9d:
                    db:24:72:35:a5:fe:32:73:c7:69:f4:39:99:cd:30:
                    69:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:E3:1E:B4:BC:F9:A0:F5:B9:7B:65:63:A9:27:99:87:07:51:01:F2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b1e51da1-d362-4e01-9af7-707ecb299274.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:6b:d9:07:e8:33:7b:85:46:8c:d9:66:b9:de:38:8f:03:09:
         26:2b:e4:90:34:3c:dd:be:8e:c0:d3:c3:a4:ad:56:bb:86:66:
         95:95:b9:40:67:3d:96:59:0b:28:0c:2a:5a:bf:77:ed:14:1e:
         71:06:9e:1a:86:77:f3:b8:25:f8:b3:31:d9:41:39:45:47:4e:
         99:0b:c4:79:24:fc:dd:51:c7:4e:e3:da:51:5e:c0:eb:d2:6c:
         e0:fb:6b:01:5c:07:f8:a6:95:3c:5c:fc:f3:74:9f:f4:54:0e:
         bd:e4:f8:26:34:57:e9:78:9c:13:c8:9e:c2:f5:e7:d1:22:2a:
         98:06:5d:f9:32:5a:d3:a3:4e:ad:cf:d4:10:a0:4d:0e:7e:3b:
         c5:47:4d:5e:fa:e2:c9:fe:7c:af:a5:af:47:58:bf:cc:28:dc:
         df:fd:ed:93:2e:0c:f5:3f:df:ee:ea:02:c9:6a:8c:de:70:b6:
         d7:e7:81:44:cf:ef:2b:0a:4e:a7:ed:62:96:23:5f:64:ab:b7:
         54:8c:8b:e0:97:97:10:fb:c7:79:cd:75:2f:da:b1:62:8a:ca:
         a6:ec:67:67:cd:c3:23:26:f6:02:ce:b5:8e:40:fc:9a:a5:f0:
         3b:c3:0b:d8:6a:1c:eb:83:1f:a1:65:62:1e:86:b2:89:00:02:
         e6:e0:ad:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULQxSlnKDPlpShh8AgJFvwyNJC0wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzI0MDAwMDAwWhcNMjQwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlODQ2OTliYjYyYmM1ODQ1NTY4NWE5OTlkOGY0ODEwZTlh
N2IyNjEwZmU0MTE0OTM0NTI0YWI0YzA4OWQ4OTUxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtPHnYah8AbJKFdEm5nF//GWvjfIzka/bojjDe9R97+B8d
uglDH5pz15TGVonYEMX4uNoXtng06JuvxC/PYxiK8tCXpG1T3MJXg0q6l7ZY5F1R
QRmM7KmfmVfDa3l8Jve4XTD3c5jMfNT+6EhqBSv/fIK80kS+gxTjHrH02GNTnF2n
7ka7jtQyjc9NohYo4JEYOfb6cT0VZHi56JwwZZfsZ4vzKpqn8fkIsIumzKSkutv7
8lwa3bONMSpTG8BRIOrH554WYS3OaztPRnOJSqpMagFNI+0Ea+sB+qxg2kacQxfw
DLJjHEXUiy04GitzndskcjWl/jJzx2n0OZnNMGnLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUf+MetLz5oPW5e2VjqSeZhwdRAfIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2IxZTUxZGExLWQzNjItNGUwMS05YWY3LTcwN2VjYjI5OTI3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJZr2QfoM3uFRozZZrneOI8DCSYr
5JA0PN2+jsDTw6StVruGZpWVuUBnPZZZCygMKlq/d+0UHnEGnhqGd/O4JfizMdlB
OUVHTpkLxHkk/N1Rx07j2lFewOvSbOD7awFcB/imlTxc/PN0n/RUDr3k+CY0V+l4
nBPInsL159EiKpgGXfkyWtOjTq3P1BCgTQ5+O8VHTV764sn+fK+lr0dYv8wo3N/9
7ZMuDPU/3+7qAslqjN5wttfngUTP7ysKTqftYpYjX2Srt1SMi+CXlxD7x3nNdS/a
sWKKyqbsZ2fNwyMm9gLOtY5A/Jql8DvDC9hqHOuDH6FlYh6GsokAAubgrb0=
-----END CERTIFICATE-----