Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b68cf205-7f53-4ece-9acb-74d104049a59.roa
File:                     b68cf205-7f53-4ece-9acb-74d104049a59.roa (raw, json)
Hash identifier:          lBLEV/HIVuVZHiS7lMtcOLBGHoxNrSbE9cV9aMD6pXA=
Subject key identifier:   D8:50:92:9D:E5:1D:0E:9D:2A:0B:04:9E:B4:78:E9:4C:F9:AD:0E:FE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7D7734703CDB030A036D64E78686DB2238C973AA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b68cf205-7f53-4ece-9acb-74d104049a59.roa
Signing time:             Wed 19 Jun 2024 00:00:00 +0000
ROA not before:           Wed 19 Jun 2024 00:00:00 +0000
ROA not after:            Wed 24 Jul 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:77:34:70:3c:db:03:0a:03:6d:64:e7:86:86:db:22:38:c9:73:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 19 00:00:00 2024 GMT
            Not After : Jul 24 23:59:59 2024 GMT
        Subject: serialNumber=2a91d1234cf675c654b7eae2cdae26043a37b2d1f398fcdebb959782e0f06198, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c5:20:36:ad:ab:77:3e:ad:cc:44:e6:55:60:
                    bb:b3:60:e2:08:f7:96:cf:48:6c:fb:9e:4c:8c:1c:
                    55:67:b6:3b:12:94:31:56:3c:46:7d:64:75:de:d5:
                    ec:8b:5d:71:ca:ed:5b:8a:28:e9:9b:e2:c4:b3:34:
                    8f:2f:01:60:6c:6f:81:27:ec:f2:e5:8b:c7:e7:ab:
                    7f:94:48:f0:70:6e:93:a3:fe:c4:18:01:00:e7:eb:
                    38:85:c8:b4:e3:cc:27:e7:26:b8:a5:c8:ff:13:c4:
                    85:fe:3e:bf:2f:68:fa:ef:f2:d5:fb:d9:25:f3:e2:
                    4b:88:6c:d0:3c:2e:27:c4:76:86:83:b4:7b:b3:f0:
                    34:37:d6:22:bf:1f:9c:0c:4e:37:7d:83:5d:d7:1d:
                    24:d9:3d:2b:1b:7b:dd:ac:43:e5:06:41:98:76:e5:
                    91:0f:02:5c:b5:d4:29:f0:10:f8:b9:47:25:a7:dd:
                    12:10:c7:e1:54:4d:ce:7a:a3:4d:a6:16:d8:2b:9c:
                    35:ea:b7:dc:7a:3f:3a:73:49:f5:22:ad:aa:04:cf:
                    ec:d5:66:e4:57:8c:ce:f0:8a:09:fb:15:8f:dd:02:
                    83:e8:f6:74:8d:06:3d:5d:a7:9a:ff:dc:ca:a1:83:
                    6c:af:52:6d:d4:bd:4b:38:db:ad:9f:f0:cc:dc:60:
                    36:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:50:92:9D:E5:1D:0E:9D:2A:0B:04:9E:B4:78:E9:4C:F9:AD:0E:FE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b68cf205-7f53-4ece-9acb-74d104049a59.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:9d:2d:71:a1:7e:87:3c:60:06:63:58:8e:74:8d:3e:64:84:
         12:b2:c8:b6:bd:1d:39:4d:f3:94:fd:89:15:74:28:e6:d4:3a:
         78:43:31:f5:a8:28:f2:dc:14:c2:af:32:0d:ca:13:a8:12:f0:
         15:4e:97:40:6b:39:43:57:d7:ca:61:80:1b:52:ad:75:e1:a0:
         70:23:0c:19:6c:84:b0:da:9f:3e:34:48:e4:15:65:0b:d6:7e:
         8f:fc:70:7c:27:dd:11:b3:87:a1:a5:fa:36:ca:f7:7a:ff:73:
         68:45:b2:6f:93:be:d0:25:4c:c2:59:72:53:e2:18:b6:69:c2:
         36:f5:dc:22:61:70:1c:ec:b5:d9:b3:db:64:04:92:be:6c:f0:
         11:9f:95:5f:e1:47:9f:52:b5:19:bf:ce:8f:b9:05:18:59:dc:
         bc:49:0f:67:16:3b:b5:52:22:7d:5a:01:d1:00:ab:a7:a7:ff:
         f3:d8:b0:94:c5:c6:f1:4d:00:c7:08:8e:66:d5:db:41:89:0a:
         cf:2b:f9:90:bb:f7:52:49:ec:2d:ce:f4:85:6b:6b:21:b3:fe:
         c2:aa:1b:e3:3a:7f:69:2f:0a:49:59:5a:61:e7:3e:c8:c5:f6:
         73:f4:f9:51:02:96:95:ee:32:90:e8:f6:f0:3b:67:d0:aa:8a:
         d4:4a:59:65
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfXc0cDzbAwoDbWTnhobbIjjJc6owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNjE5MDAwMDAwWhcNMjQwNzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTkxZDEyMzRjZjY3NWM2NTRiN2VhZTJjZGFlMjYwNDNh
MzdiMmQxZjM5OGZjZGViYjk1OTc4MmUwZjA2MTk4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbxSA2rat3Pq3MROZVYLuzYOII95bPSGz7nkyMHFVntjsS
lDFWPEZ9ZHXe1eyLXXHK7VuKKOmb4sSzNI8vAWBsb4En7PLli8fnq3+USPBwbpOj
/sQYAQDn6ziFyLTjzCfnJrilyP8TxIX+Pr8vaPrv8tX72SXz4kuIbNA8LifEdoaD
tHuz8DQ31iK/H5wMTjd9g13XHSTZPSsbe92sQ+UGQZh25ZEPAly11CnwEPi5RyWn
3RIQx+FUTc56o02mFtgrnDXqt9x6PzpzSfUiraoEz+zVZuRXjM7wign7FY/dAoPo
9nSNBj1dp5r/3Mqhg2yvUm3UvUs4262f8MzcYDYBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2FCSneUdDp0qCwSetHjpTPmtDv4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I2OGNmMjA1LTdmNTMtNGVjZS05YWNiLTc0ZDEwNDA0OWE1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD+dLXGhfoc8YAZjWI50jT5khBKy
yLa9HTlN85T9iRV0KObUOnhDMfWoKPLcFMKvMg3KE6gS8BVOl0BrOUNX18phgBtS
rXXhoHAjDBlshLDanz40SOQVZQvWfo/8cHwn3RGzh6Gl+jbK93r/c2hFsm+TvtAl
TMJZclPiGLZpwjb13CJhcBzstdmz22QEkr5s8BGflV/hR59StRm/zo+5BRhZ3LxJ
D2cWO7VSIn1aAdEAq6en//PYsJTFxvFNAMcIjmbV20GJCs8r+ZC791JJ7C3O9IVr
ayGz/sKqG+M6f2kvCklZWmHnPsjF9nP0+VEClpXuMpDo9vA7Z9CqitRKWWU=
-----END CERTIFICATE-----