Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b6951751-4f35-458f-a87e-28aff2efb3d0.roa
File:                     b6951751-4f35-458f-a87e-28aff2efb3d0.roa (raw, json)
Hash identifier:          AuwaNI9eEcGkET+rEmlYahDnrC2IWPBC32rcKix0GPI=
Subject key identifier:   B0:35:EE:CF:7F:B5:48:82:D2:55:E6:B4:6E:C7:F1:FA:6D:7A:60:A7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       20B7C457ED53934461F7C7ECE9578DA5F860654A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b6951751-4f35-458f-a87e-28aff2efb3d0.roa
Signing time:             Wed 04 Dec 2024 00:00:00 +0000
ROA not before:           Wed 04 Dec 2024 00:00:00 +0000
ROA not after:            Wed 08 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:b7:c4:57:ed:53:93:44:61:f7:c7:ec:e9:57:8d:a5:f8:60:65:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  4 00:00:00 2024 GMT
            Not After : Jan  8 23:59:59 2025 GMT
        Subject: serialNumber=1b9bcf67321c9bc1f03eda6c61c58967e54c0d76981b9d0965b42dc9886d1e92, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:35:30:d4:40:3f:70:ce:0b:30:0f:ee:22:84:
                    04:26:a3:93:c5:3f:33:d6:5b:67:6f:3f:6b:f9:84:
                    1c:47:f6:e7:b4:ec:7b:ae:49:75:eb:fe:5f:e5:5b:
                    bb:0a:c6:05:70:1d:9e:b3:2b:37:f5:0a:6e:94:fb:
                    62:1d:ca:ab:bd:e8:b1:73:81:26:e2:60:79:e2:39:
                    88:91:cf:3f:4c:e3:4f:93:f4:4a:4c:a2:f4:2e:2e:
                    7e:1a:e2:f0:ba:a9:28:42:67:b8:dc:e1:52:67:f3:
                    5f:81:bb:6b:03:34:0a:37:66:95:d0:d3:60:d8:de:
                    47:7b:86:29:54:fd:0a:e1:0c:29:3f:51:f7:b9:b6:
                    51:fc:59:61:e2:f0:f5:a9:c2:ec:e9:10:07:9f:14:
                    7c:ad:af:89:19:bc:94:f1:b2:e1:1d:3c:4c:5b:00:
                    54:34:16:35:50:60:e2:5d:3d:2a:ae:9a:f5:d5:71:
                    00:81:db:f2:5d:c5:6b:04:e6:62:68:81:63:23:64:
                    fd:ac:83:4c:56:64:a3:fc:f4:cd:ff:bb:dc:32:23:
                    cb:b5:df:02:54:db:10:a2:18:49:55:31:87:c2:46:
                    8b:0e:ea:f4:9f:80:f0:d2:c1:f0:25:13:46:00:61:
                    22:04:92:46:ab:d5:2b:3f:7d:90:a4:04:bf:a2:77:
                    85:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:35:EE:CF:7F:B5:48:82:D2:55:E6:B4:6E:C7:F1:FA:6D:7A:60:A7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b6951751-4f35-458f-a87e-28aff2efb3d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:f1:40:dd:19:7c:31:5d:ef:af:f1:be:35:90:3f:e0:93:b1:
         13:a1:2e:a9:aa:26:ea:4e:7c:58:d1:f3:d0:dc:d2:7d:8b:64:
         de:fb:cf:42:dd:c6:2e:79:24:ad:2a:34:81:45:d1:e9:8c:71:
         e9:48:c2:86:ae:a5:bf:04:7b:7a:c5:15:5b:dd:49:c4:5f:29:
         98:10:ff:5a:bc:94:40:df:2a:86:67:68:bc:7b:3f:b5:27:cd:
         16:57:4f:64:c4:b2:5c:cc:24:c0:22:3e:84:cf:1c:29:26:4a:
         ee:71:ff:99:e6:93:8e:bd:d4:66:c5:d1:b4:8e:d0:61:82:2f:
         8d:9d:27:6c:4c:ad:01:df:80:6f:c5:8d:d6:db:20:26:ae:c6:
         dc:84:e6:cd:30:dc:30:3d:03:96:2f:c0:53:72:c1:71:f8:3f:
         26:80:c0:d7:d6:a8:2a:22:40:a3:cb:8d:4c:11:9c:c4:3c:a8:
         96:5e:2d:af:a6:c1:da:96:fd:3d:11:ac:73:b4:ba:14:ea:09:
         83:a4:8b:3e:34:73:72:95:83:39:00:75:33:83:99:19:1b:75:
         fd:39:cd:1a:61:24:09:40:e1:f0:f5:e9:ac:36:df:d3:cb:bc:
         bf:49:ca:a7:c2:ea:aa:fa:38:72:41:09:ff:a6:7f:f3:6e:d4:
         2b:4e:c2:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUILfEV+1Tk0Rh98fs6VeNpfhgZUowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjA0MDAwMDAwWhcNMjUwMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjliY2Y2NzMyMWM5YmMxZjAzZWRhNmM2MWM1ODk2N2U1
NGMwZDc2OTgxYjlkMDk2NWI0MmRjOTg4NmQxZTkyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+NTDUQD9wzgswD+4ihAQmo5PFPzPWW2dvP2v5hBxH9ue0
7HuuSXXr/l/lW7sKxgVwHZ6zKzf1Cm6U+2Idyqu96LFzgSbiYHniOYiRzz9M40+T
9EpMovQuLn4a4vC6qShCZ7jc4VJn81+Bu2sDNAo3ZpXQ02DY3kd7hilU/QrhDCk/
Ufe5tlH8WWHi8PWpwuzpEAefFHytr4kZvJTxsuEdPExbAFQ0FjVQYOJdPSqumvXV
cQCB2/JdxWsE5mJogWMjZP2sg0xWZKP89M3/u9wyI8u13wJU2xCiGElVMYfCRosO
6vSfgPDSwfAlE0YAYSIEkkar1Ss/fZCkBL+id4UDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsDXuz3+1SILSVea0bsfx+m16YKcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I2OTUxNzUxLTRmMzUtNDU4Zi1hODdlLTI4YWZmMmVmYjNkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB7xQN0ZfDFd76/xvjWQP+CTsROh
LqmqJupOfFjR89Dc0n2LZN77z0Ldxi55JK0qNIFF0emMcelIwoaupb8Ee3rFFVvd
ScRfKZgQ/1q8lEDfKoZnaLx7P7UnzRZXT2TEslzMJMAiPoTPHCkmSu5x/5nmk469
1GbF0bSO0GGCL42dJ2xMrQHfgG/FjdbbICauxtyE5s0w3DA9A5YvwFNywXH4PyaA
wNfWqCoiQKPLjUwRnMQ8qJZeLa+mwdqW/T0RrHO0uhTqCYOkiz40c3KVgzkAdTOD
mRkbdf05zRphJAlA4fD16aw239PLvL9JyqfC6qr6OHJBCf+mf/Nu1CtOwmY=
-----END CERTIFICATE-----