Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b8ddaa92-64df-4bb4-9820-fba5c342ca21.roa
File:                     b8ddaa92-64df-4bb4-9820-fba5c342ca21.roa (raw, json)
Hash identifier:          rRJ8srO5kSmAtU1tjOe5AUJMVGJCWd2DDvpZfrCQK0Y=
Subject key identifier:   DE:AA:C0:91:F6:62:CE:18:88:97:7D:BA:E8:9D:F7:D6:5A:FE:D1:56
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0ADC81C6684399A544C7BE2448BE9883E212F202
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b8ddaa92-64df-4bb4-9820-fba5c342ca21.roa
Signing time:             Sun 11 Feb 2024 00:00:00 +0000
ROA not before:           Sun 11 Feb 2024 00:00:00 +0000
ROA not after:            Sun 17 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:dc:81:c6:68:43:99:a5:44:c7:be:24:48:be:98:83:e2:12:f2:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 11 00:00:00 2024 GMT
            Not After : Mar 17 23:59:59 2024 GMT
        Subject: serialNumber=c65ca82e8801b7207f8f0eab00be8114183c58b9c81b3143876443153f7b736d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:24:51:2a:17:f3:4f:18:4c:06:2c:30:b1:da:
                    5f:58:d9:da:cf:00:6b:24:18:d4:e4:b0:63:2c:ef:
                    5e:c4:bb:9e:77:38:29:1c:97:fd:58:09:6f:82:90:
                    df:90:70:cb:6a:f3:65:d6:25:f2:6e:89:a1:16:f1:
                    40:c0:5b:40:13:97:8a:fa:07:eb:cc:b5:93:8f:55:
                    64:a8:18:b6:43:27:a6:32:51:9a:5d:04:6f:f9:5e:
                    57:08:20:ed:f3:3b:38:cd:69:8f:9c:7a:21:9e:cb:
                    ff:8e:79:32:89:23:2c:7a:63:c3:74:07:36:b2:a9:
                    6a:f2:91:4c:6f:ef:fe:d2:38:ce:48:1a:a2:96:a9:
                    3d:a4:6c:f7:f3:be:32:5c:d8:a6:d1:c1:c6:f5:63:
                    5c:f5:e1:ed:3d:90:08:d7:d4:f0:8f:8d:66:a3:30:
                    d2:08:e7:7b:c7:39:0c:95:6c:ff:11:62:b8:ba:74:
                    f8:87:4a:c5:4a:82:66:46:be:54:28:fa:ef:9e:87:
                    2e:fe:e1:0a:41:70:da:04:14:b1:a6:38:dc:28:56:
                    bf:2f:61:85:de:90:20:91:7d:c7:7c:87:11:41:b1:
                    64:d4:db:2f:76:a8:7a:d4:8e:ca:1b:71:f2:3d:6c:
                    15:50:1b:9e:f2:b8:cc:ce:3d:7e:01:68:1a:2b:9d:
                    90:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:AA:C0:91:F6:62:CE:18:88:97:7D:BA:E8:9D:F7:D6:5A:FE:D1:56
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b8ddaa92-64df-4bb4-9820-fba5c342ca21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:34:4b:f8:cc:90:09:8f:b9:f9:fd:78:89:63:78:2c:5b:82:
         a6:d4:e6:39:39:05:f2:b3:e2:1c:31:c4:b6:38:cb:11:c0:20:
         ba:77:b1:64:a0:72:25:43:05:9c:3e:d6:d2:06:c5:66:e2:fb:
         88:0c:9b:3f:47:32:3e:83:a5:d4:96:2c:e0:35:01:a0:18:01:
         54:eb:5a:b6:d4:b9:69:5b:c6:18:a7:53:e7:29:54:16:6f:9c:
         90:07:96:be:33:bf:40:e0:2d:d9:45:97:d1:74:c2:cb:9f:a5:
         92:6d:ec:ac:5f:4b:e8:2c:4b:ff:36:79:f6:f8:58:84:42:41:
         96:4e:3e:36:67:62:ca:4f:d1:d7:8e:88:0b:26:8c:27:cc:c7:
         6e:e4:7c:8e:43:17:01:2f:95:5c:2a:2c:83:66:fd:a5:b3:4e:
         c7:d1:8b:58:15:55:a4:24:bb:f5:20:e1:66:83:18:a1:08:70:
         91:9c:d8:a4:b9:19:b1:cf:68:ce:6c:c2:26:bd:77:eb:b4:88:
         3e:bc:27:6e:24:cf:ff:22:52:c6:64:7f:22:82:1d:5f:09:d4:
         74:96:4c:21:31:08:d6:b3:4d:f8:d6:60:f8:86:d3:92:dc:a9:
         b7:8f:2b:24:f4:01:f5:83:51:da:bc:3a:62:bd:b9:68:e9:b5:
         74:1d:c3:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCtyBxmhDmaVEx74kSL6Yg+IS8gIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjExMDAwMDAwWhcNMjQwMzE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjVjYTgyZTg4MDFiNzIwN2Y4ZjBlYWIwMGJlODExNDE4
M2M1OGI5YzgxYjMxNDM4NzY0NDMxNTNmN2I3MzZkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRJFEqF/NPGEwGLDCx2l9Y2drPAGskGNTksGMs717Eu553
OCkcl/1YCW+CkN+QcMtq82XWJfJuiaEW8UDAW0ATl4r6B+vMtZOPVWSoGLZDJ6Yy
UZpdBG/5XlcIIO3zOzjNaY+ceiGey/+OeTKJIyx6Y8N0BzayqWrykUxv7/7SOM5I
GqKWqT2kbPfzvjJc2KbRwcb1Y1z14e09kAjX1PCPjWajMNII53vHOQyVbP8RYri6
dPiHSsVKgmZGvlQo+u+ehy7+4QpBcNoEFLGmONwoVr8vYYXekCCRfcd8hxFBsWTU
2y92qHrUjsobcfI9bBVQG57yuMzOPX4BaBornZD9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3qrAkfZizhiIl3266J331lr+0VYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I4ZGRhYTkyLTY0ZGYtNGJiNC05ODIwLWZiYTVjMzQyY2EyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH80S/jMkAmPufn9eIljeCxbgqbU
5jk5BfKz4hwxxLY4yxHAILp3sWSgciVDBZw+1tIGxWbi+4gMmz9HMj6DpdSWLOA1
AaAYAVTrWrbUuWlbxhinU+cpVBZvnJAHlr4zv0DgLdlFl9F0wsufpZJt7KxfS+gs
S/82efb4WIRCQZZOPjZnYspP0deOiAsmjCfMx27kfI5DFwEvlVwqLINm/aWzTsfR
i1gVVaQku/Ug4WaDGKEIcJGc2KS5GbHPaM5swia9d+u0iD68J24kz/8iUsZkfyKC
HV8J1HSWTCExCNazTfjWYPiG05LcqbePKyT0AfWDUdq8OmK9uWjptXQdw5g=
-----END CERTIFICATE-----