Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b97cca70-2658-4a93-9f24-562e8026f1c1.roa
File:                     b97cca70-2658-4a93-9f24-562e8026f1c1.roa (raw, json)
Hash identifier:          blompxmkS0e6ivXSkVACUgQB0xhiEBDytsYWNba/6BE=
Subject key identifier:   99:08:57:5C:8E:73:13:AE:22:C0:1A:73:05:FF:D9:86:1E:91:E2:C9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       28582A6D0E9D7C7FBDE6F0588A6912954D028A42
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b97cca70-2658-4a93-9f24-562e8026f1c1.roa
Signing time:             Tue 26 Mar 2024 00:00:00 +0000
ROA not before:           Tue 26 Mar 2024 00:00:00 +0000
ROA not after:            Tue 30 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:58:2a:6d:0e:9d:7c:7f:bd:e6:f0:58:8a:69:12:95:4d:02:8a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 26 00:00:00 2024 GMT
            Not After : Apr 30 23:59:59 2024 GMT
        Subject: serialNumber=9853c3adbe91882dc0e3baa3d1cbd22b035afbbe6176877cc816ca9292ac0020, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:75:d7:8e:74:8e:80:98:06:dc:90:c0:c7:f8:
                    07:cd:4c:03:cc:a1:c4:1e:35:24:13:be:63:f1:cc:
                    ce:df:1a:17:f6:ad:30:3e:c1:04:44:25:93:0c:27:
                    dc:77:a1:3b:53:b3:a7:08:40:3b:a6:bd:c2:74:53:
                    d6:2d:83:2b:e2:b9:7e:d3:53:2e:76:f7:c1:b1:9d:
                    ec:47:91:76:4d:23:cb:01:e9:59:59:92:1f:68:01:
                    8e:c1:2f:e1:b1:81:38:58:c6:53:ac:7f:5c:e2:e0:
                    1a:e3:00:10:6d:63:5f:89:7a:d7:38:ed:66:5c:cc:
                    8b:bc:cc:eb:a7:60:67:91:9c:29:ba:2b:2f:0f:8d:
                    fe:88:53:26:28:a3:33:fd:ae:fe:e9:ba:5d:13:ac:
                    c5:a9:e5:6d:6e:c5:d7:13:ab:c7:34:db:f9:fa:2e:
                    51:2b:4a:f9:23:2b:0b:6a:ca:76:af:b5:42:dc:a6:
                    9d:c1:ba:f4:93:fd:bb:9b:d2:8a:d6:61:7a:b4:af:
                    ad:33:0e:fe:be:d4:f0:eb:b1:73:8e:02:3b:35:6a:
                    9d:60:cd:20:30:ba:11:36:08:ed:f8:7c:29:31:d9:
                    5e:4b:3d:fa:0c:47:81:be:b0:d3:ce:79:5f:06:ef:
                    30:1f:1b:bc:e5:77:e1:80:80:95:8f:82:f2:2d:71:
                    0d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:08:57:5C:8E:73:13:AE:22:C0:1A:73:05:FF:D9:86:1E:91:E2:C9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b97cca70-2658-4a93-9f24-562e8026f1c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:19:67:e6:9a:30:bd:9a:0d:3b:dc:bb:4f:7f:5b:33:f4:c6:
         d5:26:10:2c:9a:71:42:cb:d6:30:05:49:6b:c4:75:c8:93:6f:
         01:5d:2c:98:a7:52:b5:21:ba:8f:b5:9c:a6:02:1c:de:6d:ca:
         3d:cb:60:0b:56:f3:57:78:3c:ef:ec:07:1c:7f:93:e0:8e:89:
         a3:ee:dc:4e:c1:ff:86:0c:6b:58:52:1a:9a:c9:bc:e1:4f:84:
         bf:86:a5:8d:f0:23:76:0b:f1:b3:0c:57:7c:7f:b8:ac:38:23:
         99:0f:3c:42:57:04:c0:3a:46:ab:42:01:bf:78:62:7c:76:7a:
         da:6a:d4:79:ac:3c:eb:03:b4:26:d5:c5:96:5f:65:a9:24:23:
         a8:aa:9a:25:12:8f:3b:c3:83:bf:1f:f8:eb:10:48:73:34:94:
         55:7e:b9:47:88:d6:08:42:87:f2:5f:4b:69:15:26:05:0d:d0:
         b1:c3:5a:bc:c3:97:e4:17:84:f6:32:a6:4c:4c:4e:c8:07:99:
         b1:a5:f6:d0:e3:73:bb:e7:a6:e4:9d:22:e5:2d:21:de:1e:88:
         9d:1d:80:e0:4f:25:36:9b:40:a8:4a:10:c8:37:00:ee:40:95:
         3c:ab:fb:d0:3a:0c:49:e7:f4:6a:32:82:bd:56:7c:8c:48:e3:
         20:4e:59:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKFgqbQ6dfH+95vBYimkSlU0CikIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzI2MDAwMDAwWhcNMjQwNDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ODUzYzNhZGJlOTE4ODJkYzBlM2JhYTNkMWNiZDIyYjAz
NWFmYmJlNjE3Njg3N2NjODE2Y2E5MjkyYWMwMDIwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmddeOdI6AmAbckMDH+AfNTAPMocQeNSQTvmPxzM7fGhf2
rTA+wQREJZMMJ9x3oTtTs6cIQDumvcJ0U9YtgyviuX7TUy5298GxnexHkXZNI8sB
6VlZkh9oAY7BL+GxgThYxlOsf1zi4BrjABBtY1+Jetc47WZczIu8zOunYGeRnCm6
Ky8Pjf6IUyYoozP9rv7pul0TrMWp5W1uxdcTq8c02/n6LlErSvkjKwtqynavtULc
pp3BuvST/bub0orWYXq0r60zDv6+1PDrsXOOAjs1ap1gzSAwuhE2CO34fCkx2V5L
PfoMR4G+sNPOeV8G7zAfG7zld+GAgJWPgvItcQ0PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmQhXXI5zE64iwBpzBf/Zhh6R4skwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2I5N2NjYTcwLTI2NTgtNGE5My05ZjI0LTU2MmU4MDI2ZjFjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKcZZ+aaML2aDTvcu09/WzP0xtUm
ECyacULL1jAFSWvEdciTbwFdLJinUrUhuo+1nKYCHN5tyj3LYAtW81d4PO/sBxx/
k+COiaPu3E7B/4YMa1hSGprJvOFPhL+GpY3wI3YL8bMMV3x/uKw4I5kPPEJXBMA6
RqtCAb94Ynx2etpq1HmsPOsDtCbVxZZfZakkI6iqmiUSjzvDg78f+OsQSHM0lFV+
uUeI1ghCh/JfS2kVJgUN0LHDWrzDl+QXhPYypkxMTsgHmbGl9tDjc7vnpuSdIuUt
Id4eiJ0dgOBPJTabQKhKEMg3AO5AlTyr+9A6DEnn9Goygr1WfIxI4yBOWYs=
-----END CERTIFICATE-----