Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bfe34c48-ed23-4784-8605-4b7dc70a39d5.roa
File:                     bfe34c48-ed23-4784-8605-4b7dc70a39d5.roa (raw, json)
Hash identifier:          a8sPpGzt9iJMyvBS8GUv5UMY1h+2SL395WHkUO0xmpw=
Subject key identifier:   76:D9:3B:EA:7C:E1:33:3F:FB:69:03:33:14:F6:A0:DF:ED:EB:C2:63
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3262625CF2DB2E4EC9D92BB9EB73FD7A6F7A2D8D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bfe34c48-ed23-4784-8605-4b7dc70a39d5.roa
Signing time:             Fri 05 Apr 2024 00:00:00 +0000
ROA not before:           Fri 05 Apr 2024 00:00:00 +0000
ROA not after:            Fri 10 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:62:62:5c:f2:db:2e:4e:c9:d9:2b:b9:eb:73:fd:7a:6f:7a:2d:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  5 00:00:00 2024 GMT
            Not After : May 10 23:59:59 2024 GMT
        Subject: serialNumber=d534419b1401682e85708d2b193b05e986fc84cb1e4f0a8863b448e7a5110a81, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c1:60:87:9e:85:2a:c4:0d:75:9a:bc:c6:87:
                    fb:f3:7f:39:2b:7e:da:58:63:88:8b:7b:70:a9:85:
                    57:43:ea:6a:66:fb:96:e6:18:17:6e:b0:a9:57:c8:
                    39:7d:e7:7a:1f:c2:c6:85:b5:d4:ad:bc:b0:c5:a5:
                    cf:01:cb:58:2b:54:63:dc:08:5c:4b:c1:a6:48:7e:
                    b6:09:a2:42:d9:55:e3:2f:f0:8f:cb:04:a0:b1:39:
                    51:87:44:58:3e:16:b1:40:1a:13:8e:26:53:25:65:
                    7a:16:54:14:83:dd:98:96:66:24:98:0a:5c:f9:f0:
                    12:40:6a:b7:c5:e7:37:71:3c:77:38:19:50:10:d8:
                    d3:b3:f5:be:36:13:3e:18:ce:8b:1e:55:a4:82:b2:
                    93:bd:56:ce:4b:87:6b:88:e4:dc:f0:96:38:16:c2:
                    6d:e0:37:58:fb:66:66:ea:6d:26:77:14:4e:a5:e3:
                    d4:f5:38:b2:95:36:ba:71:66:e9:66:af:bc:98:5b:
                    48:55:14:4e:8f:17:8c:eb:61:9b:6c:a2:f0:38:ed:
                    00:5c:05:37:e2:52:95:02:0d:35:a9:f3:3e:ea:33:
                    81:5b:62:b3:3d:ae:cd:15:d4:f0:3d:a3:1f:8e:a9:
                    b4:65:97:7c:b1:aa:49:3a:be:e5:d1:15:71:31:50:
                    56:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D9:3B:EA:7C:E1:33:3F:FB:69:03:33:14:F6:A0:DF:ED:EB:C2:63
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bfe34c48-ed23-4784-8605-4b7dc70a39d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:41:07:e1:b9:b0:af:eb:e4:e7:e2:93:a5:7e:4b:95:36:71:
         0e:d4:85:f3:1f:24:16:56:98:32:16:70:20:40:59:e9:c1:66:
         28:c0:4d:34:89:78:e2:9b:bd:d1:15:76:a3:4a:5c:b2:42:1c:
         e8:56:7a:66:5e:6a:d7:9c:2d:71:04:8b:b4:b1:71:4a:0a:ff:
         7e:b3:19:23:ad:89:96:aa:e0:38:63:ab:79:97:63:07:5c:b3:
         d5:06:5d:fc:fa:9c:db:5b:38:21:7a:6b:a6:7c:73:80:2a:84:
         96:f8:d6:26:df:35:91:32:69:18:e1:d7:01:28:31:03:b3:b0:
         05:d5:4e:da:87:b3:cf:6b:8b:65:4f:4b:6a:ed:9b:a2:13:85:
         41:73:13:69:f6:cb:86:79:0a:63:2d:e3:86:cf:ee:7c:b0:d1:
         95:be:14:f4:8a:d1:44:8e:2d:71:ae:c6:c9:34:86:c2:59:24:
         60:54:41:9a:82:8b:de:6b:ea:0f:4f:94:ec:6f:2e:22:3d:42:
         56:34:24:9a:c6:97:52:28:c4:2b:36:44:82:5a:40:f4:ef:44:
         ab:ac:84:39:c4:66:aa:33:cc:1c:5f:5e:93:b1:aa:b4:90:5a:
         62:d2:7b:b9:8e:d1:6c:ee:72:b0:2a:55:4f:fd:9a:86:ca:60:
         f7:d6:75:bf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMmJiXPLbLk7J2Su563P9em96LY0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDA1MDAwMDAwWhcNMjQwNTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTM0NDE5YjE0MDE2ODJlODU3MDhkMmIxOTNiMDVlOTg2
ZmM4NGNiMWU0ZjBhODg2M2I0NDhlN2E1MTEwYTgxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNwWCHnoUqxA11mrzGh/vzfzkrftpYY4iLe3CphVdD6mpm
+5bmGBdusKlXyDl953ofwsaFtdStvLDFpc8By1grVGPcCFxLwaZIfrYJokLZVeMv
8I/LBKCxOVGHRFg+FrFAGhOOJlMlZXoWVBSD3ZiWZiSYClz58BJAarfF5zdxPHc4
GVAQ2NOz9b42Ez4YzoseVaSCspO9Vs5Lh2uI5NzwljgWwm3gN1j7ZmbqbSZ3FE6l
49T1OLKVNrpxZulmr7yYW0hVFE6PF4zrYZtsovA47QBcBTfiUpUCDTWp8z7qM4Fb
YrM9rs0V1PA9ox+OqbRll3yxqkk6vuXRFXExUFZ5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdtk76nzhMz/7aQMzFPag3+3rwmMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JmZTM0YzQ4LWVkMjMtNDc4NC04NjA1LTRiN2RjNzBhMzlkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKBBB+G5sK/r5Ofik6V+S5U2cQ7U
hfMfJBZWmDIWcCBAWenBZijATTSJeOKbvdEVdqNKXLJCHOhWemZeatecLXEEi7Sx
cUoK/36zGSOtiZaq4Dhjq3mXYwdcs9UGXfz6nNtbOCF6a6Z8c4AqhJb41ibfNZEy
aRjh1wEoMQOzsAXVTtqHs89ri2VPS2rtm6IThUFzE2n2y4Z5CmMt44bP7nyw0ZW+
FPSK0USOLXGuxsk0hsJZJGBUQZqCi95r6g9PlOxvLiI9QlY0JJrGl1IoxCs2RIJa
QPTvRKushDnEZqozzBxfXpOxqrSQWmLSe7mO0WzucrAqVU/9mobKYPfWdb8=
-----END CERTIFICATE-----